CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-41770
7.5 HIGH

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or …

Mar 3, 2025
CVE-2025-1801
8.1 HIGH

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition …

Mar 3, 2025
CVE-2025-1125
7.8 HIGH

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however …

Mar 3, 2025
CVE-2025-0689
7.8 HIGH

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, …

Mar 3, 2025
CVE-2024-8261
7.5 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.

Mar 3, 2025
CVE-2025-27279
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lynk Flashfader flashfader allows Reflected XSS.This issue affects Flashfader: from n/a through <= …

Mar 3, 2025
CVE-2025-27278
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet …

Mar 3, 2025
CVE-2025-27275
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale woo-codice-fiscale allows Reflected XSS.This issue affects WOO Codice Fiscale: …

Mar 3, 2025
CVE-2025-27271
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables …

Mar 3, 2025
CVE-2025-27269
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anton Aleksandrov .htaccess Login block htaccess-login-block allows Reflected XSS.This issue affects .htaccess Login …

Mar 3, 2025
CVE-2025-27264
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File …

Mar 3, 2025
CVE-2025-27263
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows SQL Injection.This issue affects Doctor …

Mar 3, 2025
CVE-2025-26999
8.8 HIGH

Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3.

Mar 3, 2025
CVE-2025-26994
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows …

Mar 3, 2025
CVE-2025-26989
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: from n/a through <= …

Mar 3, 2025
CVE-2025-26984
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Reflected XSS.This issue affects SMS …

Mar 3, 2025
CVE-2025-26967
8.8 HIGH

Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through <= …

Mar 3, 2025
CVE-2025-26918
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects …

Mar 3, 2025
CVE-2025-26917
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata wptemplata allows Reflected XSS.This issue affects WP Templata: from n/a …

Mar 3, 2025
CVE-2025-26914
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Variable Inspector variable-inspector allows Reflected XSS.This issue affects Variable Inspector: from n/a …

Mar 3, 2025
CVE-2025-26885
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through <= 1.5.1.

Mar 3, 2025
CVE-2025-26879
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through …

Mar 3, 2025
CVE-2025-26589
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 …

Mar 3, 2025
CVE-2025-26588
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gabrielperezs TTT Crop ttt-crop allows Reflected XSS.This issue affects TTT Crop: from n/a …

Mar 3, 2025
CVE-2025-26587
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nghorta sidebarTabs sidebartabs allows Reflected XSS.This issue affects sidebarTabs: from n/a through <= …

Mar 3, 2025
CVE-2025-26586
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abelony Events Planner events-planner allows Reflected XSS.This issue affects Events Planner: from n/a …

Mar 3, 2025
CVE-2025-26585
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DyadyaLesha DL Leadback dl-leadback allows Reflected XSS.This issue affects DL Leadback: from n/a …

Mar 3, 2025
CVE-2025-26563
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Muneeb Mobile rocket-wp-mobile allows Reflected XSS.This issue affects Mobile: from n/a through <= …

Mar 3, 2025
CVE-2025-26557
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viperchill ViperBar viperbar allows Reflected XSS.This issue affects ViperBar: from n/a through <= …

Mar 3, 2025
CVE-2025-26540
7.7 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in helloprint Helloprint helloprint allows Path Traversal.This issue affects Helloprint: from n/a through …

Mar 3, 2025
CVE-2025-26534
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in helloprint Helloprint helloprint allows Path Traversal.This issue affects Helloprint: from n/a through …

Mar 3, 2025
CVE-2025-25170
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Migrate Posts migrate-post allows Reflected XSS.This issue affects Migrate Posts: from n/a …

Mar 3, 2025
CVE-2025-25169
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors …

Mar 3, 2025
CVE-2025-25165
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff …

Mar 3, 2025
CVE-2025-25164
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuichiro ABE Meta Accelerator meta-accelerator allows Reflected XSS.This issue affects Meta Accelerator: from …

Mar 3, 2025
CVE-2025-25162
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kutu62 Sports Rankings and Lists sports-rankings-lists allows Absolute Path Traversal.This issue affects …

Mar 3, 2025
CVE-2025-25161
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest wp-find-your-nearest allows Reflected XSS.This issue affects WP Find …

Mar 3, 2025
CVE-2025-25158
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antonio Sanchez Uncomplicated SEO uncomplicated-seo allows Reflected XSS.This issue affects Uncomplicated SEO: from …

Mar 3, 2025
CVE-2025-25157
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpchurchteam WP Church Center wp-church-center allows Reflected XSS.This issue affects WP Church Center: …

Mar 3, 2025
CVE-2025-25142
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Jake Group WP Less Compiler wp-less-compiler allows Stored XSS.This issue affects WP …

Mar 3, 2025
CVE-2025-25133
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: …

Mar 3, 2025
CVE-2025-25132
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details: from …

Mar 3, 2025
CVE-2025-25130
7.5 HIGH

Relative Path Traversal vulnerability in Shah Alom Delete Comments By Status delete-comments-by-status allows Path Traversal.This issue affects Delete Comments By Status: from n/a through <= …

Mar 3, 2025
CVE-2025-25129
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a …

Mar 3, 2025
CVE-2025-25127
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohitashv Singhal Contact Us By Lord Linus contact-us-by-lord-linus allows Reflected XSS.This issue affects …

Mar 3, 2025
CVE-2025-25124
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater fb-status-updater allows Reflected XSS.This issue affects Status Updater: from n/a …

Mar 3, 2025
CVE-2025-25122
8.1 HIGH

Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through <= 3.0.2.

Mar 3, 2025
CVE-2025-25121
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through <= …

Mar 3, 2025
CVE-2025-25119
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce …

Mar 3, 2025
CVE-2025-25118
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected …

Mar 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.