CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-13833
7.2 HIGH

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization …

Mar 1, 2025
CVE-2024-13910
7.2 HIGH

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation …

Mar 1, 2025
CVE-2024-13611
7.5 HIGH

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions …

Mar 1, 2025
CVE-2024-13911
7.2 HIGH

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and …

Mar 1, 2025
CVE-2024-12544
8.8 HIGH

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary …

Mar 1, 2025
CVE-2024-13373
8.1 HIGH

The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due …

Mar 1, 2025
CVE-2024-13568
7.5 HIGH

The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and …

Mar 1, 2025
CVE-2025-23119
7.5 HIGH

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to …

Mar 1, 2025
CVE-2025-25723
8.4 HIGH

Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.

Feb 28, 2025
CVE-2025-25635
8.0 HIGH

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of …

Feb 28, 2025
CVE-2025-25610
8.0 HIGH

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of …

Feb 28, 2025
CVE-2025-25609
8.0 HIGH

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of …

Feb 28, 2025
CVE-2025-25428
8.0 HIGH

TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Feb 28, 2025
CVE-2025-0160
8.1 HIGH

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 …

Feb 28, 2025
CVE-2025-24849
7.1 HIGH

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure.

Feb 28, 2025
CVE-2025-20060
7.5 HIGH

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Feb 28, 2025
CVE-2025-26326
8.8 HIGH

A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain …

Feb 28, 2025
CVE-2025-1319
7.2 HIGH

The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up …

Feb 28, 2025
CVE-2025-1570
8.1 HIGH

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up …

Feb 28, 2025
CVE-2024-9195
8.8 HIGH

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a …

Feb 28, 2025
CVE-2024-13831
7.2 HIGH

The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted …

Feb 28, 2025
CVE-2025-1513
7.2 HIGH

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is …

Feb 28, 2025
CVE-2025-0975
8.8 HIGH

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of …

Feb 28, 2025
CVE-2025-25729
7.5 HIGH

An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via …

Feb 28, 2025
CVE-2025-25477
8.1 HIGH

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in …

Feb 28, 2025
CVE-2025-1687
8.8 HIGH

The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation …

Feb 28, 2025
CVE-2025-1682
8.8 HIGH

The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' …

Feb 28, 2025
CVE-2024-12811
8.8 HIGH

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.9 via shortcodes. This makes it possible …

Feb 28, 2025
CVE-2025-26264
8.8 HIGH

GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated …

Feb 27, 2025
CVE-2024-38291
8.8 HIGH

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.

Feb 27, 2025
CVE-2024-41340
8.4 HIGH

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to …

Feb 27, 2025
CVE-2024-41339
8.8 HIGH

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor …

Feb 27, 2025
CVE-2024-41338
7.5 HIGH

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 …

Feb 27, 2025
CVE-2024-41336
7.5 HIGH

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 …

Feb 27, 2025
CVE-2024-41335
7.5 HIGH

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 …

Feb 27, 2025
CVE-2024-41334
8.8 HIGH

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 …

Feb 27, 2025
CVE-2025-21815
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/compaction: fix UBSAN shift-out-of-bounds warning syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order) …

Feb 27, 2025
CVE-2025-21812
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL …

Feb 27, 2025
CVE-2025-21811
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfs_lookup_dirty_data_buffers(), which iterates through the buffers …

Feb 27, 2025
CVE-2025-21800
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset When bit offset for HWS_SET32 macro …

Feb 27, 2025
CVE-2024-58034
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() As of_find_node_by_name() release the reference …

Feb 27, 2025
CVE-2025-23687
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simonhunter Woo Store Mode woo-store-mode allows Reflected XSS.This issue affects Woo Store Mode: …

Feb 27, 2025
CVE-2025-25333
7.5 HIGH

An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link.

Feb 27, 2025
CVE-2025-1756
7.5 HIGH

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted …

Feb 27, 2025
CVE-2025-1755
7.5 HIGH

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a …

Feb 27, 2025
CVE-2025-25761
7.2 HIGH

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php.

Feb 27, 2025
CVE-2025-25760
7.5 HIGH

A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.

Feb 27, 2025
CVE-2025-25759
7.5 HIGH

An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.

Feb 27, 2025
CVE-2025-22280
7.6 HIGH

Missing Authorization vulnerability in revmakx DefendWP Firewall defend-wp-firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through <= 1.1.0.

Feb 27, 2025
CVE-2024-9334
8.2 HIGH

Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects …

Feb 27, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.