CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-26596
7.8 HIGH

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which …

Feb 25, 2025
CVE-2025-26595
7.8 HIGH

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names …

Feb 25, 2025
CVE-2025-26594
7.8 HIGH

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client …

Feb 25, 2025
CVE-2025-26993
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Reflected XSS.This issue affects Atarim: from n/a through …

Feb 25, 2025
CVE-2025-26991
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza wppizza allows Reflected XSS.This issue affects WPPizza: from n/a through <= …

Feb 25, 2025
CVE-2025-26987
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Reflected XSS.This issue affects Frontend …

Feb 25, 2025
CVE-2025-26985
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File …

Feb 25, 2025
CVE-2025-26981
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Reflected XSS.This issue affects Web Accessibility …

Feb 25, 2025
CVE-2025-26979
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local …

Feb 25, 2025
CVE-2025-26971
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects …

Feb 25, 2025
CVE-2025-26964
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue …

Feb 25, 2025
CVE-2025-26957
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons affiliate-coupons allows PHP Local File Inclusion.This …

Feb 25, 2025
CVE-2025-26946
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Yelp Review Slider wp-yelp-review-slider allows Blind SQL Injection.This issue …

Feb 25, 2025
CVE-2025-26935
7.5 HIGH

Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.

Feb 25, 2025
CVE-2025-26932
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue …

Feb 25, 2025
CVE-2025-26931
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting gallery-voting allows Stored XSS.This issue affects Tribulant Gallery Voting: from n/a through <= 1.2.1.

Feb 25, 2025
CVE-2025-26915
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a …

Feb 25, 2025
CVE-2025-26907
7.5 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows Stored XSS.This issue affects Mortgage Calculator Estatik: …

Feb 25, 2025
CVE-2025-26905
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from …

Feb 25, 2025
CVE-2025-26868
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fastflow Fast Flow fast-flow-dashboard allows Reflected XSS.This issue affects Fast Flow: from n/a …

Feb 25, 2025
CVE-2025-26753
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live …

Feb 25, 2025
CVE-2025-26752
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live …

Feb 25, 2025
CVE-2025-26751
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Alphabetic Pagination alphabetic-pagination allows Reflected XSS.This issue affects Alphabetic Pagination: from …

Feb 25, 2025
CVE-2025-1675
8.2 HIGH

The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough …

Feb 25, 2025
CVE-2025-1674
8.2 HIGH

A lack of input validation allows for out of bounds reads caused by malicious or malformed packets.

Feb 25, 2025
CVE-2025-1673
8.2 HIGH

A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.

Feb 25, 2025
CVE-2025-1648
7.5 HIGH

The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient …

Feb 25, 2025
CVE-2025-22210
7.2 HIGH

A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management …

Feb 25, 2025
CVE-2025-1646
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file …

Feb 25, 2025
CVE-2025-1641
7.3 HIGH

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797. …

Feb 25, 2025
CVE-2025-1640
7.3 HIGH

A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Feb 25, 2025
CVE-2025-26533
8.1 HIGH

An SQL injection risk was identified in the module list filter within course search.

Feb 24, 2025
CVE-2025-26530
8.3 HIGH

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

Feb 24, 2025
CVE-2025-26529
8.3 HIGH

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Feb 24, 2025
CVE-2025-26525
8.6 HIGH

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX …

Feb 24, 2025
CVE-2025-27133
8.8 HIGH

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` …

Feb 24, 2025
CVE-2025-26200
7.2 HIGH

SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.

Feb 24, 2025
CVE-2025-22495
8.4 HIGH

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged …

Feb 24, 2025
CVE-2025-27355
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon loi-hamon allows Stored XSS.This issue affects Woocommerce – Loi Hamon: from n/a through …

Feb 24, 2025
CVE-2025-27352
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 wumii-related-posts allows Stored XSS.This issue affects 无觅相关文章插件: from n/a through …

Feb 24, 2025
CVE-2025-27332
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown smart-maintenance-countdown allows Stored XSS.This issue affects Smart Maintenance & Countdown: from n/a through <= …

Feb 24, 2025
CVE-2025-27321
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer blighty-explorer allows Stored XSS.This issue affects Blightly Explorer: from n/a through <= 2.3.0.

Feb 24, 2025
CVE-2025-27312
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jenst WP Sitemap wp-sitemap allows SQL Injection.This issue affects WP Sitemap: …

Feb 24, 2025
CVE-2025-27301
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager nhrrob-options-table-manager allows Object Injection.This issue affects NHR Options Table Manager: from n/a …

Feb 24, 2025
CVE-2025-27300
7.2 HIGH

Deserialization of Untrusted Data vulnerability in giuliopanda ADFO admin-form allows Object Injection.This issue affects ADFO: from n/a through <= 1.9.1.

Feb 24, 2025
CVE-2025-27298
8.3 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts wp-video-posts allows OS Command Injection.This issue affects WP Video Posts: from n/a through <= 3.5.1.

Feb 24, 2025
CVE-2025-27297
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue …

Feb 24, 2025
CVE-2025-27296
7.2 HIGH

Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This …

Feb 24, 2025
CVE-2025-27277
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery add-linked-images-to-gallery-v01 allows Cross Site Request Forgery.This issue affects Add Linked Images To Gallery: …

Feb 24, 2025
CVE-2025-27276
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) photo-gallery-pearlbells allows Privilege Escalation.This issue affects Photo Gallery ( Responsive ): from n/a …

Feb 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.