CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-27272
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel vg-postcarousel allows PHP Local File Inclusion.This …

Feb 24, 2025
CVE-2024-12918
8.8 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.

Feb 24, 2025
CVE-2024-12917
8.3 HIGH

Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: …

Feb 24, 2025
CVE-2024-12916
8.8 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025.

Feb 24, 2025
CVE-2023-52926
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 …

Feb 24, 2025
CVE-2024-55898
8.5 HIGH

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due …

Feb 24, 2025
CVE-2025-22635
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer eventer allows Reflected XSS.This issue affects Eventer: from n/a through < …

Feb 23, 2025
CVE-2025-22632
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing woo-pricing-table allows Stored XSS.This issue affects WooCommerce …

Feb 23, 2025
CVE-2025-22631
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation marketing-automation allows Reflected XSS.This issue affects Marketing Automation: from n/a …

Feb 23, 2025
CVE-2025-1596
7.3 HIGH

A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. …

Feb 23, 2025
CVE-2022-28339
7.3 HIGH

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user …

Feb 22, 2025
CVE-2025-27012
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= …

Feb 22, 2025
CVE-2025-26774
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups easy-popups allows …

Feb 22, 2025
CVE-2025-26760
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclusion.This …

Feb 22, 2025
CVE-2025-26757
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File …

Feb 22, 2025
CVE-2025-26756
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.This issue affects Magic …

Feb 22, 2025
CVE-2024-52939
7.8 HIGH

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's …

Feb 22, 2025
CVE-2024-46975
7.9 HIGH

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU …

Feb 22, 2025
CVE-2024-12577
7.3 HIGH

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU …

Feb 22, 2025
CVE-2025-0957
7.2 HIGH

The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to …

Feb 22, 2025
CVE-2025-0953
7.2 HIGH

The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient …

Feb 22, 2025
CVE-2025-0918
7.2 HIGH

The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient …

Feb 22, 2025
CVE-2024-13869
7.2 HIGH

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in …

Feb 22, 2025
CVE-2025-21704
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter …

Feb 22, 2025
CVE-2025-1361
7.5 HIGH

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability …

Feb 22, 2025
CVE-2024-13474
7.5 HIGH

The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up …

Feb 22, 2025
CVE-2025-1510
7.3 HIGH

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This …

Feb 22, 2025
CVE-2025-1509
7.3 HIGH

The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is …

Feb 22, 2025
CVE-2024-13899
7.2 HIGH

The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input …

Feb 22, 2025
CVE-2025-27109
7.3 HIGH

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, …

Feb 21, 2025
CVE-2025-27108
7.3 HIGH

dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's `.replace()` opens up to potential Cross-site Scripting (XSS) vulnerabilities …

Feb 21, 2025
CVE-2025-27106
8.8 HIGH

binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Authenticated users of binance-trading-bot can achieve Remote Code Execution on the host system due …

Feb 21, 2025
CVE-2025-27104
7.5 HIGH

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for …

Feb 21, 2025
CVE-2025-26622
7.5 HIGH

vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper …

Feb 21, 2025
CVE-2025-25282
8.1 HIGH

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability …

Feb 21, 2025
CVE-2025-1555
7.3 HIGH

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument …

Feb 21, 2025
CVE-2025-25769
8.0 HIGH

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.

Feb 21, 2025
CVE-2025-25876
7.2 HIGH

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL …

Feb 21, 2025
CVE-2024-57176
7.6 HIGH

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.

Feb 21, 2025
CVE-2025-1546
7.3 HIGH

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the …

Feb 21, 2025
CVE-2025-1403
8.6 HIGH

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed …

Feb 21, 2025
CVE-2025-26013
8.2 HIGH

An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.

Feb 21, 2025
CVE-2025-1539
8.8 HIGH

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file …

Feb 21, 2025
CVE-2025-1538
8.8 HIGH

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation …

Feb 21, 2025
CVE-2025-1536
7.3 HIGH

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the …

Feb 21, 2025
CVE-2025-26794
7.5 HIGH

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in …

Feb 21, 2025
CVE-2025-1535
7.3 HIGH

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file …

Feb 21, 2025
CVE-2025-1471
7.8 HIGH

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input …

Feb 21, 2025
CVE-2024-13353
8.8 HIGH

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions …

Feb 21, 2025
CVE-2025-0728
7.5 HIGH

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of …

Feb 21, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.