37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, …
In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's …
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the …
The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to …
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, …
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. …
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, …
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due …
Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute …
Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code …
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, …
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. …
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() …
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or …
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, …
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the …
The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing …
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability …
Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting …
Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 ImageMeta imagemeta allows Reflected XSS.This issue affects ImageMeta: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webjema WP-NOTCAPTCHA wp-notcaptcha allows Reflected XSS.This issue affects WP-NOTCAPTCHA: from n/a through <= …
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action …
The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading …
The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to …
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete …
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 …
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15.
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider wp-airbnb-review-slider allows Blind SQL Injection.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows Reflected XSS.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Reflected XSS.This issue affects …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandexponents Oshine Modules oshine-modules allows Reflected XSS.This issue affects Oshine Modules: from n/a …
A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …
A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The …
A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part …
A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file …
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up …
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. …
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can …
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within …
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.
Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure …
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) …
Free website and port scanning — find vulnerabilities before attackers do.