CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-21703
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, …

Feb 18, 2025
CVE-2025-21702
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's …

Feb 18, 2025
CVE-2024-57046
8.8 HIGH

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the …

Feb 18, 2025
CVE-2025-0817
7.2 HIGH

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to …

Feb 18, 2025
CVE-2025-0521
7.2 HIGH

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, …

Feb 18, 2025
CVE-2024-13797
7.3 HIGH

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. …

Feb 18, 2025
CVE-2024-13681
7.5 HIGH

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, …

Feb 18, 2025
CVE-2024-13704
7.2 HIGH

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due …

Feb 18, 2025
CVE-2024-57964
7.3 HIGH

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute …

Feb 18, 2025
CVE-2024-57963
7.3 HIGH

Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code …

Feb 18, 2025
CVE-2024-13556
8.1 HIGH

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, …

Feb 18, 2025
CVE-2024-13315
8.8 HIGH

The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. …

Feb 18, 2025
CVE-2024-13852
8.8 HIGH

The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() …

Feb 18, 2025
CVE-2024-13684
8.1 HIGH

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or …

Feb 18, 2025
CVE-2024-13677
8.8 HIGH

The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, …

Feb 18, 2025
CVE-2024-13622
7.5 HIGH

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the …

Feb 18, 2025
CVE-2024-12314
7.2 HIGH

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing …

Feb 18, 2025
CVE-2025-25224
7.5 HIGH

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability …

Feb 18, 2025
CVE-2025-20075
7.2 HIGH

Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting …

Feb 18, 2025
CVE-2025-21103
7.8 HIGH

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local …

Feb 17, 2025
CVE-2025-23845
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 ImageMeta imagemeta allows Reflected XSS.This issue affects ImageMeta: from n/a through <= …

Feb 17, 2025
CVE-2025-23840
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webjema WP-NOTCAPTCHA wp-notcaptcha allows Reflected XSS.This issue affects WP-NOTCAPTCHA: from n/a through <= …

Feb 17, 2025
CVE-2024-13726
8.6 HIGH

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action …

Feb 17, 2025
CVE-2024-13626
7.1 HIGH

The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading …

Feb 17, 2025
CVE-2024-13625
7.1 HIGH

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to …

Feb 17, 2025
CVE-2025-1389
8.8 HIGH

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete …

Feb 17, 2025
CVE-2025-0924
7.2 HIGH

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 …

Feb 17, 2025
CVE-2025-1388
8.8 HIGH

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells

Feb 17, 2025
CVE-2025-0591
7.8 HIGH

Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.

Feb 17, 2025
CVE-2025-26768
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15.

Feb 16, 2025
CVE-2025-26759
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5.

Feb 16, 2025
CVE-2025-26755
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider wp-airbnb-review-slider allows Blind SQL Injection.This issue …

Feb 16, 2025
CVE-2025-22680
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: …

Feb 16, 2025
CVE-2025-22286
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows Reflected XSS.This issue …

Feb 16, 2025
CVE-2025-22284
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Reflected XSS.This issue affects …

Feb 16, 2025
CVE-2024-44044
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandexponents Oshine Modules oshine-modules allows Reflected XSS.This issue affects Oshine Modules: from n/a …

Feb 16, 2025
CVE-2025-1355
7.3 HIGH

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Feb 16, 2025
CVE-2025-1353
7.0 HIGH

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The …

Feb 16, 2025
CVE-2025-1340
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part …

Feb 16, 2025
CVE-2025-1338
7.3 HIGH

A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file …

Feb 16, 2025
CVE-2024-13488
7.5 HIGH

The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up …

Feb 15, 2025
CVE-2025-0997
8.1 HIGH

Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. …

Feb 15, 2025
CVE-2025-0995
8.8 HIGH

Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Feb 15, 2025
CVE-2025-26819
8.6 HIGH

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

Feb 15, 2025
CVE-2024-5462
7.5 HIGH

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can …

Feb 15, 2025
CVE-2024-5461
8.0 HIGH

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within …

Feb 15, 2025
CVE-2025-0593
8.8 HIGH

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.

Feb 14, 2025
CVE-2025-0592
8.8 HIGH

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.

Feb 14, 2025
CVE-2022-26083
7.5 HIGH

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure …

Feb 14, 2025
CVE-2025-25297
8.6 HIGH

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) …

Feb 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.