CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-26156
8.8 HIGH

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST …

Feb 14, 2025
CVE-2025-25997
7.5 HIGH

Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.

Feb 14, 2025
CVE-2025-25994
7.5 HIGH

SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.

Feb 14, 2025
CVE-2025-25206
8.3 HIGH

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to …

Feb 14, 2025
CVE-2024-8893
7.3 HIGH

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface …

Feb 14, 2025
CVE-2025-25745
8.8 HIGH

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.

Feb 14, 2025
CVE-2024-57778
8.8 HIGH

An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to …

Feb 14, 2025
CVE-2024-12651
8.5 HIGH

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.

Feb 14, 2025
CVE-2025-24700
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event …

Feb 14, 2025
CVE-2025-24699
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6.

Feb 14, 2025
CVE-2025-24692
7.1 HIGH

Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through …

Feb 14, 2025
CVE-2025-24688
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a …

Feb 14, 2025
CVE-2025-24641
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Stored XSS.This issue affects Better WishList API: …

Feb 14, 2025
CVE-2025-24617
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing …

Feb 14, 2025
CVE-2025-24616
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page …

Feb 14, 2025
CVE-2025-24615
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a …

Feb 14, 2025
CVE-2025-24614
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from …

Feb 14, 2025
CVE-2025-24592
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize …

Feb 14, 2025
CVE-2025-24566
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation dp-intro-tours allows Reflected XSS.This issue affects Intro …

Feb 14, 2025
CVE-2025-24565
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a …

Feb 14, 2025
CVE-2025-24564
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form …

Feb 14, 2025
CVE-2025-24558
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from …

Feb 14, 2025
CVE-2025-24554
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a …

Feb 14, 2025
CVE-2025-23905
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin …

Feb 14, 2025
CVE-2025-23857
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP …

Feb 14, 2025
CVE-2025-23853
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a …

Feb 14, 2025
CVE-2025-23851
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khushwant Singh Coronavirus (COVID-19) Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects …

Feb 14, 2025
CVE-2025-23790
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: …

Feb 14, 2025
CVE-2025-23789
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows …

Feb 14, 2025
CVE-2025-23788
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from …

Feb 14, 2025
CVE-2025-23787
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Easy Bet easy-bet allows Reflected XSS.This issue affects Easy Bet: from n/a …

Feb 14, 2025
CVE-2025-23786
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: …

Feb 14, 2025
CVE-2025-23751
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Reflected XSS.This issue affects Data Dash: from n/a …

Feb 14, 2025
CVE-2025-23750
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: …

Feb 14, 2025
CVE-2025-23748
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: …

Feb 14, 2025
CVE-2025-23742
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call podamibe-twilio-private-call allows Reflected XSS.This issue affects Podamibe …

Feb 14, 2025
CVE-2025-23658
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced …

Feb 14, 2025
CVE-2025-23657
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-candidate for …

Feb 14, 2025
CVE-2025-23655
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects …

Feb 14, 2025
CVE-2025-23653
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabeel Tahir Form To Online Booking cf7-calendly-integration allows Reflected XSS.This issue affects Form …

Feb 14, 2025
CVE-2025-23652
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects …

Feb 14, 2025
CVE-2025-23651
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a …

Feb 14, 2025
CVE-2025-23650
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro tidyro allows Reflected XSS.This issue affects Tidy.ro: from n/a through <= …

Feb 14, 2025
CVE-2025-23648
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle adsmiddle allows Reflected XSS.This issue affects AdsMiddle: from n/a through <= …

Feb 14, 2025
CVE-2025-23647
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through <= …

Feb 14, 2025
CVE-2025-23646
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Brooks Library Instruction Recorder library-instruction-recorder allows Reflected XSS.This issue affects Library Instruction …

Feb 14, 2025
CVE-2025-23598
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in [email protected] Recip.ly reciply allows Reflected XSS.This issue affects Recip.ly: from n/a through <= …

Feb 14, 2025
CVE-2025-23571
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Internal Links Generator internal-links-generator allows Reflected XSS.This issue affects Internal Links Generator: …

Feb 14, 2025
CVE-2025-23568
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login …

Feb 14, 2025
CVE-2025-23525
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv …

Feb 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.