37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST …
Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to …
Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface …
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.
An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to …
Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event …
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6.
Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Stored XSS.This issue affects Better WishList API: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation dp-intro-tours allows Reflected XSS.This issue affects Intro …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khushwant Singh Coronavirus (COVID-19) Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Easy Bet easy-bet allows Reflected XSS.This issue affects Easy Bet: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Reflected XSS.This issue affects Data Dash: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call podamibe-twilio-private-call allows Reflected XSS.This issue affects Podamibe …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-candidate for …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabeel Tahir Form To Online Booking cf7-calendly-integration allows Reflected XSS.This issue affects Form …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro tidyro allows Reflected XSS.This issue affects Tidy.ro: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle adsmiddle allows Reflected XSS.This issue affects AdsMiddle: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Brooks Library Instruction Recorder library-instruction-recorder allows Reflected XSS.This issue affects Library Instruction …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in [email protected] Recip.ly reciply allows Reflected XSS.This issue affects Recip.ly: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Internal Links Generator internal-links-generator allows Reflected XSS.This issue affects Internal Links Generator: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv …
Free website and port scanning — find vulnerabilities before attackers do.