37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khaninejad Envato Affiliater envato-affiliater allows Reflected XSS.This issue affects Envato Affiliater: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Safari QMean – WordPress Did You Mean qmean allows Reflected XSS.This issue …
Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through …
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through …
A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An …
A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers …
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially …
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. …
The Mojave Inverter uses the GET method for sensitive information.
An attacker may modify the URL to discover sensitive information about the target network.
An attacker may inject commands via specially-crafted post requests.
With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent …
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing …
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the …
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The …
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be …
Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by …
: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue …
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute …
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute …
The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, …
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype …
Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible …
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause …
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of …
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of …
A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email …
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " …
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate …
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST …
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle …
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content …
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact …
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, …
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default …
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory …
Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problems: …
Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific Social Share Buttons: from …
Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.
Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.
Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList phplist-form-integration allows Cross Site Request Forgery.This issue affects WP PHPList: from n/a through <= 1.7.
Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar wibiya allows Cross Site Request Forgery.This issue affects Wibiya Toolbar: from n/a through <= 2.0.
Free website and port scanning — find vulnerabilities before attackers do.