CVE Database

37788+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-52883
7.5 HIGH

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without …

Feb 7, 2025
CVE-2024-52881
7.5 HIGH

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able …

Feb 7, 2025
CVE-2024-48091
7.8 HIGH

Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code …

Feb 7, 2025
CVE-2024-10383
8.7 HIGH

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE …

Feb 7, 2025
CVE-2025-1108
8.6 HIGH

Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset …

Feb 7, 2025
CVE-2025-25168
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book …

Feb 7, 2025
CVE-2025-25167
8.2 HIGH

Missing Authorization vulnerability in Black and White BookPress – For Book Authors book-press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BookPress – …

Feb 7, 2025
CVE-2025-25166
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8.

Feb 7, 2025
CVE-2025-25163
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects …

Feb 7, 2025
CVE-2025-25160
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker style-tweaker allows Stored XSS.This issue affects Style Tweaker: from n/a through <= 0.11.

Feb 7, 2025
CVE-2025-25159
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez wpdoodlez allows Stored XSS.This issue affects WP doodlez: from n/a …

Feb 7, 2025
CVE-2025-25156
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through <= 3.0.0.

Feb 7, 2025
CVE-2025-25155
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer music-sheet-viewer allows Path Traversal.This issue affects Music Sheet …

Feb 7, 2025
CVE-2025-25154
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a through <= 1.0.8.

Feb 7, 2025
CVE-2025-25153
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag simple-auto-tag allows Stored XSS.This issue affects Simple Auto Tag: from n/a through <= 1.1.

Feb 7, 2025
CVE-2025-25152
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through <= 1.0.2.

Feb 7, 2025
CVE-2025-25151
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows SQL Injection.This issue affects uListing: from n/a …

Feb 7, 2025
CVE-2025-25149
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through <= 2.0.4.

Feb 7, 2025
CVE-2025-25148
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link read-more-copy-link allows Stored XSS.This issue affects Read More Copy Link: from n/a through <= …

Feb 7, 2025
CVE-2025-25147
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO auto-seo allows Stored XSS.This issue affects Auto SEO: from n/a through <= 2.5.6.

Feb 7, 2025
CVE-2025-25144
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys theasys allows Stored XSS.This issue affects Theasys: from n/a through <= …

Feb 7, 2025
CVE-2025-25141
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup fami-sales-popup allows PHP Local File …

Feb 7, 2025
CVE-2025-25140
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile simple-user-profile allows Stored XSS.This issue affects Simple User Profile: from n/a through <= 1.9.

Feb 7, 2025
CVE-2025-25139
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed wp-custom-post-rss-feed allows Stored XSS.This issue affects WP Custom Post RSS Feed: …

Feb 7, 2025
CVE-2025-25138
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp …

Feb 7, 2025
CVE-2025-25135
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar customize-wpadmin allows Stored XSS.This issue affects Custom Links On Admin Dashboard …

Feb 7, 2025
CVE-2025-25128
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker facilita-form-tracker allows Stored XSS.This issue affects Facilita Form Tracker: from n/a through <= 1.0.

Feb 7, 2025
CVE-2025-25126
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO zmseo allows Stored XSS.This issue affects ZMSEO: from n/a through <= 1.14.1.

Feb 7, 2025
CVE-2025-25125
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through <= 3.1.

Feb 7, 2025
CVE-2025-25123
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts easy-related-posts allows Stored XSS.This issue affects Easy Related Posts: from n/a through <= 2.0.2.

Feb 7, 2025
CVE-2025-25116
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sudipto Link to URL / Post link-to-url-post allows Blind SQL Injection.This …

Feb 7, 2025
CVE-2025-25104
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through <= 1.20.

Feb 7, 2025
CVE-2025-25088
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor wp-keyword-monitor allows Cross Site Request Forgery.This issue affects WP Keyword Monitor: from n/a through <= …

Feb 7, 2025
CVE-2025-25075
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area show-notice-or-message-on-admin-area allows Stored XSS.This issue affects Show notice or message on …

Feb 7, 2025
CVE-2025-25074
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through <= …

Feb 7, 2025
CVE-2025-25072
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through <= …

Feb 7, 2025
CVE-2025-25071
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads vignete-ads allows Stored XSS.This issue affects Vignette Ads: from n/a through <= 0.2.

Feb 7, 2025
CVE-2025-0304
8.8 HIGH

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after …

Feb 7, 2025
CVE-2025-0303
8.8 HIGH

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.

Feb 7, 2025
CVE-2025-22880
7.8 HIGH

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits …

Feb 7, 2025
CVE-2024-13352
7.1 HIGH

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Feb 7, 2025
CVE-2025-0675
7.5 HIGH

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.

Feb 7, 2025
CVE-2025-21408
8.8 HIGH

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Feb 6, 2025
CVE-2025-21342
8.8 HIGH

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Feb 6, 2025
CVE-2025-21177
8.7 HIGH

Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.

Feb 6, 2025
CVE-2024-57609
8.6 HIGH

An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of …

Feb 6, 2025
CVE-2024-57392
7.5 HIGH

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the …

Feb 6, 2025
CVE-2024-56889
7.5 HIGH

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id …

Feb 6, 2025
CVE-2024-55241
8.8 HIGH

An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.

Feb 6, 2025
CVE-2024-54909
8.1 HIGH

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead …

Feb 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.