CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-11541
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

Dec 22, 2025
CVE-2025-11540
7.5 HIGH

Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.

Dec 22, 2025
CVE-2025-59301
4.0 MEDIUM

Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.

Dec 22, 2025
CVE-2025-15016
9.8 CRITICAL

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information …

Dec 22, 2025
CVE-2025-15015
7.5 HIGH

Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system …

Dec 22, 2025
CVE-2025-15011
7.3 HIGH

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname …

Dec 22, 2025
CVE-2025-15010
9.8 CRITICAL

A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page …

Dec 22, 2025
CVE-2025-15009
6.3 MEDIUM

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename …

Dec 22, 2025
CVE-2025-15008
7.3 HIGH

A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a …

Dec 22, 2025
CVE-2025-15007
9.8 CRITICAL

A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component …

Dec 22, 2025
CVE-2025-15006
9.8 CRITICAL

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP …

Dec 22, 2025
CVE-2025-15005
3.7 LOW

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. …

Dec 22, 2025
CVE-2025-15004
6.3 MEDIUM

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads …

Dec 22, 2025
CVE-2025-15003
4.7 MEDIUM

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the …

Dec 22, 2025
CVE-2025-15002
7.3 HIGH

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the …

Dec 21, 2025
CVE-2025-62926
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Stored XSS.This issue affects TempTool …

Dec 21, 2025
CVE-2025-62901
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tormorten WP Microdata wp-microdata allows Stored XSS.This issue affects WP Microdata: from n/a …

Dec 21, 2025
CVE-2025-62955
4.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Retrieve Embedded Sensitive Data.This issue …

Dec 21, 2025
CVE-2025-14995
8.8 HIGH

A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads …

Dec 21, 2025
CVE-2025-14994
8.8 HIGH

A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request …

Dec 21, 2025
CVE-2025-14855
7.2 HIGH

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due …

Dec 21, 2025
CVE-2025-14800
8.1 HIGH

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function …

Dec 21, 2025
CVE-2025-14993
8.8 HIGH

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation …

Dec 21, 2025
CVE-2025-9343
7.2 HIGH

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, …

Dec 21, 2025
CVE-2025-68644
7.4 HIGH

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security …

Dec 21, 2025
CVE-2025-14992
8.8 HIGH

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP …

Dec 21, 2025
CVE-2025-14991
2.4 LOW

A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. …

Dec 21, 2025
CVE-2025-14990
7.3 HIGH

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing …

Dec 21, 2025
CVE-2025-13693
6.4 MEDIUM

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up …

Dec 21, 2025
CVE-2025-13361
4.3 MEDIUM

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due …

Dec 21, 2025
CVE-2025-13220
6.4 MEDIUM

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via …

Dec 21, 2025
CVE-2025-12654
2.7 LOW

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, …

Dec 21, 2025
CVE-2025-12398
6.1 MEDIUM

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in all versions up to, and including, …

Dec 21, 2025
CVE-2025-14080
5.3 MEDIUM

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due …

Dec 21, 2025
CVE-2025-14071
7.5 HIGH

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 …

Dec 21, 2025
CVE-2025-14054
4.4 MEDIUM

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'heading_color' parameter (and multiple other …

Dec 21, 2025
CVE-2025-14043
5.3 MEDIUM

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. …

Dec 21, 2025
CVE-2025-13838
6.4 MEDIUM

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter of the 'wishsuite_button' shortcode in all versions up to, and …

Dec 21, 2025
CVE-2025-12980
7.5 HIGH

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a …

Dec 21, 2025
CVE-2025-11496
6.1 MEDIUM

The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions …

Dec 21, 2025
CVE-2023-47232
4.3 MEDIUM

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6.

Dec 21, 2025
CVE-2023-25446
7.7 HIGH

Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.

Dec 21, 2025
CVE-2023-25445
5.4 MEDIUM

Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.

Dec 21, 2025
CVE-2025-14989
7.3 HIGH

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation …

Dec 21, 2025
CVE-2023-25068
4.3 MEDIUM

Missing Authorization vulnerability in Mapro Collins Magazine Edge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Edge: from n/a through 1.13.

Dec 21, 2025
CVE-2025-14597

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 20, 2025
CVE-2025-12700

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 20, 2025
CVE-2025-34290

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client …

Dec 20, 2025
CVE-2025-7782
7.6 HIGH

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on …

Dec 20, 2025
CVE-2025-7733
4.3 MEDIUM

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, …

Dec 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.