CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14298
5.4 MEDIUM

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up …

Dec 20, 2025
CVE-2025-12492
5.3 MEDIUM

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in …

Dec 20, 2025
CVE-2025-13619
9.8 CRITICAL

The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the …

Dec 20, 2025
CVE-2025-12820
5.3 MEDIUM

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users …

Dec 20, 2025
CVE-2025-14735
4.4 MEDIUM

The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 …

Dec 20, 2025
CVE-2025-14734
5.4 MEDIUM

The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due …

Dec 20, 2025
CVE-2025-14721
5.5 MEDIUM

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and …

Dec 20, 2025
CVE-2025-14633
5.3 MEDIUM

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'file_download' function …

Dec 20, 2025
CVE-2025-14591
7.5 HIGH

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited …

Dec 20, 2025
CVE-2025-14168
4.3 MEDIUM

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to …

Dec 20, 2025
CVE-2025-14164
4.3 MEDIUM

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing …

Dec 20, 2025
CVE-2025-13624
6.1 MEDIUM

The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.1 …

Dec 20, 2025
CVE-2025-13365
6.1 MEDIUM

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to …

Dec 20, 2025
CVE-2025-13329
9.8 CRITICAL

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for …

Dec 20, 2025
CVE-2025-12898
5.3 MEDIUM

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcal_ajax_handler() function in …

Dec 20, 2025
CVE-2025-12581
6.1 MEDIUM

The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in all versions up to, and including, 1.1.7 due to insufficient …

Dec 20, 2025
CVE-2025-8065
6.5 MEDIUM

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with …

Dec 20, 2025
CVE-2025-14300
8.1 HIGH

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit …

Dec 20, 2025
CVE-2025-14299
6.5 MEDIUM

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on …

Dec 20, 2025
CVE-2025-68613
9.9 CRITICAL KEV

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution …

Dec 19, 2025
CVE-2025-68481
5.9 MEDIUM

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens …

Dec 19, 2025
CVE-2023-53959
9.8 CRITICAL

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers …

Dec 19, 2025
CVE-2023-53958
7.5 HIGH

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can …

Dec 19, 2025
CVE-2023-53957
9.8 CRITICAL

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a …

Dec 19, 2025
CVE-2023-53956
8.8 HIGH

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials …

Dec 19, 2025
CVE-2023-53954
6.2 MEDIUM

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write …

Dec 19, 2025
CVE-2023-53953
5.4 MEDIUM

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads …

Dec 19, 2025
CVE-2023-53952
8.8 HIGH

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation …

Dec 19, 2025
CVE-2023-53951
9.8 CRITICAL

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token …

Dec 19, 2025
CVE-2023-53950
9.8 CRITICAL

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious …

Dec 19, 2025
CVE-2023-53949
8.4 HIGH

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write …

Dec 19, 2025
CVE-2023-53948
9.8 CRITICAL

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the …

Dec 19, 2025
CVE-2023-53947
8.4 HIGH

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious …

Dec 19, 2025
CVE-2023-53946
8.4 HIGH

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a …

Dec 19, 2025
CVE-2023-53945
8.8 HIGH

BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit …

Dec 19, 2025
CVE-2025-67712
4.7 MEDIUM

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially …

Dec 19, 2025
CVE-2025-14968
7.3 HIGH

A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The …

Dec 19, 2025
CVE-2025-14967
7.3 HIGH

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of …

Dec 19, 2025
CVE-2025-14966
4.7 MEDIUM

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a …

Dec 19, 2025
CVE-2025-12874

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding …

Dec 19, 2025
CVE-2025-14965
5.5 MEDIUM

A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. …

Dec 19, 2025
CVE-2025-14964
9.8 CRITICAL

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads …

Dec 19, 2025
CVE-2025-14962
4.3 MEDIUM

A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes …

Dec 19, 2025
CVE-2025-14961
7.3 HIGH

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation …

Dec 19, 2025
CVE-2025-68478
7.1 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request …

Dec 19, 2025
CVE-2025-68430
4.3 MEDIUM

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on …

Dec 19, 2025
CVE-2025-14960
7.3 HIGH

A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation …

Dec 19, 2025
CVE-2025-14959
7.3 HIGH

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of …

Dec 19, 2025
CVE-2025-14958
5.3 MEDIUM

A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results …

Dec 19, 2025
CVE-2025-68477
7.7 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue …

Dec 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.