111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which …
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored …
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script …
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the …
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening …
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening …
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening …
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF …
A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by …
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening …
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with …
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with …
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, …
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions …
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, …
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using …
The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under …
Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during …
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the …
A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument …
The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the …
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML …
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It …
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline …
The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any …
Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without …
A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. …
A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead …
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used …
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component …
A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component …
A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator …
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User …
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") …
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component …
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component …
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP …
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its …
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of …
Free website and port scanning — find vulnerabilities before attackers do.