111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes GlamChic glamchic allows PHP Local File Inclusion.This issue …
Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking …
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects …
Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control …
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Strux strux allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lymcoin lymcoin allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladio allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Monyxi monyxi allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioza allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue …
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through …
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from …
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due …
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list_grouped' shortcode in all …
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: …
Bio.Entrez in Biopython through 186 allows doctype XXE.
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS …
Memory Corruption when processing IOCTLs for JPEG data without verification.
Memory corruption while loading an invalid firmware in boot loader.
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
Information disclosure while processing system calls with invalid parameters.
Memory corruption while routing GPR packets between user and root when handling large data packet.
Memory corruption while handling IOCTL calls to set mode.
Memory corruption while copying packets received from unix clients.
Memory corruption while processing MFC channel configuration during music playback.
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS
Memory corruption during video playback when video session open fails with time out error.
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function …
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation …
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component …
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website …
A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When …
Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied …
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and …
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from …
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from …
Free website and port scanning — find vulnerabilities before attackers do.