CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49941
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes GlamChic glamchic allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49919
5.8 MEDIUM

Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.

Dec 18, 2025
CVE-2025-49918
5.9 MEDIUM

Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking …

Dec 18, 2025
CVE-2025-49914
6.5 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects …

Dec 18, 2025
CVE-2025-49902
6.5 MEDIUM

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control …

Dec 18, 2025
CVE-2025-49379
7.2 HIGH

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from …

Dec 18, 2025
CVE-2025-49371
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Strux strux allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49370
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lymcoin lymcoin allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49369
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49368
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladio allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49367
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Monyxi monyxi allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49366
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49365
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This …

Dec 18, 2025
CVE-2025-49364
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This …

Dec 18, 2025
CVE-2025-49363
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File …

Dec 18, 2025
CVE-2025-49362
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioza allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49361
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49360
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49359
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49041
6.5 MEDIUM

Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through …

Dec 18, 2025
CVE-2025-14318
4.3 MEDIUM

Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module …

Dec 18, 2025
CVE-2025-14314
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from …

Dec 18, 2025
CVE-2025-13498
4.3 MEDIUM

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due …

Dec 18, 2025
CVE-2025-12976
6.4 MEDIUM

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list_grouped' shortcode in all …

Dec 18, 2025
CVE-2025-10019
6.5 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: …

Dec 18, 2025
CVE-2025-68463
4.9 MEDIUM

Bio.Entrez in Biopython through 186 allows doctype XXE.

Dec 18, 2025
CVE-2025-68462
3.2 LOW

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

Dec 18, 2025
CVE-2025-68459
7.2 HIGH

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS …

Dec 18, 2025
CVE-2025-47387
7.8 HIGH

Memory Corruption when processing IOCTLs for JPEG data without verification.

Dec 18, 2025
CVE-2025-47382
7.8 HIGH

Memory corruption while loading an invalid firmware in boot loader.

Dec 18, 2025
CVE-2025-47372
9.0 CRITICAL

Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.

Dec 18, 2025
CVE-2025-47350
7.8 HIGH

Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.

Dec 18, 2025
CVE-2025-47325
6.5 MEDIUM

Information disclosure while processing system calls with invalid parameters.

Dec 18, 2025
CVE-2025-47323
7.8 HIGH

Memory corruption while routing GPR packets between user and root when handling large data packet.

Dec 18, 2025
CVE-2025-47322
7.8 HIGH

Memory corruption while handling IOCTL calls to set mode.

Dec 18, 2025
CVE-2025-47321
7.8 HIGH

Memory corruption while copying packets received from unix clients.

Dec 18, 2025
CVE-2025-47320
7.8 HIGH

Memory corruption while processing MFC channel configuration during music playback.

Dec 18, 2025
CVE-2025-47319
6.7 MEDIUM

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS

Dec 18, 2025
CVE-2025-27063
7.8 HIGH

Memory corruption during video playback when video session open fails with time out error.

Dec 18, 2025
CVE-2025-68461
7.2 HIGH KEV

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Dec 18, 2025
CVE-2025-68460
7.2 HIGH

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.

Dec 18, 2025
CVE-2025-12885
6.4 MEDIUM

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function …

Dec 18, 2025
CVE-2025-14856
6.3 MEDIUM

A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation …

Dec 18, 2025
CVE-2025-14841
3.3 LOW

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component …

Dec 18, 2025
CVE-2025-14837
4.7 MEDIUM

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website …

Dec 18, 2025
CVE-2025-14202

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When …

Dec 18, 2025
CVE-2025-68435
9.1 CRITICAL

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied …

Dec 17, 2025
CVE-2025-68434
8.8 HIGH

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and …

Dec 17, 2025
CVE-2025-68433
7.7 HIGH

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from …

Dec 17, 2025
CVE-2025-68432
7.7 HIGH

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from …

Dec 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.