CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-64246
4.3 MEDIUM

Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through …

Dec 16, 2025
CVE-2025-64245
4.3 MEDIUM

Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through …

Dec 16, 2025
CVE-2025-64244
4.3 MEDIUM

Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor …

Dec 16, 2025
CVE-2025-64243
4.3 MEDIUM

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.

Dec 16, 2025
CVE-2025-64242
4.3 MEDIUM

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a …

Dec 16, 2025
CVE-2025-64241
4.3 MEDIUM

Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: …

Dec 16, 2025
CVE-2025-64240
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4.

Dec 16, 2025
CVE-2025-64239
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2.

Dec 16, 2025
CVE-2025-64238
4.3 MEDIUM

Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.

Dec 16, 2025
CVE-2025-64237
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= …

Dec 16, 2025
CVE-2025-59009
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5.

Dec 16, 2025
CVE-2025-59001
4.3 MEDIUM

Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.

Dec 16, 2025
CVE-2025-58999
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects …

Dec 16, 2025
CVE-2025-54045
4.3 MEDIUM

Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand …

Dec 16, 2025
CVE-2025-54005
4.3 MEDIUM

Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through …

Dec 16, 2025
CVE-2025-54004
2.7 LOW

Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – …

Dec 16, 2025
CVE-2025-49300
2.7 LOW

Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from …

Dec 16, 2025
CVE-2025-13231
6.5 MEDIUM

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to …

Dec 16, 2025
CVE-2025-13439
5.9 MEDIUM

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is …

Dec 16, 2025
CVE-2025-11991
5.3 MEDIUM

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the …

Dec 16, 2025
CVE-2025-66635
7.2 HIGH

Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the …

Dec 16, 2025
CVE-2025-62330
5.9 MEDIUM

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as …

Dec 16, 2025
CVE-2025-14252
7.8 HIGH

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary …

Dec 16, 2025
CVE-2025-13794
4.3 MEDIUM

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the …

Dec 16, 2025
CVE-2025-12809
5.3 MEDIUM

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint …

Dec 16, 2025
CVE-2025-66357
5.3 MEDIUM

CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific …

Dec 16, 2025
CVE-2025-61976
7.5 HIGH

CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request …

Dec 16, 2025
CVE-2025-59479
6.1 MEDIUM

CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a …

Dec 16, 2025
CVE-2025-14777
6.0 MEDIUM

A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService …

Dec 16, 2025
CVE-2025-13956
5.3 MEDIUM

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic …

Dec 16, 2025
CVE-2025-62849
9.8 CRITICAL

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized …

Dec 16, 2025
CVE-2025-62848
7.5 HIGH

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch …

Dec 16, 2025
CVE-2025-62847
7.5 HIGH

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then …

Dec 16, 2025
CVE-2025-59385
9.8 CRITICAL

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to …

Dec 16, 2025
CVE-2025-14749
6.3 MEDIUM

A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The …

Dec 16, 2025
CVE-2025-14748
5.4 MEDIUM

A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing …

Dec 16, 2025
CVE-2025-14747
4.3 MEDIUM

A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial …

Dec 16, 2025
CVE-2025-14746
4.3 MEDIUM

A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown function of the component RTSP Live Video Stream Endpoint. Such …

Dec 16, 2025
CVE-2025-68115
6.1 MEDIUM

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, …

Dec 16, 2025
CVE-2025-68113
6.5 MEDIUM

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay …

Dec 16, 2025
CVE-2025-67874
6.5 MEDIUM

ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This …

Dec 16, 2025
CVE-2025-67751
7.2 HIGH

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the `EventEditor.php` file. When creating a new event …

Dec 16, 2025
CVE-2025-67748
7.8 HIGH

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of …

Dec 16, 2025
CVE-2025-67747
7.8 HIGH

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing `marshal` and `types` from the block list of unsafe module …

Dec 16, 2025
CVE-2025-67744
9.6 CRITICAL

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid …

Dec 16, 2025
CVE-2025-67736
7.2 HIGH

The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 …

Dec 16, 2025
CVE-2025-67735
6.5 MEDIUM

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI …

Dec 16, 2025
CVE-2025-67722
7.8 HIGH

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local …

Dec 16, 2025
CVE-2025-67715
4.3 MEDIUM

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via …

Dec 16, 2025
CVE-2025-67492
5.3 MEDIUM

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted …

Dec 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.