CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14623
7.3 HIGH

A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of …

Dec 13, 2025
CVE-2025-14622
7.3 HIGH

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of …

Dec 13, 2025
CVE-2025-14621
7.3 HIGH

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument …

Dec 13, 2025
CVE-2025-9873
6.4 MEDIUM

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input …

Dec 13, 2025
CVE-2025-9856
6.4 MEDIUM

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sg_popup' shortcode …

Dec 13, 2025
CVE-2025-9488
6.4 MEDIUM

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due …

Dec 13, 2025
CVE-2025-9218
3.7 LOW

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when …

Dec 13, 2025
CVE-2025-9207
5.3 MEDIUM

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the …

Dec 13, 2025
CVE-2025-9116
5.8 MEDIUM

The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to …

Dec 13, 2025
CVE-2025-8780
6.4 MEDIUM

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions …

Dec 13, 2025
CVE-2025-8779
6.4 MEDIUM

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all …

Dec 13, 2025
CVE-2025-8687
6.4 MEDIUM

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, …

Dec 13, 2025
CVE-2025-8617
6.4 MEDIUM

The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yith_quick_view shortcode in all versions up to, and …

Dec 13, 2025
CVE-2025-8199
6.4 MEDIUM

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 …

Dec 13, 2025
CVE-2025-8195
6.4 MEDIUM

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up …

Dec 13, 2025
CVE-2025-7960
6.4 MEDIUM

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets …

Dec 13, 2025
CVE-2025-7058
6.4 MEDIUM

The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to …

Dec 13, 2025
CVE-2025-67871

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67870

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67869

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67868

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67867

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67866

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67865

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67864

Rejected reason: Not used

Dec 13, 2025
CVE-2025-67863

Rejected reason: Not used

Dec 13, 2025
CVE-2025-36754

The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings …

Dec 13, 2025
CVE-2025-36753
9.8 CRITICAL

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and …

Dec 13, 2025
CVE-2025-36752
9.8 CRITICAL

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker …

Dec 13, 2025
CVE-2025-36751

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and …

Dec 13, 2025
CVE-2025-36750
5.4 MEDIUM

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page …

Dec 13, 2025
CVE-2025-36748
5.4 MEDIUM

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication …

Dec 13, 2025
CVE-2025-36747
9.8 CRITICAL

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the …

Dec 13, 2025
CVE-2025-14620
7.3 HIGH

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation …

Dec 13, 2025
CVE-2025-14619
7.3 HIGH

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation …

Dec 13, 2025
CVE-2025-14617
5.3 MEDIUM

A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. …

Dec 13, 2025
CVE-2025-14607
6.3 MEDIUM

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component …

Dec 13, 2025
CVE-2025-14606
5.0 MEDIUM

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go …

Dec 13, 2025
CVE-2025-14590
7.3 HIGH

A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the …

Dec 13, 2025
CVE-2025-14589
6.3 MEDIUM

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of …

Dec 13, 2025
CVE-2025-14588
7.3 HIGH

A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the …

Dec 13, 2025
CVE-2025-14587
7.3 HIGH

A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the …

Dec 13, 2025
CVE-2025-14586
6.3 MEDIUM

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument …

Dec 13, 2025
CVE-2025-14581
4.3 MEDIUM

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX …

Dec 13, 2025
CVE-2025-14542
7.5 HIGH

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially …

Dec 13, 2025
CVE-2025-14540
4.3 MEDIUM

The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions …

Dec 13, 2025
CVE-2025-14539
5.4 MEDIUM

The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to …

Dec 13, 2025
CVE-2025-14508
6.5 MEDIUM

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check …

Dec 13, 2025
CVE-2025-14477
4.9 MEDIUM

The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the …

Dec 13, 2025
CVE-2025-14476
8.8 HIGH

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, …

Dec 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.