111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of …
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of …
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument …
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input …
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sg_popup' shortcode …
The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due …
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when …
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the …
The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to …
The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions …
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all …
The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, …
The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yith_quick_view shortcode in all versions up to, and …
The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 …
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up …
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets …
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to …
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings …
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and …
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker …
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and …
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page …
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication …
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the …
A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation …
A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation …
A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. …
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component …
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go …
A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the …
A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of …
A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the …
A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the …
A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument …
The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX …
The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially …
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions …
The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to …
The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check …
The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the …
The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, …
Free website and port scanning — find vulnerabilities before attackers do.