CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-69154
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

Jul 2, 2026
CVE-2025-69153
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

Jul 2, 2026
CVE-2025-69152
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.

Jul 2, 2026
CVE-2025-69134
7.5 HIGH

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.

Jul 2, 2026
CVE-2025-69133
7.5 HIGH

Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.

Jul 2, 2026
CVE-2025-69094
8.5 HIGH

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

Jul 2, 2026
CVE-2025-58902
8.1 HIGH

Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.

Jul 2, 2026
CVE-2026-9834
7.2 HIGH

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all …

Jul 2, 2026
CVE-2026-8441
7.5 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action in versions up …

Jul 2, 2026
CVE-2026-14336
8.2 HIGH

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a …

Jul 2, 2026
CVE-2026-13369
7.5 HIGH

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and including, …

Jul 2, 2026
CVE-2026-13251
7.5 HIGH

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it …

Jul 2, 2026
CVE-2026-9563
7.5 HIGH

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed …

Jul 2, 2026
CVE-2026-8147
8.1 HIGH

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to …

Jul 2, 2026
CVE-2026-33592
7.5 HIGH

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length …

Jul 2, 2026
CVE-2026-5821
8.1 HIGH

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path …

Jul 2, 2026
CVE-2026-14249
7.5 HIGH

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX action. This …

Jul 2, 2026
CVE-2026-57278
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57277
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57276
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57275
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57274
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57273
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57272
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57271
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57270
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57269
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57268
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57267
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57266
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57265
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-57264
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-13132
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-13131
8.3 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-13125
8.8 HIGH

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software …

Jul 2, 2026
CVE-2026-14432
8.8 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jul 1, 2026
CVE-2026-14431
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-14430
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-14429
8.3 HIGH

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially …

Jul 1, 2026
CVE-2026-14428
8.3 HIGH

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process …

Jul 1, 2026
CVE-2026-14427
8.3 HIGH

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jul 1, 2026
CVE-2026-14426
7.5 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jul 1, 2026
CVE-2026-14422
8.8 HIGH

Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory …

Jul 1, 2026
CVE-2026-14415
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jul 1, 2026
CVE-2026-14413
8.3 HIGH

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jul 1, 2026
CVE-2026-14412
8.3 HIGH

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially …

Jul 1, 2026
CVE-2026-14409
7.5 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jul 1, 2026
CVE-2026-14407
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-14403
8.8 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jul 1, 2026
CVE-2026-14401
8.3 HIGH

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process …

Jul 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.