CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-30184
9.8 CRITICAL

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

Jun 9, 2025
CVE-2025-49652
9.8 CRITICAL

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is …

Jun 9, 2025
CVE-2025-49136
9.0 CRITICAL

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions …

Jun 9, 2025
CVE-2025-48281
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue …

Jun 9, 2025
CVE-2025-48141
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects …

Jun 9, 2025
CVE-2025-48140
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4.

Jun 9, 2025
CVE-2025-48129
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price …

Jun 9, 2025
CVE-2025-48123
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code …

Jun 9, 2025
CVE-2025-48122
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – …

Jun 9, 2025
CVE-2025-47608
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue …

Jun 9, 2025
CVE-2025-32291
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a …

Jun 9, 2025
CVE-2025-31429
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish …

Jun 9, 2025
CVE-2025-31424
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue …

Jun 9, 2025
CVE-2025-31398
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7.

Jun 9, 2025
CVE-2025-31396
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a …

Jun 9, 2025
CVE-2025-31059
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO woo-producttables-pro allows SQL Injection.This issue affects …

Jun 9, 2025
CVE-2025-31052
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - …

Jun 9, 2025
CVE-2025-31039
9.1 CRITICAL

Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= …

Jun 9, 2025
CVE-2025-31022
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU India: from n/a through …

Jun 9, 2025
CVE-2025-24767
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue …

Jun 9, 2025
CVE-2025-49013
9.9 CRITICAL

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage …

Jun 9, 2025
CVE-2025-48877
9.8 CRITICAL

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the …

Jun 9, 2025
CVE-2025-3835
9.6 CRITICAL

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

Jun 9, 2025
CVE-2025-5893
9.8 CRITICAL

Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain …

Jun 9, 2025
CVE-2025-3461
9.1 CRITICAL

The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is …

Jun 8, 2025
CVE-2025-41646
9.8 CRITICAL

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of …

Jun 6, 2025
CVE-2025-27531
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to …

Jun 6, 2025
CVE-2025-49073
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through < 1.1.13.

Jun 6, 2025
CVE-2025-49072
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through < 1.2.12.1.

Jun 6, 2025
CVE-2025-47586
9.0 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File …

Jun 6, 2025
CVE-2025-48782
9.8 CRITICAL

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 …

Jun 6, 2025
CVE-2025-48780
9.8 CRITICAL

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers …

Jun 6, 2025
CVE-2025-3365
9.8 CRITICAL

A missing protection against path traversal allows to access any file on the server.

Jun 6, 2025
CVE-2025-5486
9.8 CRITICAL

The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 …

Jun 6, 2025
CVE-2025-47966
9.8 CRITICAL

Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.

Jun 5, 2025
CVE-2025-1793
9.8 CRITICAL

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially …

Jun 5, 2025
CVE-2025-5630
9.8 CRITICAL

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of …

Jun 5, 2025
CVE-2025-5624
9.8 CRITICAL

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The …

Jun 5, 2025
CVE-2025-5623
9.8 CRITICAL

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation …

Jun 5, 2025
CVE-2025-5622
9.8 CRITICAL

A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The …

Jun 5, 2025
CVE-2025-48935
9.1 CRITICAL

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write …

Jun 4, 2025
CVE-2025-5600
9.8 CRITICAL

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The …

Jun 4, 2025
CVE-2025-20286
9.9 CRITICAL

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an …

Jun 4, 2025
CVE-2025-4578
9.8 CRITICAL

The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX …

Jun 4, 2025
CVE-2025-49223
9.8 CRITICAL

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a …

Jun 4, 2025
CVE-2025-49002
9.8 CRITICAL

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that …

Jun 3, 2025
CVE-2025-49001
9.8 CRITICAL

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user …

Jun 3, 2025
CVE-2025-23097
9.1 CRITICAL

An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.

Jun 3, 2025
CVE-2025-32106
9.8 CRITICAL

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.

Jun 3, 2025
CVE-2025-32105
9.8 CRITICAL

A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.

Jun 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.