108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler …
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. …
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a …
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue …
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Free website and port scanning — find vulnerabilities before attackers do.