CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-47532
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a …

May 23, 2025
CVE-2025-47530
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18.

May 23, 2025
CVE-2025-46539
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable …

May 23, 2025
CVE-2025-46490
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles crossword-compiler-puzzles allows Upload a Web Shell to a Web Server.This issue affects …

May 23, 2025
CVE-2025-46468
9.8 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This …

May 23, 2025
CVE-2025-46460
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide wp-easy-guide allows SQL Injection.This issue affects Easy Guide: …

May 23, 2025
CVE-2025-46455
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP …

May 23, 2025
CVE-2025-39504
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel gdlr-hotel allows Blind SQL Injection.This issue affects Goodlayers …

May 23, 2025
CVE-2025-39503
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel gdlr-hotel allows Object Injection.This issue affects Goodlayers Hotel: from n/a through <= 3.1.4.

May 23, 2025
CVE-2025-39501
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Blind SQL Injection.This issue affects Goodlayers …

May 23, 2025
CVE-2025-39500
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Object Injection.This issue affects Goodlayers Hostel: from n/a through <= 3.1.2.

May 23, 2025
CVE-2025-39499
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes Medicare medicare allows Object Injection.This issue affects Medicare: from n/a through <= 2.1.0.

May 23, 2025
CVE-2025-39495
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes Avantage avantage allows Object Injection.This issue affects Avantage: from n/a through <= 2.4.9.

May 23, 2025
CVE-2025-39489
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0.

May 23, 2025
CVE-2025-39485
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6.

May 23, 2025
CVE-2025-39480
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue affects Car Dealer: from n/a through < 1.6.8.

May 23, 2025
CVE-2025-32292
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress jarvis allows Object Injection.This issue affects Jarvis – Night Club, Concert, …

May 23, 2025
CVE-2025-31927
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5.

May 23, 2025
CVE-2025-31918
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.

May 23, 2025
CVE-2025-31916
9.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. …

May 23, 2025
CVE-2025-31914
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQL …

May 23, 2025
CVE-2025-31631
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <= 1.2.7.

May 23, 2025
CVE-2025-31430
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1.

May 23, 2025
CVE-2025-31423
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8.

May 23, 2025
CVE-2025-31397
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows …

May 23, 2025
CVE-2025-31069
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a …

May 23, 2025
CVE-2025-31056
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, …

May 23, 2025
CVE-2025-31049
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.

May 23, 2025
CVE-2025-5099
9.8 CRITICAL

An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code …

May 23, 2025
CVE-2025-5098
9.1 CRITICAL

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.

May 23, 2025
CVE-2025-48373
9.1 CRITICAL

Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior …

May 22, 2025
CVE-2024-6914
9.8 CRITICAL

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor …

May 22, 2025
CVE-2024-41198
9.8 CRITICAL

An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

May 22, 2025
CVE-2024-41197
9.8 CRITICAL

An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

May 22, 2025
CVE-2024-41196
9.8 CRITICAL

An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

May 22, 2025
CVE-2024-41195
9.8 CRITICAL

An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

May 22, 2025
CVE-2025-30171
9.0 CRITICAL

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; …

May 22, 2025
CVE-2025-2410
9.1 CRITICAL

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: …

May 22, 2025
CVE-2025-2409
9.1 CRITICAL

File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS …

May 22, 2025
CVE-2024-48853
9.0 CRITICAL

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. …

May 22, 2025
CVE-2025-32814
9.8 CRITICAL

An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.

May 22, 2025
CVE-2025-3484
9.8 CRITICAL

MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

May 22, 2025
CVE-2025-46412
9.8 CRITICAL

Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.

May 21, 2025
CVE-2025-41426
9.8 CRITICAL

Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device.

May 21, 2025
CVE-2025-36535
10.0 CRITICAL

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution …

May 21, 2025
CVE-2025-44083
9.8 CRITICAL

An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication

May 21, 2025
CVE-2025-27558
9.1 CRITICAL

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy …

May 21, 2025
CVE-2025-48200
10.0 CRITICAL

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.

May 21, 2025
CVE-2025-41232
9.1 CRITICAL

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by …

May 21, 2025
CVE-2025-4524
9.8 CRITICAL

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, …

May 21, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.