108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions …
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible …
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
Unauthenticated Local File Inclusion in Geya <= 1.15 versions.
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional …
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) …
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of …
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through …
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing …
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with …
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through …
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through …
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through …
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational …
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & …
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior …
Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to …
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily …
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows …
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows …
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows …
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily …
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily …
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability …
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows …
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …
Free website and port scanning — find vulnerabilities before attackers do.