CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-39595
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows SQL Injection.This issue affects Quentn …

Apr 17, 2025
CVE-2025-39588
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Object Injection.This issue affects Ultimate Store Kit Elementor Addons: from n/a …

Apr 17, 2025
CVE-2025-39587
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows SQL Injection.This issue affects Cost …

Apr 17, 2025
CVE-2025-39551
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Object Injection.This issue affects FluentBoards: from n/a through <= 1.47.

Apr 17, 2025
CVE-2025-39550
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Object Injection.This issue affects FluentCommunity: from n/a through <= 1.2.15.

Apr 17, 2025
CVE-2025-39436
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <= …

Apr 17, 2025
CVE-2025-32682
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from …

Apr 17, 2025
CVE-2025-32665
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator office-locator allows SQL Injection.This issue affects Office Locator: …

Apr 17, 2025
CVE-2025-32660
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects …

Apr 17, 2025
CVE-2025-32658
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in wpWax HelpGent helpgent allows Object Injection.This issue affects HelpGent: from n/a through <= 2.2.5.

Apr 17, 2025
CVE-2025-32652
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows Using Malicious Files.This issue affects Solace Extra: from n/a through <= …

Apr 17, 2025
CVE-2025-32648
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24.

Apr 17, 2025
CVE-2025-32636
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic local-magic allows SQL Injection.This issue affects Local Magic: …

Apr 17, 2025
CVE-2025-32626
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS …

Apr 17, 2025
CVE-2025-32583
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from …

Apr 17, 2025
CVE-2025-32572
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= 1.5.3.

Apr 17, 2025
CVE-2025-31380
9.8 CRITICAL

Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: …

Apr 17, 2025
CVE-2025-29043
9.8 CRITICAL

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234

Apr 17, 2025
CVE-2025-29042
9.8 CRITICAL

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c

Apr 17, 2025
CVE-2025-27302
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE chatlive allows SQL Injection.This issue affects CHATLIVE: …

Apr 17, 2025
CVE-2025-27287
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through <= 2.0.5.

Apr 17, 2025
CVE-2025-27286
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider: from n/a through <= 3.0.

Apr 17, 2025
CVE-2025-27282
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a …

Apr 17, 2025
CVE-2025-22655
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This …

Apr 17, 2025
CVE-2024-56518
9.8 CRITICAL

Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can …

Apr 17, 2025
CVE-2025-29047
9.8 CRITICAL

Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser

Apr 17, 2025
CVE-2025-29046
9.8 CRITICAL

Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value

Apr 17, 2025
CVE-2025-29045
9.8 CRITICAL

Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value

Apr 17, 2025
CVE-2025-29044
9.8 CRITICAL

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value

Apr 17, 2025
CVE-2025-29041
9.8 CRITICAL

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c

Apr 17, 2025
CVE-2025-29040
9.8 CRITICAL

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c

Apr 17, 2025
CVE-2025-0756
9.1 CRITICAL

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an …

Apr 16, 2025
CVE-2025-32433
10.0 CRITICAL KEV

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker …

Apr 16, 2025
CVE-2025-29709
9.8 CRITICAL

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.

Apr 16, 2025
CVE-2025-29708
9.8 CRITICAL

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.

Apr 16, 2025
CVE-2024-55372
9.8 CRITICAL

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The …

Apr 16, 2025
CVE-2024-55371
9.8 CRITICAL

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. …

Apr 16, 2025
CVE-2025-31201
9.8 CRITICAL KEV

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS …

Apr 16, 2025
CVE-2025-31200
9.8 CRITICAL KEV

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, …

Apr 16, 2025
CVE-2025-27540
9.8 CRITICAL

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used …

Apr 16, 2025
CVE-2025-27539
9.8 CRITICAL

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used …

Apr 16, 2025
CVE-2025-27495
9.8 CRITICAL

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used …

Apr 16, 2025
CVE-2024-40073
9.8 CRITICAL

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.

Apr 16, 2025
CVE-2024-40072
9.8 CRITICAL

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.

Apr 16, 2025
CVE-2024-40071
9.8 CRITICAL

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code …

Apr 16, 2025
CVE-2025-39601
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from …

Apr 16, 2025
CVE-2025-39557
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue …

Apr 16, 2025
CVE-2024-22036
9.1 CRITICAL

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access …

Apr 16, 2025
CVE-2025-3495
9.8 CRITICAL

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and …

Apr 16, 2025
CVE-2025-30215
9.6 CRITICAL

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, …

Apr 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.