9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape …
Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, …
Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat …
Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was …
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, …
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended …
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This …
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a …
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files …
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows …
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. …
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. …
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high …
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high …
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high …
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows …
Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. …
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable …
Free website and port scanning — find vulnerabilities before attackers do.