CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-30967
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.

Apr 15, 2025
CVE-2025-30510
9.8 CRITICAL

An attacker can upload an arbitrary file instead of a plant image.

Apr 15, 2025
CVE-2025-26927
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI …

Apr 15, 2025
CVE-2025-24297
9.8 CRITICAL

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.

Apr 15, 2025
CVE-2025-30727
9.8 CRITICAL

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated …

Apr 15, 2025
CVE-2025-32445
9.9 CRITICAL

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access …

Apr 15, 2025
CVE-2025-30206
9.8 CRITICAL

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, …

Apr 15, 2025
CVE-2025-2567
9.8 CRITICAL

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential …

Apr 15, 2025
CVE-2025-28399
9.8 CRITICAL

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

Apr 15, 2025
CVE-2025-25456
9.8 CRITICAL

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.

Apr 15, 2025
CVE-2025-22900
9.8 CRITICAL

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.

Apr 15, 2025
CVE-2025-28100
9.8 CRITICAL

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.

Apr 15, 2025
CVE-2021-27289
9.1 CRITICAL

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion …

Apr 15, 2025
CVE-2025-32911
9.0 CRITICAL

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the …

Apr 15, 2025
CVE-2025-28137
9.8 CRITICAL

The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Apr 15, 2025
CVE-2025-30985
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.5.4.

Apr 15, 2025
CVE-2025-24797
9.4 CRITICAL

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled …

Apr 15, 2025
CVE-2025-3277
9.8 CRITICAL

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes …

Apr 14, 2025
CVE-2025-32931
9.1 CRITICAL

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan …

Apr 14, 2025
CVE-2025-3439
9.8 CRITICAL

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in …

Apr 11, 2025
CVE-2025-23391
9.1 CRITICAL

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue …

Apr 11, 2025
CVE-2025-32607
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through <= 1.3.0.

Apr 11, 2025
CVE-2025-32603
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue …

Apr 11, 2025
CVE-2025-32579
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects …

Apr 11, 2025
CVE-2025-32577
9.8 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File …

Apr 11, 2025
CVE-2025-32569
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through <= 1.0.4.3.

Apr 11, 2025
CVE-2025-32568
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace for Woocommerce: from n/a through <= 1.4.3.

Apr 11, 2025
CVE-2025-32565
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon …

Apr 11, 2025
CVE-2025-32491
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through …

Apr 11, 2025
CVE-2025-31599
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk …

Apr 11, 2025
CVE-2025-31565
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: …

Apr 11, 2025
CVE-2025-32743
9.0 CRITICAL

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set …

Apr 10, 2025
CVE-2025-32755
9.1 CRITICAL

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on …

Apr 10, 2025
CVE-2025-32754
9.1 CRITICAL

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on …

Apr 10, 2025
CVE-2025-32206
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing …

Apr 10, 2025
CVE-2025-32202
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web …

Apr 10, 2025
CVE-2025-32140
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This …

Apr 10, 2025
CVE-2025-27690
9.8 CRITICAL

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, …

Apr 10, 2025
CVE-2024-58136
9.0 CRITICAL KEV

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild …

Apr 10, 2025
CVE-2024-55210
9.8 CRITICAL

An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.

Apr 9, 2025
CVE-2025-3115
9.8 CRITICAL

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can …

Apr 9, 2025
CVE-2025-32695
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5.

Apr 9, 2025
CVE-2025-32642
10.0 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through <= 1.0.9.

Apr 9, 2025
CVE-2025-32641
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a …

Apr 9, 2025
CVE-2025-32576
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects …

Apr 9, 2025
CVE-2025-32496
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: …

Apr 9, 2025
CVE-2025-31033
9.8 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2.

Apr 9, 2025
CVE-2025-31002
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6.

Apr 9, 2025
CVE-2025-32375
9.8 CRITICAL

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization …

Apr 9, 2025
CVE-2025-27797
9.8 CRITICAL

OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by …

Apr 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.