Recent
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published 2025-10-31 by microsoft
Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure
Published 2025-10-31 by Silabs
LogicalDOC Community Edition Admin Login login.jsp excessive authentication
Published 2025-10-31 by VulDB
LogicalDOC Community Edition API Key creation UI cross site scripting
Published 2025-10-31 by VulDB
ELOG user profile missing authorization
Published 2025-10-31 by cisa-cg
ELOG configuration file authorization bypass
Published 2025-10-31 by cisa-cg
ELOG file upload stored XSS
Published 2025-10-31 by cisa-cg
Published 2025-10-31 by Liferay
Published 2025-10-31 by Liferay
Microsoft Configuration Manager Spoofing Vulnerability
Published 2025-10-31 by microsoft
Quadratic complexity in os.path.expandvars() with user-controlled template
Published 2025-10-31 by PSF
Missing Security Headers
Published 2025-10-31 by azure-access
Scripts for the module Global_Shipping executable on BRAIN2 Server
Published 2025-10-31 by bizerba
Unencrypted communication to Active Directory services
Published 2025-10-31 by bizerba
Insecure service configuration – unquoted path
Published 2025-10-31 by bizerba
Server Certificate Verification Disabled
Published 2025-10-31 by azure-access
Insufficient Password Policy
Published 2025-10-31 by azure-access
International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints
Published 2025-10-31 by icscert
Agno session state overwrites between different sessions/users
Published 2025-10-31 by GitHub_M
INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
Published 2025-10-31 by S21sec
EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
Published 2025-10-31 by S21sec
Denial of service through specific packets
Published 2025-10-31 by S21sec
CLICKJACKING
Published 2025-10-31 by S21sec
Published 2025-10-31 by Opera
Stored XSS vulnerability in Afterlogic Aurora webmail
Published 2025-10-31 by ESET
Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure
Published 2025-10-31 by Wordfence
HIJACKING OF THE TOKEN AND GAINING ACCESS
Published 2025-10-31 by S21sec
IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
Published 2025-10-31 by ibm
IBM InfoSphere Information Server is vulnerable to privilege escalation
Published 2025-10-31 by ibm
Nagios XI < 2024R1.1 XSS via Missing Page / 404
Published 2025-10-31 by VulnCheck
Denial-of-service vulnerability in ESET security products for Windows
Published 2025-10-31 by ESET
Incorrect removal of permissions on PCI device unplug
Published 2025-10-31 by XEN
x86: Incorrect input sanitisation in Viridian hypercalls
Published 2025-10-31 by XEN
x86: Incorrect input sanitisation in Viridian hypercalls
Published 2025-10-31 by XEN
WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability
Published 2025-10-31 by Patchstack
WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability
Published 2025-10-31 by Patchstack
WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability
Published 2025-10-31 by Patchstack
WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability
Published 2025-10-31 by Patchstack
WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability
Published 2025-10-31 by Patchstack
WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
Published 2025-10-31 by sonicwall
Untargeted information leak in Bolt protocol handshake
Published 2025-10-31 by Neo4j
Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data
Published 2025-10-31 by Canon_EMEA
comedi: fix divide-by-zero in comedi_buf_munge()
Published 2025-10-31 by Linux
WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration
Published 2025-10-31 by Wordfence
ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download
Published 2025-10-31 by Wordfence
Published 2025-10-31 by OX
Published 2025-10-31 by OX
Published 2025-10-31 by OX
Apache APISIX: basic-auth logs plaintext credentials at info level
Published 2025-10-31 by apache
Depicter <= 4.0.4 - Cross-Site Request Forgery
Published 2025-10-31 by Wordfence
OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing
Published 2025-10-31 by Wordfence
The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure
Published 2025-10-31 by Wordfence
SQLi in Abis Technology's BAPSIS
Published 2025-10-31 by TR-CERT
Zombify <= 1.7.5 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read
Published 2025-10-31 by Wordfence
WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read
Published 2025-10-31 by Wordfence
WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function
Published 2025-10-31 by Wordfence
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
Published 2025-10-31 by Wordfence
Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass
Published 2025-10-31 by Wordfence
RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST
Published 2025-10-31 by WPScan
Published 2025-10-31 by jpcert
Published 2025-10-31 by jpcert
Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2025-10-31 by Wordfence
FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
Published 2025-10-31 by Wordfence
Brotli decompression bomb DoS in scrapy/scrapy
Published 2025-10-31 by @huntr_ai
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Published 2025-10-31 by mitre
Denial of Service in danny-avila/librechat
Published 2025-10-30 by @huntr_ai
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Published 2025-10-30 by hackerone
Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Permalinks
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.0 XSS via Views URL Handling
Published 2025-10-30 by VulnCheck
Nagios XI < 5.4.13 XSS via Views Page
Published 2025-10-30 by VulnCheck
Nagios XI < 2012R2.6 XSS via Tools Menu
Published 2025-10-30 by VulnCheck
Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions
Published 2025-10-30 by VulnCheck
Nagios XI < 5.2.4 XSS via Report startdate/enddate Fields
Published 2025-10-30 by VulnCheck
Nagios XI < 2011R1.9 XSS via Recurring Downtime Script
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.0 XSS via My Tools Page
Published 2025-10-30 by VulnCheck
Nagios XI < 5.2.4 XSS via “My Reports” Listing
Published 2025-10-30 by VulnCheck
Nagios XI < 5.2.4 XSS via Menu System
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.2 XSS via Manage Users in Admin Interface
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1 XSS via Graph Explorer
Published 2025-10-30 by VulnCheck
Nagios XI < 5.11.3 XSS via Graph Explorer
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.1.3 XSS via Executive Summary Report
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.0.2 XSS via Core Command Expansion
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.1.3 XSS via Capacity Planning Report
Published 2025-10-30 by VulnCheck
Nagios XI < 5.11.3 XSS via Bulk Modifications
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.2 XSS via BPI Config Management
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.0 XSS via BPI Config ID Handling
Published 2025-10-30 by VulnCheck
Nagios XI < 5.11.3 XSS via Bandwidth Report
Published 2025-10-30 by VulnCheck
Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler
Published 2025-10-30 by VulnCheck
Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form
Published 2025-10-30 by VulnCheck
Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1 Web SSH Terminal Missing Access Control
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory
Published 2025-10-30 by VulnCheck
Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.9 Stored XSS via BPI Info URL
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.9 Stored XSS in Update Checking
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.5 SQL injection via SNMP Trap Interface Edit Page
Published 2025-10-30 by VulnCheck
Nagios XI < 5.2.4 SQL Injection in Notification Search
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers
Published 2025-10-30 by VulnCheck
Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard
Published 2025-10-30 by VulnCheck
Nagios XI < 2026R1 RCE via Run Check Command in CCM
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.2 RCE via NRDP Server Plugins
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)
Published 2025-10-30 by VulnCheck
Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)
Published 2025-10-30 by VulnCheck
Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.2.2 Host Header Injection
Published 2025-10-30 by VulnCheck
Nagios XI < 5.4.13 Component Download Page RCE
Published 2025-10-30 by VulnCheck
Nagios XI < 2024R1.2 Command Injection via Docker Wizard
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.3 Command Injection in Report PDF Download
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input
Published 2025-10-30 by VulnCheck
Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
Published 2025-10-30 by VulnCheck
Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search Text
Published 2025-10-30 by VulnCheck
Load more ↓