Recent
IBM i is affected by a privilege escalation in IBM i SQL services
Published 2025-11-01 by ibm
Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution
Published 2025-11-01 by Wordfence
Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read
Published 2025-11-01 by Wordfence
RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload
Published 2025-11-01 by Wordfence
Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload
Published 2025-11-01 by Wordfence
Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution
Published 2025-11-01 by Wordfence
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload
Published 2025-11-01 by Wordfence
Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Published 2025-11-01 by Wordfence
Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection
Published 2025-11-01 by Wordfence
Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion
Published 2025-11-01 by Wordfence
WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
Published 2025-11-01 by Wordfence
Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update
Published 2025-11-01 by Wordfence
Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password
Published 2025-11-01 by Wordfence
Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema
Published 2025-11-01 by Wordfence
Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure
Published 2025-11-01 by Wordfence
CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update
Published 2025-11-01 by Wordfence
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
Published 2025-11-01 by Wordfence
Published 2025-11-01 by Liferay
Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published 2025-11-01 by Wordfence
WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode
Published 2025-11-01 by Wordfence
Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure
Published 2025-11-01 by Wordfence
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect
Published 2025-11-01 by Wordfence
Published 2025-10-31 by Liferay
Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode
Published 2025-10-31 by redhat
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published 2025-10-31 by microsoft
Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure
Published 2025-10-31 by Silabs
LogicalDOC Community Edition Admin Login login.jsp excessive authentication
Published 2025-10-31 by VulDB
LogicalDOC Community Edition API Key creation UI cross site scripting
Published 2025-10-31 by VulDB
ELOG user profile missing authorization
Published 2025-10-31 by cisa-cg
ELOG configuration file authorization bypass
Published 2025-10-31 by cisa-cg
ELOG file upload stored XSS
Published 2025-10-31 by cisa-cg
Published 2025-10-31 by Liferay
Published 2025-10-31 by Liferay
Microsoft Configuration Manager Spoofing Vulnerability
Published 2025-10-31 by microsoft
Quadratic complexity in os.path.expandvars() with user-controlled template
Published 2025-10-31 by PSF
Missing Security Headers
Published 2025-10-31 by azure-access
Scripts for the module Global_Shipping executable on BRAIN2 Server
Published 2025-10-31 by bizerba
Unencrypted communication to Active Directory services
Published 2025-10-31 by bizerba
Insecure service configuration – unquoted path
Published 2025-10-31 by bizerba
Server Certificate Verification Disabled
Published 2025-10-31 by azure-access
Insufficient Password Policy
Published 2025-10-31 by azure-access
International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints
Published 2025-10-31 by icscert
Agno session state overwrites between different sessions/users
Published 2025-10-31 by GitHub_M
INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
Published 2025-10-31 by S21sec
EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
Published 2025-10-31 by S21sec
Denial of service through specific packets
Published 2025-10-31 by S21sec
CLICKJACKING
Published 2025-10-31 by S21sec
Published 2025-10-31 by Opera
Stored XSS vulnerability in Afterlogic Aurora webmail
Published 2025-10-31 by ESET
Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure
Published 2025-10-31 by Wordfence
HIJACKING OF THE TOKEN AND GAINING ACCESS
Published 2025-10-31 by S21sec
IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
Published 2025-10-31 by ibm
IBM InfoSphere Information Server is vulnerable to privilege escalation
Published 2025-10-31 by ibm
Nagios XI < 2024R1.1 XSS via Missing Page / 404
Published 2025-10-31 by VulnCheck
Denial-of-service vulnerability in ESET security products for Windows
Published 2025-10-31 by ESET
Incorrect removal of permissions on PCI device unplug
Published 2025-10-31 by XEN
x86: Incorrect input sanitisation in Viridian hypercalls
Published 2025-10-31 by XEN
x86: Incorrect input sanitisation in Viridian hypercalls
Published 2025-10-31 by XEN
WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability
Published 2025-10-31 by Patchstack
WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability
Published 2025-10-31 by Patchstack
WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability
Published 2025-10-31 by Patchstack
WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability
Published 2025-10-31 by Patchstack
WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability
Published 2025-10-31 by Patchstack
WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability
Published 2025-10-31 by Patchstack
WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability
Published 2025-10-31 by Patchstack
Load more ↓