Real-Time CVE Alerts & Vulnerability Tracker
Search enriched vulnerability intelligence — EPSS exploitability scores, CVSS severity, CISA KEV status — and get instant alerts to Slack, Telegram, Discord or Google Chat.
253,537 results
HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access.
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation.
HCL DFXServer is affected by a Missing Access Control vulnerability
HCL DFXServer is affected by an Unencrypted Communication vulnerability.
Origin Validation Error in X-Rite MA-T6
Origin Validation Error in X-Rite MA-T6
Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata
Use-after-free vulnerability in ESET security products for Linux
SysBasics Customize My Account for WooCommerce <= 4.4.14 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'row_type' Parameter
WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter
WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter
wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field
Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter
Digits: WordPress Mobile Number Signup and Login <= 9.1.0.5 - Authenticated (Subscriber+) Privilege Escalation via 'digits_reg_userrole' Parameter
Joomla Extension - themexpert.com - Unauthenticated SQL injection in Quix Page Builder Pro < 6.2.1
Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector
Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute
WPBot <= 8.5.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary RAG Document Re-Sync via ajax_rag_manual_sync() Function
WPBot <= 8.5.6 - Missing Authorization to Unauthenticated Arbitrary Chat Session Deletion via 'userid' Parameter
Themify Builder <= 7.7.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Stylesheet Write/Delete via tb_generate_on_fly AJAX Action
Never miss a critical vulnerability
Set up free alerts in 60 seconds. Filter by ecosystem, CVSS score or EPSS — get notified to Slack, Telegram, Discord or Google Chat the moment a new CVE matches.
Slack · Telegram · Discord · Google Chat