Home
Vulnerability & Exploit Database

Vulnerability & Exploit Database

Try Surface Command Get a continuous 360° view of your attack surface

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. The exploits are all included in the Metasploit framework. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 10,101 - 10,120 of 264,116 in total

WordPress Plugin: videowhisper-live-streaming-integration: CVE-2025-26753: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Published: February 14, 2025 | Severity: 8

WordPress Plugin: chaty-pro: CVE-2025-26776: Unrestricted Upload of File with Dangerous Type

Published: February 14, 2025 | Severity: 10

WordPress Plugin: easy-elementor-addons: CVE-2025-26761: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

WordPress Plugin: easy-popups: CVE-2025-26774: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

WordPress Plugin: elementskit-lite: CVE-2025-1005: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 5

WordPress Plugin: media-library-plus: CVE-2025-0935: Missing Authorization

Published: February 14, 2025 | Severity: 4

WordPress Plugin: addons-for-elementor-builder: CVE-2025-26769: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

WordPress Plugin: wp-analytify: CVE-2025-26773: Missing Authorization

Published: February 14, 2025 | Severity: 4

WordPress Plugin: woo-bulk-editor: CVE-2025-26775: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 6

WordPress Plugin: 3-word-address-validation-field: CVE-2025-26768: Cross-Site Request Forgery (CSRF)

Published: February 14, 2025 | Severity: 7

WordPress Plugin: alphabetic-pagination: CVE-2025-26751: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

WordPress Plugin: waymark: CVE-2025-26770: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

Debian: CVE-2025-26519: musl -- security update

Published: February 14, 2025 | Severity: 9

WordPress Plugin: ltl-freight-quotes-estes-edition: CVE-2024-13488: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Published: February 14, 2025 | Severity: 8

WordPress Plugin: keep-backup-daily: CVE-2025-26779: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Published: February 14, 2025 | Severity: 6

WordPress Plugin: leyka: CVE-2025-26766: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

WordPress Plugin: dethemekit-for-elementor: CVE-2025-26772: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: February 14, 2025 | Severity: 7

WordPress Plugin: distance-based-shipping-calculator: CVE-2025-26764: Missing Authorization

Published: February 14, 2025 | Severity: 6

WordPress Plugin: distance-based-shipping-calculator: CVE-2025-26765: Missing Authorization

Published: February 14, 2025 | Severity: 5

Red Hat JBoss EAP: CVE-2025-25285: Inefficient Regular Expression Complexity

Published: February 14, 2025 | Severity: 5