CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-0012
9.8 CRITICAL KEV

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator …

Nov 18, 2024
CVE-2024-11182
6.1 MEDIUM KEV

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img …

Nov 15, 2024
CVE-2024-11120
9.8 CRITICAL KEV

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on …

Nov 15, 2024
CVE-2024-43093
7.3 HIGH KEV

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode …

Nov 13, 2024
CVE-2024-8069
8.0 HIGH KEV

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same …

Nov 12, 2024
CVE-2024-8068
8.0 HIGH KEV

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as …

Nov 12, 2024
CVE-2024-49039
8.8 HIGH KEV

Windows Task Scheduler Elevation of Privilege Vulnerability

Nov 12, 2024
CVE-2024-43451
6.5 MEDIUM KEV

NTLM Hash Disclosure Spoofing Vulnerability

Nov 12, 2024
CVE-2024-51567
10.0 CRITICAL KEV

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware …

Oct 29, 2024
CVE-2024-51378
10.0 CRITICAL KEV

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or …

Oct 29, 2024
CVE-2024-50623
9.8 CRITICAL KEV

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote …

Oct 28, 2024
CVE-2024-20481
5.8 MEDIUM KEV

A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow …

Oct 23, 2024
CVE-2024-47575
9.8 CRITICAL KEV

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, …

Oct 23, 2024
CVE-2024-41713
9.1 CRITICAL KEV

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a …

Oct 21, 2024
CVE-2024-9537
9.8 CRITICAL KEV

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions …

Oct 18, 2024
CVE-2024-9465
9.1 CRITICAL KEV

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, …

Oct 9, 2024
CVE-2024-9463
7.5 HIGH KEV

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in …

Oct 9, 2024
CVE-2024-9680
9.8 CRITICAL KEV

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this …

Oct 9, 2024
CVE-2024-43573
6.5 MEDIUM KEV

Windows MSHTML Platform Spoofing Vulnerability

Oct 8, 2024
CVE-2024-43572
7.8 HIGH KEV

Microsoft Management Console Remote Code Execution Vulnerability

Oct 8, 2024
CVE-2024-43468
9.8 CRITICAL KEV

Microsoft Configuration Manager Remote Code Execution Vulnerability

Oct 8, 2024
CVE-2024-9380
7.2 HIGH KEV

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to …

Oct 8, 2024
CVE-2024-9379
6.5 MEDIUM KEV

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL …

Oct 8, 2024
CVE-2024-43047
7.8 HIGH KEV

Memory corruption while maintaining memory maps of HLOS memory.

Oct 7, 2024
CVE-2024-45519
10.0 CRITICAL KEV

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows …

Oct 2, 2024
CVE-2024-8963
9.4 CRITICAL KEV

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Sep 19, 2024
CVE-2024-8957
7.2 HIGH KEV

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may …

Sep 17, 2024
CVE-2024-8956
9.1 CRITICAL KEV

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent …

Sep 17, 2024
CVE-2024-38813
7.5 HIGH KEV

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to …

Sep 17, 2024
CVE-2024-38812
9.8 CRITICAL KEV

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger …

Sep 17, 2024
CVE-2024-8190
7.2 HIGH KEV

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code …

Sep 10, 2024
CVE-2024-43461
8.8 HIGH KEV

Windows MSHTML Platform Spoofing Vulnerability

Sep 10, 2024
CVE-2024-38226
7.3 HIGH KEV

Microsoft Publisher Security Feature Bypass Vulnerability

Sep 10, 2024
CVE-2024-38217
5.4 MEDIUM KEV

Windows Mark of the Web Security Feature Bypass Vulnerability

Sep 10, 2024
CVE-2024-38014
7.8 HIGH KEV

Windows Installer Elevation of Privilege Vulnerability

Sep 10, 2024
CVE-2024-40711
9.8 CRITICAL KEV

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Sep 7, 2024
CVE-2024-20439
9.8 CRITICAL KEV

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative …

Sep 4, 2024
CVE-2024-45195
7.5 HIGH KEV

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes …

Sep 4, 2024
CVE-2024-6670
9.8 CRITICAL KEV

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

Aug 29, 2024
CVE-2024-40766
9.8 CRITICAL KEV

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing …

Aug 23, 2024
CVE-2024-39717
7.2 HIGH KEV

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user …

Aug 22, 2024
CVE-2024-28987
9.1 CRITICAL KEV

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Aug 21, 2024
CVE-2024-7971
9.6 CRITICAL KEV

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security …

Aug 21, 2024
CVE-2024-7965
8.8 HIGH KEV

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Aug 21, 2024
CVE-2024-7262
7.8 HIGH KEV

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary …

Aug 15, 2024
CVE-2024-28986
9.8 CRITICAL KEV

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to …

Aug 13, 2024
CVE-2024-7593
9.8 CRITICAL KEV

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the …

Aug 13, 2024
CVE-2024-38213
6.5 MEDIUM KEV

Windows Mark of the Web Security Feature Bypass Vulnerability

Aug 13, 2024
CVE-2024-38193
7.8 HIGH KEV

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Aug 13, 2024
CVE-2024-38189
8.8 HIGH KEV

Microsoft Project Remote Code Execution Vulnerability

Aug 13, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.