CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-38178
7.5 HIGH KEV

Scripting Engine Memory Corruption Vulnerability

Aug 13, 2024
CVE-2024-38107
7.8 HIGH KEV

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Aug 13, 2024
CVE-2024-38106
7.0 HIGH KEV

Windows Kernel Elevation of Privilege Vulnerability

Aug 13, 2024
CVE-2024-41710
7.2 HIGH KEV

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an …

Aug 12, 2024
CVE-2024-27443
6.1 MEDIUM KEV

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail …

Aug 12, 2024
CVE-2024-7694
7.2 HIGH KEV

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious …

Aug 12, 2024
CVE-2024-7399
8.8 HIGH KEV

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as …

Aug 12, 2024
CVE-2024-42009
9.3 CRITICAL KEV

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via …

Aug 5, 2024
CVE-2024-38856
9.8 CRITICAL KEV

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. …

Aug 5, 2024
CVE-2023-45249
9.8 CRITICAL KEV

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) …

Jul 24, 2024
CVE-2024-21182
7.5 HIGH KEV

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability …

Jul 16, 2024
CVE-2024-5910
9.8 CRITICAL KEV

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to …

Jul 10, 2024
CVE-2024-5217
9.8 CRITICAL KEV

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an …

Jul 10, 2024
CVE-2024-4879
9.8 CRITICAL KEV

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user …

Jul 10, 2024
CVE-2024-38112
7.5 HIGH KEV

Windows MSHTML Platform Spoofing Vulnerability

Jul 9, 2024
CVE-2024-38094
7.2 HIGH KEV

Microsoft SharePoint Remote Code Execution Vulnerability

Jul 9, 2024
CVE-2024-38080
7.8 HIGH KEV

Windows Hyper-V Elevation of Privilege Vulnerability

Jul 9, 2024
CVE-2024-39891
5.3 MEDIUM KEV

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, …

Jul 2, 2024
CVE-2024-38475
9.1 CRITICAL KEV

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted …

Jul 1, 2024
CVE-2024-20399
6.0 MEDIUM KEV

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root …

Jul 1, 2024
CVE-2024-36401
9.8 CRITICAL KEV

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC …

Jul 1, 2024
CVE-2024-4885
9.8 CRITICAL KEV

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

Jun 25, 2024
CVE-2024-37085
6.8 MEDIUM KEV

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that …

Jun 25, 2024
CVE-2024-37079
9.8 CRITICAL KEV

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this …

Jun 18, 2024
CVE-2024-6047
9.8 CRITICAL KEV

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute …

Jun 17, 2024
CVE-2024-32896
7.8 HIGH KEV

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no …

Jun 13, 2024
CVE-2024-34102
9.8 CRITICAL KEV

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result …

Jun 13, 2024
CVE-2024-35250
7.8 HIGH KEV

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Jun 11, 2024
CVE-2024-30088
7.0 HIGH KEV

Windows Kernel Elevation of Privilege Vulnerability

Jun 11, 2024
CVE-2024-36971
7.8 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be …

Jun 10, 2024
CVE-2024-4577
9.8 CRITICAL KEV

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up …

Jun 9, 2024
CVE-2024-4610
7.8 HIGH KEV

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper …

Jun 7, 2024
CVE-2024-37383
6.1 MEDIUM KEV

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

Jun 7, 2024
CVE-2024-28995
8.6 HIGH KEV

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Jun 6, 2024
CVE-2024-29824
8.8 HIGH KEV

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute …

May 31, 2024
CVE-2024-23692
9.8 CRITICAL KEV

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to …

May 31, 2024
CVE-2024-4358
9.8 CRITICAL KEV

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality …

May 29, 2024
CVE-2024-24919
8.6 HIGH KEV

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or …

May 28, 2024
CVE-2024-5274
9.6 CRITICAL KEV

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

May 28, 2024
CVE-2024-4978
8.4 HIGH KEV

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor …

May 23, 2024
CVE-2024-4947
9.6 CRITICAL KEV

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

May 15, 2024
CVE-2024-30051
7.8 HIGH KEV

Windows DWM Core Library Elevation of Privilege Vulnerability

May 14, 2024
CVE-2024-30040
8.8 HIGH KEV

Windows MSHTML Platform Security Feature Bypass Vulnerability

May 14, 2024
CVE-2024-4761
8.8 HIGH KEV

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via …

May 14, 2024
CVE-2024-4671
9.6 CRITICAL KEV

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a …

May 14, 2024
CVE-2024-32113
9.8 CRITICAL KEV

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to …

May 8, 2024
CVE-2023-50224
6.5 MEDIUM KEV

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication …

May 3, 2024
CVE-2024-20359
6.0 MEDIUM KEV

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security …

Apr 24, 2024
CVE-2024-20353
8.6 HIGH KEV

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow …

Apr 24, 2024
CVE-2024-4040
9.8 CRITICAL KEV

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files …

Apr 22, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.