CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-27348
9.8 CRITICAL KEV

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to …

Apr 22, 2024
CVE-2024-3400
10.0 CRITICAL KEV

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions …

Apr 12, 2024
CVE-2024-29988
8.8 HIGH KEV

SmartScreen Prompt Security Feature Bypass Vulnerability

Apr 9, 2024
CVE-2024-29748
7.8 HIGH KEV

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no …

Apr 5, 2024
CVE-2024-29745
5.5 MEDIUM KEV

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction …

Apr 5, 2024
CVE-2024-3273
7.3 HIGH KEV

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected …

Apr 4, 2024
CVE-2024-3272
9.8 CRITICAL KEV

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to …

Apr 4, 2024
CVE-2024-29059
7.5 HIGH KEV

.NET Framework Information Disclosure Vulnerability

Mar 23, 2024
CVE-2024-20767
7.4 HIGH KEV

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could …

Mar 18, 2024
CVE-2024-26169
7.8 HIGH KEV

Windows Error Reporting Service Elevation of Privilege Vulnerability

Mar 12, 2024
CVE-2023-48788
9.8 CRITICAL KEV

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows …

Mar 12, 2024
CVE-2024-23296
7.8 HIGH KEV

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS …

Mar 5, 2024
CVE-2024-23225
7.8 HIGH KEV

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS …

Mar 5, 2024
CVE-2024-27199
7.3 HIGH KEV

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Mar 4, 2024
CVE-2024-27198
9.8 CRITICAL KEV

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Mar 4, 2024
CVE-2024-1212
10.0 CRITICAL KEV

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Feb 21, 2024
CVE-2024-1709
10.0 CRITICAL KEV

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access …

Feb 21, 2024
CVE-2024-1708
8.4 HIGH KEV

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential …

Feb 21, 2024
CVE-2024-20953
8.8 HIGH KEV

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows …

Feb 17, 2024
CVE-2024-23113
9.8 CRITICAL KEV

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 …

Feb 15, 2024
CVE-2024-21413
9.8 CRITICAL KEV

Microsoft Outlook Remote Code Execution Vulnerability

Feb 13, 2024
CVE-2024-21412
8.1 HIGH KEV

Internet Shortcut Files Security Feature Bypass Vulnerability

Feb 13, 2024
CVE-2024-21410
9.8 CRITICAL KEV

Microsoft Exchange Server Elevation of Privilege Vulnerability

Feb 13, 2024
CVE-2024-21351
7.6 HIGH KEV

Windows SmartScreen Security Feature Bypass Vulnerability

Feb 13, 2024
CVE-2024-21338
7.8 HIGH KEV

Windows Kernel Elevation of Privilege Vulnerability

Feb 13, 2024
CVE-2024-21762
9.8 CRITICAL KEV

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, …

Feb 9, 2024
CVE-2024-21893
8.2 HIGH KEV

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for …

Jan 31, 2024
CVE-2024-1086
7.8 HIGH KEV

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as …

Jan 31, 2024
CVE-2024-23897
9.8 CRITICAL KEV

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by …

Jan 24, 2024
CVE-2024-23222
8.8 HIGH KEV

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS …

Jan 23, 2024
CVE-2024-0769
5.3 MEDIUM KEV

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some …

Jan 21, 2024
CVE-2023-6549
8.2 HIGH KEV

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory …

Jan 17, 2024
CVE-2023-6548
5.5 MEDIUM KEV

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with …

Jan 17, 2024
CVE-2024-0519
8.8 HIGH KEV

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jan 16, 2024
CVE-2023-22527
9.8 CRITICAL KEV

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers …

Jan 16, 2024
CVE-2024-21887
9.1 CRITICAL KEV

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send …

Jan 12, 2024
CVE-2023-46805
8.2 HIGH KEV

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources …

Jan 12, 2024
CVE-2023-7028
10.0 CRITICAL KEV

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 …

Jan 12, 2024
CVE-2023-41974
7.8 HIGH KEV

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An …

Jan 10, 2024
CVE-2022-48618
7.0 HIGH KEV

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An …

Jan 9, 2024
CVE-2022-2586
5.3 MEDIUM KEV

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that …

Jan 8, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.