CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-51547
9.8 CRITICAL

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: …

Feb 6, 2025
CVE-2024-51450
9.1 CRITICAL

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted …

Feb 6, 2025
CVE-2025-1066
9.8 CRITICAL

OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.

Feb 6, 2025
CVE-2024-57520
9.8 CRITICAL

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier …

Feb 5, 2025
CVE-2024-57077
9.1 CRITICAL

The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter …

Feb 5, 2025
CVE-2020-36084
9.8 CRITICAL

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.

Feb 5, 2025
CVE-2025-20125
9.1 CRITICAL

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, …

Feb 5, 2025
CVE-2025-20124
9.9 CRITICAL

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected …

Feb 5, 2025
CVE-2025-23114
9.0 CRITICAL

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to …

Feb 5, 2025
CVE-2024-48445
9.8 CRITICAL

An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.

Feb 4, 2025
CVE-2025-24964
9.6 CRITICAL

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API …

Feb 4, 2025
CVE-2025-0960
9.8 CRITICAL

AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause …

Feb 4, 2025
CVE-2025-0364
9.8 CRITICAL

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create …

Feb 4, 2025
CVE-2025-24677
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from …

Feb 4, 2025
CVE-2025-22699
9.0 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through …

Feb 4, 2025
CVE-2024-9644
9.8 CRITICAL

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some …

Feb 4, 2025
CVE-2024-9643
9.8 CRITICAL

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge …

Feb 4, 2025
CVE-2025-1020
9.8 CRITICAL

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Feb 4, 2025
CVE-2025-1017
9.8 CRITICAL

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and …

Feb 4, 2025
CVE-2025-1016
9.8 CRITICAL

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed …

Feb 4, 2025
CVE-2025-1009
9.8 CRITICAL

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox …

Feb 4, 2025
CVE-2025-0890
9.8 CRITICAL

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to …

Feb 4, 2025
CVE-2025-22204
9.8 CRITICAL

Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.

Feb 4, 2025
CVE-2025-24957
9.8 CRITICAL

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an …

Feb 3, 2025
CVE-2025-24906
9.8 CRITICAL

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an …

Feb 3, 2025
CVE-2025-24905
9.8 CRITICAL

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an …

Feb 3, 2025
CVE-2025-22978
9.8 CRITICAL

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.

Feb 3, 2025
CVE-2024-57968
9.9 CRITICAL KEV

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). …

Feb 3, 2025
CVE-2024-57450
9.8 CRITICAL

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.

Feb 3, 2025
CVE-2024-57099
9.8 CRITICAL

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, …

Feb 3, 2025
CVE-2024-57098
9.8 CRITICAL

Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.

Feb 3, 2025
CVE-2024-45569
9.8 CRITICAL

Memory corruption while parsing the ML IE due to invalid frame content.

Feb 3, 2025
CVE-2025-20634
9.8 CRITICAL

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a …

Feb 3, 2025
CVE-2025-24891
9.6 CRITICAL

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite …

Jan 31, 2025
CVE-2024-57587
9.1 CRITICAL

Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) …

Jan 31, 2025
CVE-2024-55062
9.8 CRITICAL

Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.

Jan 31, 2025
CVE-2024-53356
9.8 CRITICAL

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret …

Jan 31, 2025
CVE-2025-22957
9.8 CRITICAL

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could …

Jan 31, 2025
CVE-2024-53584
9.8 CRITICAL

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.

Jan 31, 2025
CVE-2024-47857
9.8 CRITICAL

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows …

Jan 31, 2025
CVE-2024-53537
9.1 CRITICAL

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

Jan 31, 2025
CVE-2024-53320
9.8 CRITICAL

Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.

Jan 31, 2025
CVE-2025-0929
9.8 CRITICAL

SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious …

Jan 31, 2025
CVE-2025-0493
9.8 CRITICAL

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and …

Jan 31, 2025
CVE-2022-1736
9.8 CRITICAL

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

Jan 31, 2025
CVE-2025-0680
9.8 CRITICAL

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected …

Jan 30, 2025
CVE-2024-12248
9.8 CRITICAL

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to …

Jan 30, 2025
CVE-2025-0498
9.8 CRITICAL

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® …

Jan 30, 2025
CVE-2025-0497
9.8 CRITICAL

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the …

Jan 30, 2025
CVE-2025-0477
9.8 CRITICAL

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and …

Jan 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.