CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-55573
9.1 CRITICAL

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is …

Jan 23, 2025
CVE-2024-57328
9.8 CRITICAL

A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password …

Jan 23, 2025
CVE-2024-55194
9.8 CRITICAL

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

Jan 23, 2025
CVE-2024-55193
9.8 CRITICAL

OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.

Jan 23, 2025
CVE-2024-55192
9.8 CRITICAL

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).

Jan 23, 2025
CVE-2024-53923
9.1 CRITICAL

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is …

Jan 23, 2025
CVE-2023-46401
9.8 CRITICAL

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.

Jan 23, 2025
CVE-2023-46400
9.8 CRITICAL

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.

Jan 23, 2025
CVE-2025-0637
9.8 CRITICAL

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow …

Jan 23, 2025
CVE-2024-55971
10.0 CRITICAL

SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend …

Jan 23, 2025
CVE-2024-52325
9.6 CRITICAL

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

Jan 23, 2025
CVE-2025-23006
9.8 CRITICAL KEV

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions …

Jan 23, 2025
CVE-2024-52975
9.0 CRITICAL

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature …

Jan 23, 2025
CVE-2025-20156
9.9 CRITICAL

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on …

Jan 22, 2025
CVE-2025-23914
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a through <= …

Jan 22, 2025
CVE-2023-37777
9.8 CRITICAL

A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a …

Jan 22, 2025
CVE-2025-23953
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Server.This issue affects user …

Jan 22, 2025
CVE-2025-23942
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects …

Jan 22, 2025
CVE-2025-23932
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through <= 3.00.

Jan 22, 2025
CVE-2025-23931
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue …

Jan 22, 2025
CVE-2025-23921
9.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This …

Jan 22, 2025
CVE-2025-23918
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue …

Jan 22, 2025
CVE-2024-12857
9.8 CRITICAL

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not …

Jan 22, 2025
CVE-2024-13091
9.8 CRITICAL

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in …

Jan 22, 2025
CVE-2024-49748
9.8 CRITICAL

In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution …

Jan 21, 2025
CVE-2024-49747
9.8 CRITICAL

In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote …

Jan 21, 2025
CVE-2024-24421
9.8 CRITICAL

A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a …

Jan 21, 2025
CVE-2024-45479
9.1 CRITICAL

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, …

Jan 21, 2025
CVE-2023-27113
9.8 CRITICAL

pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.

Jan 21, 2025
CVE-2023-27112
9.8 CRITICAL

pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.

Jan 21, 2025
CVE-2025-21556
9.9 CRITICAL

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily …

Jan 21, 2025
CVE-2025-21547
9.1 CRITICAL

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and …

Jan 21, 2025
CVE-2025-21535
9.8 CRITICAL

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability …

Jan 21, 2025
CVE-2025-21524
9.8 CRITICAL

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to …

Jan 21, 2025
CVE-2024-55959
9.1 CRITICAL

Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

Jan 21, 2025
CVE-2025-24024
9.1 CRITICAL

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users …

Jan 21, 2025
CVE-2024-42936
9.8 CRITICAL

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.

Jan 21, 2025
CVE-2024-54794
9.1 CRITICAL

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

Jan 21, 2025
CVE-2025-22723
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload …

Jan 21, 2025
CVE-2025-22553
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: …

Jan 21, 2025
CVE-2024-51919
9.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.

Jan 21, 2025
CVE-2024-51888
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0.

Jan 21, 2025
CVE-2024-51818
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from …

Jan 21, 2025
CVE-2024-49688
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through <= 4.1.3.

Jan 21, 2025
CVE-2024-49655
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a …

Jan 21, 2025
CVE-2024-32555
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9.

Jan 21, 2025
CVE-2025-23220
9.8 CRITICAL

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the …

Jan 20, 2025
CVE-2025-23219
9.8 CRITICAL

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the …

Jan 20, 2025
CVE-2025-23218
9.8 CRITICAL

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the …

Jan 20, 2025
CVE-2025-0585
9.8 CRITICAL

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database …

Jan 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.