CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-41783
9.1 CRITICAL

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due …

Jan 19, 2025
CVE-2024-38337
9.1 CRITICAL

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to …

Jan 19, 2025
CVE-2024-13375
9.8 CRITICAL

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due …

Jan 18, 2025
CVE-2024-57035
9.8 CRITICAL

WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.

Jan 17, 2025
CVE-2024-57034
9.8 CRITICAL

WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.

Jan 17, 2025
CVE-2024-57032
9.8 CRITICAL

WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is …

Jan 17, 2025
CVE-2024-57031
9.8 CRITICAL

WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.

Jan 17, 2025
CVE-2024-57703
9.8 CRITICAL

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument …

Jan 16, 2025
CVE-2024-53553
9.1 CRITICAL

An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.

Jan 16, 2025
CVE-2025-23922
10.0 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a …

Jan 16, 2025
CVE-2025-23797
9.8 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1.

Jan 16, 2025
CVE-2024-57583
9.8 CRITICAL

Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.

Jan 16, 2025
CVE-2024-57582
9.8 CRITICAL

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.

Jan 16, 2025
CVE-2024-57581
9.8 CRITICAL

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.

Jan 16, 2025
CVE-2024-57580
9.8 CRITICAL

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Jan 16, 2025
CVE-2024-57579
9.8 CRITICAL

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.

Jan 16, 2025
CVE-2024-57575
9.8 CRITICAL

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

Jan 16, 2025
CVE-2024-57684
9.8 CRITICAL

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted …

Jan 16, 2025
CVE-2024-57768
9.8 CRITICAL

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.

Jan 16, 2025
CVE-2025-0471
9.9 CRITICAL

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain …

Jan 16, 2025
CVE-2025-22916
9.8 CRITICAL

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.

Jan 16, 2025
CVE-2025-22913
9.8 CRITICAL

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.

Jan 16, 2025
CVE-2025-22912
9.8 CRITICAL

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

Jan 16, 2025
CVE-2025-22907
9.8 CRITICAL

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.

Jan 16, 2025
CVE-2025-22906
9.8 CRITICAL

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.

Jan 16, 2025
CVE-2025-22905
9.8 CRITICAL

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.

Jan 16, 2025
CVE-2025-22904
9.8 CRITICAL

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

Jan 16, 2025
CVE-2025-0456
9.8 CRITICAL

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts …

Jan 16, 2025
CVE-2025-0455
9.8 CRITICAL

The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database …

Jan 16, 2025
CVE-2024-57726
9.9 CRITICAL KEV

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can …

Jan 15, 2025
CVE-2024-48126
9.8 CRITICAL

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.

Jan 15, 2025
CVE-2025-22146
9.1 CRITICAL

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported …

Jan 15, 2025
CVE-2025-0502
9.1 CRITICAL

Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, …

Jan 15, 2025
CVE-2025-22968
9.8 CRITICAL

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions

Jan 15, 2025
CVE-2025-22785
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course …

Jan 15, 2025
CVE-2025-22782
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Upload a Web Shell to …

Jan 15, 2025
CVE-2024-12084
9.8 CRITICAL

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the …

Jan 15, 2025
CVE-2024-9636
9.8 CRITICAL

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin …

Jan 15, 2025
CVE-2025-23061
9.0 CRITICAL

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an …

Jan 15, 2025
CVE-2024-57766
9.1 CRITICAL

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.

Jan 15, 2025
CVE-2024-57764
9.1 CRITICAL

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.

Jan 15, 2025
CVE-2024-57763
9.1 CRITICAL

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.

Jan 15, 2025
CVE-2024-57483
9.8 CRITICAL

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

Jan 14, 2025
CVE-2024-57473
9.8 CRITICAL

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit …

Jan 14, 2025
CVE-2024-54142
9.0 CRITICAL

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had …

Jan 14, 2025
CVE-2024-57482
9.8 CRITICAL

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully …

Jan 14, 2025
CVE-2024-57480
9.8 CRITICAL

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this …

Jan 14, 2025
CVE-2024-57479
9.8 CRITICAL

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit …

Jan 14, 2025
CVE-2024-57471
9.8 CRITICAL

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully …

Jan 14, 2025
CVE-2024-48760
9.8 CRITICAL

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi …

Jan 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.