CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-49375
9.0 CRITICAL

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted …

Jan 14, 2025
CVE-2024-48856
9.8 CRITICAL

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition …

Jan 14, 2025
CVE-2025-23025
9.0 CRITICAL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, …

Jan 14, 2025
CVE-2025-21311
9.8 CRITICAL

Windows NTLM V1 Elevation of Privilege Vulnerability

Jan 14, 2025
CVE-2025-21307
9.8 CRITICAL

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Jan 14, 2025
CVE-2025-21298
9.8 CRITICAL

Windows OLE Remote Code Execution Vulnerability

Jan 14, 2025
CVE-2024-13161
9.8 CRITICAL KEV

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-13160
9.8 CRITICAL KEV

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-13159
9.8 CRITICAL KEV

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-10811
9.8 CRITICAL

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-39803
9.1 CRITICAL

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39802
9.1 CRITICAL

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39801
9.1 CRITICAL

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39800
9.1 CRITICAL

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39799
9.1 CRITICAL

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39798
9.1 CRITICAL

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39795
9.1 CRITICAL

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission …

Jan 14, 2025
CVE-2024-39794
9.1 CRITICAL

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission …

Jan 14, 2025
CVE-2024-39793
9.1 CRITICAL

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission …

Jan 14, 2025
CVE-2024-39790
9.1 CRITICAL

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. …

Jan 14, 2025
CVE-2024-39789
9.1 CRITICAL

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. …

Jan 14, 2025
CVE-2024-39788
9.1 CRITICAL

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. …

Jan 14, 2025
CVE-2024-39787
9.1 CRITICAL

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An …

Jan 14, 2025
CVE-2024-39786
9.1 CRITICAL

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An …

Jan 14, 2025
CVE-2024-39785
9.1 CRITICAL

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. …

Jan 14, 2025
CVE-2024-39784
9.1 CRITICAL

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. …

Jan 14, 2025
CVE-2024-39783
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary …

Jan 14, 2025
CVE-2024-39782
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary …

Jan 14, 2025
CVE-2024-39781
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary …

Jan 14, 2025
CVE-2024-39774
9.1 CRITICAL

A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39770
9.1 CRITICAL

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39769
9.1 CRITICAL

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39768
9.1 CRITICAL

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39765
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39764
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39763
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39762
9.1 CRITICAL

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39761
10.0 CRITICAL

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-39760
10.0 CRITICAL

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-39759
10.0 CRITICAL

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-39757
9.1 CRITICAL

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39756
9.1 CRITICAL

A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39754
10.0 CRITICAL

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. …

Jan 14, 2025
CVE-2024-39608
10.0 CRITICAL

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An …

Jan 14, 2025
CVE-2024-39604
9.0 CRITICAL

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An …

Jan 14, 2025
CVE-2024-39603
9.1 CRITICAL

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39602
9.1 CRITICAL

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39370
9.1 CRITICAL

An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-39367
9.1 CRITICAL

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-39363
9.6 CRITICAL

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure …

Jan 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.