CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-39360
9.1 CRITICAL

An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-39359
9.1 CRITICAL

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39358
9.1 CRITICAL

A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39357
9.1 CRITICAL

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39299
9.1 CRITICAL

A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39294
9.1 CRITICAL

A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39288
9.1 CRITICAL

A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-39280
9.1 CRITICAL

An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-39273
9.0 CRITICAL

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An …

Jan 14, 2025
CVE-2024-38666
9.1 CRITICAL

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-37357
9.1 CRITICAL

A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-37186
9.1 CRITICAL

An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-37184
9.1 CRITICAL

A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-36493
9.1 CRITICAL

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command …

Jan 14, 2025
CVE-2024-36295
9.1 CRITICAL

A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. …

Jan 14, 2025
CVE-2024-36290
10.0 CRITICAL

A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-36272
9.1 CRITICAL

A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. …

Jan 14, 2025
CVE-2024-36258
10.0 CRITICAL

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code …

Jan 14, 2025
CVE-2024-34544
9.1 CRITICAL

A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. …

Jan 14, 2025
CVE-2024-34166
10.0 CRITICAL

An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to …

Jan 14, 2025
CVE-2024-21797
9.1 CRITICAL

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. …

Jan 14, 2025
CVE-2024-55591
9.8 CRITICAL KEV

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 …

Jan 14, 2025
CVE-2024-48886
9.0 CRITICAL

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 …

Jan 14, 2025
CVE-2024-47572
9.0 CRITICAL

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via …

Jan 14, 2025
CVE-2023-37936
9.8 CRITICAL

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 …

Jan 14, 2025
CVE-2025-20055
9.8 CRITICAL

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute …

Jan 14, 2025
CVE-2024-12919
9.8 CRITICAL

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, …

Jan 14, 2025
CVE-2025-0070
9.9 CRITICAL

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, …

Jan 14, 2025
CVE-2025-0066
9.9 CRITICAL

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access …

Jan 14, 2025
CVE-2024-57811
9.1 CRITICAL

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The …

Jan 13, 2025
CVE-2024-56323
9.8 CRITICAL

OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass under …

Jan 13, 2025
CVE-2025-22144
9.8 CRITICAL

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and …

Jan 13, 2025
CVE-2024-46310
9.1 CRITICAL

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

Jan 13, 2025
CVE-2024-5743
9.8 CRITICAL

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects …

Jan 13, 2025
CVE-2024-46479
9.9 CRITICAL

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote …

Jan 13, 2025
CVE-2025-22777
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through <= 3.19.3.

Jan 13, 2025
CVE-2024-12877
9.8 CRITICAL

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 …

Jan 11, 2025
CVE-2025-0107
9.8 CRITICAL

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, …

Jan 11, 2025
CVE-2025-0105
9.1 CRITICAL

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the …

Jan 11, 2025
CVE-2024-12847
9.8 CRITICAL

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by …

Jan 10, 2025
CVE-2024-57225
9.8 CRITICAL

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

Jan 10, 2025
CVE-2024-57224
9.8 CRITICAL

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.

Jan 10, 2025
CVE-2024-57223
9.8 CRITICAL

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.

Jan 10, 2025
CVE-2025-22949
9.8 CRITICAL

Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.

Jan 10, 2025
CVE-2025-22152
9.1 CRITICAL

Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker …

Jan 10, 2025
CVE-2024-56511
9.8 CRITICAL

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can …

Jan 10, 2025
CVE-2024-29971
9.8 CRITICAL

Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals.

Jan 10, 2025
CVE-2024-29970
9.8 CRITICAL

Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals.

Jan 10, 2025
CVE-2025-22946
9.8 CRITICAL

Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.

Jan 10, 2025
CVE-2024-57687
9.8 CRITICAL

An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the …

Jan 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.