CVE Database

9279+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-12626
9.6 CRITICAL

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the …

Dec 19, 2024
CVE-2023-4617
10.0 CRITICAL

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users …

Dec 19, 2024
CVE-2024-55461
9.8 CRITICAL

SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().

Dec 18, 2024
CVE-2024-56145
9.8 CRITICAL KEV

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability …

Dec 18, 2024
CVE-2024-52591
9.3 CRITICAL

Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user …

Dec 18, 2024
CVE-2024-56057
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from …

Dec 18, 2024
CVE-2024-56054
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from …

Dec 18, 2024
CVE-2024-56052
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from …

Dec 18, 2024
CVE-2024-56050
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from …

Dec 18, 2024
CVE-2024-54383
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.

Dec 18, 2024
CVE-2023-34990
9.8 CRITICAL

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially …

Dec 18, 2024
CVE-2024-56059
9.8 CRITICAL

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0.

Dec 18, 2024
CVE-2024-56058
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through <= 2.0.1.

Dec 18, 2024
CVE-2024-4996
9.8 CRITICAL

Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in …

Dec 18, 2024
CVE-2024-4995
9.8 CRITICAL

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data …

Dec 18, 2024
CVE-2024-1610
9.8 CRITICAL

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

Dec 18, 2024
CVE-2024-12287
9.8 CRITICAL

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin …

Dec 18, 2024
CVE-2024-21546
9.8 CRITICAL

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after …

Dec 18, 2024
CVE-2024-31668
9.1 CRITICAL

rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.

Dec 17, 2024
CVE-2024-29646
9.8 CRITICAL

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

Dec 17, 2024
CVE-2024-55516
9.1 CRITICAL

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By …

Dec 17, 2024
CVE-2024-55515
9.8 CRITICAL

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By …

Dec 17, 2024
CVE-2024-55513
9.1 CRITICAL

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By …

Dec 17, 2024
CVE-2024-55496
9.1 CRITICAL

A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on …

Dec 17, 2024
CVE-2024-54662
9.1 CRITICAL

Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.

Dec 17, 2024
CVE-2024-8972
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: …

Dec 17, 2024
CVE-2024-50379
9.8 CRITICAL

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is …

Dec 17, 2024
CVE-2024-12356
9.8 CRITICAL KEV

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands …

Dec 17, 2024
CVE-2024-10205
9.4 CRITICAL

Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, …

Dec 17, 2024
CVE-2024-55085
9.8 CRITICAL

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an …

Dec 16, 2024
CVE-2024-29671
9.8 CRITICAL

Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component.

Dec 16, 2024
CVE-2024-55557
9.8 CRITICAL

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

Dec 16, 2024
CVE-2024-12687
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Dec 16, 2024
CVE-2024-54285
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd …

Dec 16, 2024
CVE-2024-54280
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from …

Dec 16, 2024
CVE-2024-54229
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.

Dec 16, 2024
CVE-2024-43234
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14.

Dec 16, 2024
CVE-2024-56012
9.8 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a …

Dec 16, 2024
CVE-2024-55988
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This …

Dec 16, 2024
CVE-2024-55982
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This …

Dec 16, 2024
CVE-2024-55981
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery nabz-image-gallery allows SQL Injection.This issue affects …

Dec 16, 2024
CVE-2024-55980
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robindkumar Wr Age Verification wr-age-verification allows SQL Injection.This issue affects Wr …

Dec 16, 2024
CVE-2024-55978
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation Code Generator Pro code-generator-pro allows SQL Injection.This issue affects Code …

Dec 16, 2024
CVE-2024-55977
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: …

Dec 16, 2024
CVE-2024-55976
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affects Critical …

Dec 16, 2024
CVE-2024-55972
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chriscarvache eTemplates etemplates allows SQL Injection.This issue affects eTemplates: from n/a …

Dec 16, 2024
CVE-2024-54372
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4.

Dec 16, 2024
CVE-2024-54370
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a …

Dec 16, 2024
CVE-2024-54369
9.1 CRITICAL

Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through …

Dec 16, 2024
CVE-2024-54368
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through <= 1.1.0.

Dec 16, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.