CVE Database

9279+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-44241
9.8 CRITICAL

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be …

Dec 12, 2024
CVE-2024-55884
9.0 CRITICAL

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in …

Dec 12, 2024
CVE-2024-49112
9.8 CRITICAL

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Dec 12, 2024
CVE-2024-47834
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska …

Dec 12, 2024
CVE-2024-47777
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts …

Dec 12, 2024
CVE-2024-47776
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a …

Dec 12, 2024
CVE-2024-47775
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function …

Dec 12, 2024
CVE-2024-47774
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads …

Dec 12, 2024
CVE-2024-47615
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is …

Dec 12, 2024
CVE-2024-47613
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes …

Dec 12, 2024
CVE-2024-47607
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is …

Dec 12, 2024
CVE-2024-47606
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs …

Dec 12, 2024
CVE-2024-47600
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects …

Dec 12, 2024
CVE-2024-47598
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is …

Dec 12, 2024
CVE-2024-47597
9.1 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when …

Dec 12, 2024
CVE-2024-47540
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When …

Dec 12, 2024
CVE-2024-47539
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises …

Dec 12, 2024
CVE-2024-47538
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array …

Dec 12, 2024
CVE-2024-47537
9.8 CRITICAL

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + …

Dec 12, 2024
CVE-2024-45337
9.1 CRITICAL

Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call …

Dec 12, 2024
CVE-2024-42448
9.9 CRITICAL

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution …

Dec 12, 2024
CVE-2024-11948
9.8 CRITICAL

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication …

Dec 12, 2024
CVE-2024-53677
9.8 CRITICAL

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can …

Dec 11, 2024
CVE-2024-11737
9.8 CRITICAL

CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an …

Dec 11, 2024
CVE-2024-54036
9.3 CRITICAL

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject …

Dec 10, 2024
CVE-2024-54034
9.3 CRITICAL

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim …

Dec 10, 2024
CVE-2024-54032
9.3 CRITICAL

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject …

Dec 10, 2024
CVE-2024-53480
9.8 CRITICAL

Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.

Dec 10, 2024
CVE-2024-46340
9.8 CRITICAL

TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.

Dec 10, 2024
CVE-2024-46442
9.8 CRITICAL

An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.

Dec 10, 2024
CVE-2024-11773
9.1 CRITICAL

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL …

Dec 10, 2024
CVE-2024-11772
9.1 CRITICAL

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code …

Dec 10, 2024
CVE-2024-11639
10.0 CRITICAL

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

Dec 10, 2024
CVE-2024-11634
9.1 CRITICAL

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to …

Dec 10, 2024
CVE-2024-11633
9.1 CRITICAL

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

Dec 10, 2024
CVE-2024-53866
9.8 CRITICAL

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in …

Dec 10, 2024
CVE-2024-12286
9.8 CRITICAL

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

Dec 10, 2024
CVE-2024-55547
9.8 CRITICAL

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.

Dec 10, 2024
CVE-2024-45494
9.8 CRITICAL

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account …

Dec 10, 2024
CVE-2024-45493
9.8 CRITICAL

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to …

Dec 10, 2024
CVE-2024-54751
9.8 CRITICAL

COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Dec 10, 2024
CVE-2024-5660
9.8 CRITICAL

Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, …

Dec 10, 2024
CVE-2024-55586
9.8 CRITICAL

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's …

Dec 10, 2024
CVE-2024-37143
10.0 CRITICAL

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior …

Dec 10, 2024
CVE-2024-53552
9.8 CRITICAL

CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.

Dec 10, 2024
CVE-2024-47578
9.1 CRITICAL

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target …

Dec 10, 2024
CVE-2024-55638
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 …

Dec 10, 2024
CVE-2024-55637
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 …

Dec 10, 2024
CVE-2024-55636
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 …

Dec 10, 2024
CVE-2024-46455
9.8 CRITICAL

unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.

Dec 9, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.