CVE Database

9279+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-53441
9.1 CRITICAL

An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.

Dec 9, 2024
CVE-2024-54934
9.8 CRITICAL

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

Dec 9, 2024
CVE-2024-54932
9.8 CRITICAL

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.

Dec 9, 2024
CVE-2024-54931
9.8 CRITICAL

A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized …

Dec 9, 2024
CVE-2024-54925
9.8 CRITICAL

A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized …

Dec 9, 2024
CVE-2024-54924
9.8 CRITICAL

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized …

Dec 9, 2024
CVE-2024-54923
9.8 CRITICAL

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get …

Dec 9, 2024
CVE-2024-54921
9.8 CRITICAL

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized …

Dec 9, 2024
CVE-2024-54918
9.8 CRITICAL

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

Dec 9, 2024
CVE-2024-48956
9.8 CRITICAL

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in …

Dec 9, 2024
CVE-2022-38946
9.8 CRITICAL

Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.

Dec 9, 2024
CVE-2024-40583
9.1 CRITICAL

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

Dec 9, 2024
CVE-2022-38947
9.8 CRITICAL

SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.

Dec 9, 2024
CVE-2024-54920
9.8 CRITICAL

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get …

Dec 9, 2024
CVE-2024-8259
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This …

Dec 9, 2024
CVE-2024-53947
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows …

Dec 9, 2024
CVE-2024-54215
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18.

Dec 9, 2024
CVE-2024-53822
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

Dec 9, 2024
CVE-2024-43222
9.8 CRITICAL

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3.

Dec 9, 2024
CVE-2023-32117
9.8 CRITICAL

Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.

Dec 9, 2024
CVE-2024-55564
9.8 CRITICAL

The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

Dec 9, 2024
CVE-2024-55560
9.8 CRITICAL

MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.

Dec 8, 2024
CVE-2024-12209
9.8 CRITICAL

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 …

Dec 8, 2024
CVE-2024-44852
9.8 CRITICAL

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().

Dec 6, 2024
CVE-2024-41650
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to …

Dec 6, 2024
CVE-2024-41649
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to …

Dec 6, 2024
CVE-2024-41648
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to …

Dec 6, 2024
CVE-2024-41647
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to …

Dec 6, 2024
CVE-2024-41646
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to …

Dec 6, 2024
CVE-2024-41645
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to …

Dec 6, 2024
CVE-2024-41644
9.8 CRITICAL

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.

Dec 6, 2024
CVE-2024-38927
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered …

Dec 6, 2024
CVE-2024-38926
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered …

Dec 6, 2024
CVE-2024-38925
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered …

Dec 6, 2024
CVE-2024-38924
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered …

Dec 6, 2024
CVE-2024-38923
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered …

Dec 6, 2024
CVE-2024-38922
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is …

Dec 6, 2024
CVE-2024-38921
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered …

Dec 6, 2024
CVE-2024-52324
9.8 CRITICAL

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious …

Dec 6, 2024
CVE-2024-48874
9.8 CRITICAL

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request …

Dec 6, 2024
CVE-2024-52320
9.8 CRITICAL

The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote …

Dec 6, 2024
CVE-2024-48871
9.8 CRITICAL

The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly …

Dec 6, 2024
CVE-2024-47547
9.4 CRITICAL

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication …

Dec 6, 2024
CVE-2024-50393
9.8 CRITICAL

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary …

Dec 6, 2024
CVE-2024-50389
9.8 CRITICAL

A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already …

Dec 6, 2024
CVE-2024-50388
9.8 CRITICAL

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute …

Dec 6, 2024
CVE-2024-50387
9.8 CRITICAL

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious …

Dec 6, 2024
CVE-2024-48863
9.8 CRITICAL

A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have …

Dec 6, 2024
CVE-2024-48859
9.1 CRITICAL

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the …

Dec 6, 2024
CVE-2024-54750
9.8 CRITICAL

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view …

Dec 6, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.