CVE Database

9279+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-54747
9.8 CRITICAL

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Dec 6, 2024
CVE-2024-54745
9.8 CRITICAL

WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Dec 6, 2024
CVE-2024-54136
9.8 CRITICAL

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists …

Dec 6, 2024
CVE-2024-54135
9.8 CRITICAL

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability …

Dec 6, 2024
CVE-2024-54214
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from …

Dec 6, 2024
CVE-2024-53810
9.1 CRITICAL

Missing Authorization vulnerability in N-Media Simple User Registration wp-registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through …

Dec 6, 2024
CVE-2024-52335
9.8 CRITICAL

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to …

Dec 6, 2024
CVE-2024-51815
9.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114.

Dec 6, 2024
CVE-2024-51615
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects …

Dec 6, 2024
CVE-2024-10773
9.0 CRITICAL

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with …

Dec 6, 2024
CVE-2024-53908
9.8 CRITICAL

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle …

Dec 6, 2024
CVE-2024-12155
9.8 CRITICAL

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check …

Dec 6, 2024
CVE-2024-38920
9.1 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd …

Dec 5, 2024
CVE-2024-37863
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is …

Dec 5, 2024
CVE-2024-37861
9.8 CRITICAL

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is …

Dec 5, 2024
CVE-2018-9388
9.8 CRITICAL

In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation …

Dec 5, 2024
CVE-2024-53442
9.8 CRITICAL

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.

Dec 5, 2024
CVE-2024-41579
9.8 CRITICAL

DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability

Dec 5, 2024
CVE-2023-50913
9.1 CRITICAL

Oxide control plane software before 5 allows SSRF.

Dec 5, 2024
CVE-2023-48010
9.8 CRITICAL

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System …

Dec 5, 2024
CVE-2024-6784
9.9 CRITICAL

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; …

Dec 5, 2024
CVE-2024-6516
9.0 CRITICAL

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise …

Dec 5, 2024
CVE-2024-6515
9.6 CRITICAL

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT …

Dec 5, 2024
CVE-2024-51555
10.0 CRITICAL

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default …

Dec 5, 2024
CVE-2024-51554
9.1 CRITICAL

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS …

Dec 5, 2024
CVE-2024-51551
10.0 CRITICAL

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS …

Dec 5, 2024
CVE-2024-51550
10.0 CRITICAL

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - …

Dec 5, 2024
CVE-2024-51549
10.0 CRITICAL

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Dec 5, 2024
CVE-2024-51548
9.9 CRITICAL

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Dec 5, 2024
CVE-2024-51545
10.0 CRITICAL

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; …

Dec 5, 2024
CVE-2024-48845
9.4 CRITICAL

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB …

Dec 5, 2024
CVE-2024-48840
10.0 CRITICAL

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Dec 5, 2024
CVE-2024-48839
10.0 CRITICAL

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Dec 5, 2024
CVE-2024-11317
10.0 CRITICAL

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: …

Dec 5, 2024
CVE-2024-54221
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.This issue affects FAT Services Booking: from …

Dec 5, 2024
CVE-2024-48453
9.8 CRITICAL

An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function

Dec 4, 2024
CVE-2024-40744
9.8 CRITICAL

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.

Dec 4, 2024
CVE-2024-52275
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.

Dec 4, 2024
CVE-2024-52274
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Dec 4, 2024
CVE-2024-52273
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Dec 4, 2024
CVE-2024-52272
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Dec 4, 2024
CVE-2024-54661
9.8 CRITICAL

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.

Dec 4, 2024
CVE-2024-51363
9.8 CRITICAL

Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.

Dec 3, 2024
CVE-2024-52544
9.8 CRITICAL

An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version …

Dec 3, 2024
CVE-2024-53863
9.1 CRITICAL

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding …

Dec 3, 2024
CVE-2018-9430
9.8 CRITICAL

In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution …

Dec 2, 2024
CVE-2018-9418
9.8 CRITICAL

In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with …

Dec 2, 2024
CVE-2024-53477
9.8 CRITICAL

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

Dec 2, 2024
CVE-2024-53900
9.1 CRITICAL

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.

Dec 2, 2024
CVE-2024-52724
9.8 CRITICAL

ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.

Dec 2, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.