CVE Database

9279+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-8785
9.8 CRITICAL

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path …

Dec 2, 2024
CVE-2024-52732
9.1 CRITICAL

Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.

Dec 2, 2024
CVE-2024-46909
9.8 CRITICAL

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.

Dec 2, 2024
CVE-2024-10905
10.0 CRITICAL

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 …

Dec 2, 2024
CVE-2024-52476
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects …

Dec 2, 2024
CVE-2024-53507
9.8 CRITICAL

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.

Nov 29, 2024
CVE-2024-53506
9.8 CRITICAL

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.

Nov 29, 2024
CVE-2024-53505
9.8 CRITICAL

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.

Nov 29, 2024
CVE-2024-53504
9.8 CRITICAL

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

Nov 29, 2024
CVE-2024-35368
9.8 CRITICAL

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

Nov 29, 2024
CVE-2024-35367
9.1 CRITICAL

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

Nov 29, 2024
CVE-2024-35366
9.1 CRITICAL

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does …

Nov 29, 2024
CVE-2024-49360
9.2 CRITICAL

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read …

Nov 29, 2024
CVE-2024-36622
9.8 CRITICAL

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input …

Nov 29, 2024
CVE-2024-49806
9.4 CRITICAL

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound …

Nov 29, 2024
CVE-2024-49805
9.4 CRITICAL

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound …

Nov 29, 2024
CVE-2024-49803
9.8 CRITICAL

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially …

Nov 29, 2024
CVE-2024-52782
9.8 CRITICAL

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php.

Nov 29, 2024
CVE-2024-52781
9.8 CRITICAL

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.

Nov 29, 2024
CVE-2024-52780
9.8 CRITICAL

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php.

Nov 29, 2024
CVE-2024-52779
9.8 CRITICAL

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php.

Nov 29, 2024
CVE-2024-52778
9.8 CRITICAL

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php.

Nov 29, 2024
CVE-2024-52777
9.8 CRITICAL

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.

Nov 29, 2024
CVE-2024-48406
9.8 CRITICAL

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) …

Nov 29, 2024
CVE-2024-36671
9.8 CRITICAL

nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.

Nov 29, 2024
CVE-2024-11992
9.1 CRITICAL

Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file …

Nov 29, 2024
CVE-2024-50357
9.8 CRITICAL

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs …

Nov 29, 2024
CVE-2024-11482
9.8 CRITICAL

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root …

Nov 29, 2024
CVE-2024-11979
9.8 CRITICAL

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary …

Nov 29, 2024
CVE-2024-52338
9.8 CRITICAL

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application …

Nov 28, 2024
CVE-2024-52490
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from …

Nov 28, 2024
CVE-2024-52475
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through < 3.0.18.

Nov 28, 2024
CVE-2024-52474
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This …

Nov 28, 2024
CVE-2024-8672
9.9 CRITICAL

The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up …

Nov 28, 2024
CVE-2024-11103
9.8 CRITICAL

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due …

Nov 28, 2024
CVE-2024-11082
9.9 CRITICAL

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all …

Nov 28, 2024
CVE-2024-11925
9.8 CRITICAL

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to …

Nov 28, 2024
CVE-2024-9369
9.6 CRITICAL

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out …

Nov 27, 2024
CVE-2024-46054
9.8 CRITICAL

OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.

Nov 27, 2024
CVE-2024-53604
9.8 CRITICAL

A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via …

Nov 27, 2024
CVE-2024-42330
9.1 CRITICAL

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are …

Nov 27, 2024
CVE-2024-42327
9.9 CRITICAL

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this …

Nov 27, 2024
CVE-2024-53676
9.8 CRITICAL

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.

Nov 27, 2024
CVE-2024-50942
9.8 CRITICAL

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.

Nov 26, 2024
CVE-2024-49038
9.3 CRITICAL

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

Nov 26, 2024
CVE-2024-11145
9.8 CRITICAL

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the …

Nov 26, 2024
CVE-2024-11705
9.1 CRITICAL

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This …

Nov 26, 2024
CVE-2024-11704
9.8 CRITICAL

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, …

Nov 26, 2024
CVE-2024-11698
9.8 CRITICAL

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during …

Nov 26, 2024
CVE-2024-11693
9.8 CRITICAL

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This …

Nov 26, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.