CVE Database

9279+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-50375
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= …

Nov 26, 2024
CVE-2024-50374
9.8 CRITICAL

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G …

Nov 26, 2024
CVE-2024-50373
9.8 CRITICAL

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G …

Nov 26, 2024
CVE-2024-50372
9.8 CRITICAL

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G …

Nov 26, 2024
CVE-2024-50371
9.8 CRITICAL

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G …

Nov 26, 2024
CVE-2024-50370
9.8 CRITICAL

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G …

Nov 26, 2024
CVE-2024-11024
9.8 CRITICAL

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. …

Nov 26, 2024
CVE-2024-11680
9.8 CRITICAL KEV

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to …

Nov 26, 2024
CVE-2018-11922
9.8 CRITICAL

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Nov 26, 2024
CVE-2017-17772
9.8 CRITICAL

In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

Nov 26, 2024
CVE-2017-11076
9.8 CRITICAL

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an …

Nov 26, 2024
CVE-2024-36248
9.1 CRITICAL

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer …

Nov 26, 2024
CVE-2024-35244
9.1 CRITICAL

There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), …

Nov 26, 2024
CVE-2024-33610
9.1 CRITICAL

"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As …

Nov 26, 2024
CVE-2024-28038
9.0 CRITICAL

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string …

Nov 26, 2024
CVE-2024-10542
9.8 CRITICAL

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS …

Nov 26, 2024
CVE-2024-50672
9.8 CRITICAL

A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset …

Nov 25, 2024
CVE-2024-52787
9.1 CRITICAL

An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.

Nov 25, 2024
CVE-2024-11403
9.8 CRITICAL

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing …

Nov 25, 2024
CVE-2024-11666
9.0 CRITICAL

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since …

Nov 24, 2024
CVE-2024-53915
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-53914
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-53913
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-53912
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-53911
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-53910
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-53909
9.8 CRITICAL

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, …

Nov 24, 2024
CVE-2024-11236
9.8 CRITICAL

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an …

Nov 24, 2024
CVE-2024-9942
9.8 CRITICAL

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() …

Nov 23, 2024
CVE-2024-9659
9.8 CRITICAL

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function …

Nov 23, 2024
CVE-2024-9511
9.8 CRITICAL

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object …

Nov 23, 2024
CVE-2024-10961
9.8 CRITICAL

The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification …

Nov 23, 2024
CVE-2024-0138
9.8 CRITICAL

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial …

Nov 23, 2024
CVE-2024-52034
10.0 CRITICAL

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary …

Nov 22, 2024
CVE-2024-47407
10.0 CRITICAL

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary …

Nov 22, 2024
CVE-2024-47138
9.8 CRITICAL

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.

Nov 22, 2024
CVE-2024-8807
9.8 CRITICAL

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. …

Nov 22, 2024
CVE-2024-8806
9.8 CRITICAL

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. …

Nov 22, 2024
CVE-2024-5716
9.8 CRITICAL

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is …

Nov 22, 2024
CVE-2023-51639
9.8 CRITICAL

Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to …

Nov 22, 2024
CVE-2023-51638
9.8 CRITICAL

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit …

Nov 22, 2024
CVE-2024-37782
9.8 CRITICAL

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted …

Nov 22, 2024
CVE-2024-53438
9.8 CRITICAL

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into …

Nov 22, 2024
CVE-2024-52723
9.8 CRITICAL

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution …

Nov 22, 2024
CVE-2024-48862
9.8 CRITICAL

A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to …

Nov 22, 2024
CVE-2024-48860
9.8 CRITICAL

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We …

Nov 22, 2024
CVE-2024-38643
9.8 CRITICAL

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain …

Nov 22, 2024
CVE-2024-41779
9.8 CRITICAL

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. …

Nov 22, 2024
CVE-2024-8932
9.8 CRITICAL

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an …

Nov 22, 2024
CVE-2024-52053
9.6 CRITICAL

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard …

Nov 21, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.