CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-52439
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters team-rosters allows Object Injection.This issue affects Team Rosters: from n/a through <= 4.8.2.

Nov 20, 2024
CVE-2024-10127
9.8 CRITICAL

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when …

Nov 20, 2024
CVE-2018-9467
9.8 CRITICAL

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional …

Nov 20, 2024
CVE-2024-52759
9.8 CRITICAL

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.

Nov 19, 2024
CVE-2024-52714
9.8 CRITICAL

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.

Nov 19, 2024
CVE-2024-48694
9.8 CRITICAL

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component.

Nov 19, 2024
CVE-2024-48072
9.8 CRITICAL

Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expression=%3d&fieldValue=1.

Nov 19, 2024
CVE-2024-48070
9.8 CRITICAL

An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges

Nov 19, 2024
CVE-2024-48069
9.8 CRITICAL

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

Nov 19, 2024
CVE-2024-42450
10.0 CRITICAL

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The …

Nov 19, 2024
CVE-2024-52402
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content …

Nov 19, 2024
CVE-2024-52401
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from …

Nov 19, 2024
CVE-2024-52675
9.8 CRITICAL

SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php.

Nov 19, 2024
CVE-2024-51051
9.8 CRITICAL

AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.

Nov 18, 2024
CVE-2024-51053
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.

Nov 18, 2024
CVE-2024-50919
9.8 CRITICAL

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary …

Nov 18, 2024
CVE-2024-47533
9.8 CRITICAL

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior …

Nov 18, 2024
CVE-2024-44756
9.8 CRITICAL

NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.

Nov 18, 2024
CVE-2024-0012
9.8 CRITICAL KEV

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator …

Nov 18, 2024
CVE-2024-52434
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.

Nov 18, 2024
CVE-2024-52433
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through …

Nov 18, 2024
CVE-2024-52432
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through <= …

Nov 18, 2024
CVE-2024-52431
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL …

Nov 18, 2024
CVE-2024-52430
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through <= 0.2.1.

Nov 18, 2024
CVE-2024-52429
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects …

Nov 18, 2024
CVE-2024-52427
9.9 CRITICAL

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket …

Nov 18, 2024
CVE-2024-52316
9.8 CRITICAL

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an …

Nov 18, 2024
CVE-2024-47208
9.8 CRITICAL

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are …

Nov 18, 2024
CVE-2024-11315
9.8 CRITICAL

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload …

Nov 18, 2024
CVE-2024-11314
9.8 CRITICAL

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload …

Nov 18, 2024
CVE-2024-11313
9.8 CRITICAL

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload …

Nov 18, 2024
CVE-2024-11312
9.8 CRITICAL

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload …

Nov 18, 2024
CVE-2024-11311
9.8 CRITICAL

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload …

Nov 18, 2024
CVE-2015-20111
9.8 CRITICAL

miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and …

Nov 18, 2024
CVE-2023-43091
9.8 CRITICAL

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is …

Nov 17, 2024
CVE-2024-52397
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects …

Nov 16, 2024
CVE-2024-52416
10.0 CRITICAL

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through …

Nov 16, 2024
CVE-2024-52414
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through …

Nov 16, 2024
CVE-2024-52413
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1.

Nov 16, 2024
CVE-2024-52412
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.

Nov 16, 2024
CVE-2024-52411
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue affects Advanced Personalization: from n/a through <= 1.1.2.

Nov 16, 2024
CVE-2024-52410
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue affects Referrer Detector: from n/a through <= 4.2.1.0.

Nov 16, 2024
CVE-2024-52409
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through <= 0.3.3.

Nov 16, 2024
CVE-2024-52408
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web …

Nov 16, 2024
CVE-2024-52407
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects …

Nov 16, 2024
CVE-2024-52406
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects …

Nov 16, 2024
CVE-2024-52405
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner …

Nov 16, 2024
CVE-2024-52404
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3.

Nov 16, 2024
CVE-2024-52403
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects …

Nov 16, 2024
CVE-2024-52400
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: …

Nov 16, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.