CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-52399
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects …

Nov 16, 2024
CVE-2024-52398
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3.

Nov 16, 2024
CVE-2024-8856
9.8 CRITICAL

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the …

Nov 16, 2024
CVE-2024-11263
9.3 CRITICAL

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which …

Nov 15, 2024
CVE-2024-44758
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.

Nov 15, 2024
CVE-2024-10934
9.8 CRITICAL

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not …

Nov 15, 2024
CVE-2024-45971
9.8 CRITICAL

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via …

Nov 15, 2024
CVE-2024-45970
9.8 CRITICAL

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via …

Nov 15, 2024
CVE-2024-51164
9.1 CRITICAL

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an …

Nov 15, 2024
CVE-2024-50724
9.8 CRITICAL

KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.

Nov 15, 2024
CVE-2024-50649
9.8 CRITICAL

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.

Nov 15, 2024
CVE-2024-50648
9.8 CRITICAL

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.

Nov 15, 2024
CVE-2023-20036
9.9 CRITICAL

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying …

Nov 15, 2024
CVE-2023-20154
9.1 CRITICAL

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. …

Nov 15, 2024
CVE-2024-10534
9.8 CRITICAL

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance …

Nov 15, 2024
CVE-2024-10443
9.8 CRITICAL

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 …

Nov 15, 2024
CVE-2022-1884
9.8 CRITICAL

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the …

Nov 15, 2024
CVE-2021-3902
9.8 CRITICAL

An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all …

Nov 15, 2024
CVE-2021-3838
9.8 CRITICAL

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. …

Nov 15, 2024
CVE-2024-10924
9.8 CRITICAL

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due …

Nov 15, 2024
CVE-2024-11120
9.8 CRITICAL KEV

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on …

Nov 15, 2024
CVE-2024-48974
9.3 CRITICAL

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to …

Nov 14, 2024
CVE-2024-48973
9.3 CRITICAL

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug …

Nov 14, 2024
CVE-2024-48971
9.3 CRITICAL

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password …

Nov 14, 2024
CVE-2024-48970
9.3 CRITICAL

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf …

Nov 14, 2024
CVE-2024-48967
10.0 CRITICAL

The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with …

Nov 14, 2024
CVE-2024-48966
10.0 CRITICAL

The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service …

Nov 14, 2024
CVE-2024-31695
9.8 CRITICAL

A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint.

Nov 14, 2024
CVE-2024-9834
9.3 CRITICAL

Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or …

Nov 14, 2024
CVE-2024-9832
9.3 CRITICAL

There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could …

Nov 14, 2024
CVE-2024-52370
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects …

Nov 14, 2024
CVE-2024-52369
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: …

Nov 14, 2024
CVE-2024-52393
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.

Nov 14, 2024
CVE-2024-52384
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web …

Nov 14, 2024
CVE-2024-52382
9.8 CRITICAL

Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0.

Nov 14, 2024
CVE-2024-52380
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from …

Nov 14, 2024
CVE-2024-52379
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects …

Nov 14, 2024
CVE-2024-52377
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects …

Nov 14, 2024
CVE-2024-52376
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This …

Nov 14, 2024
CVE-2024-52375
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from …

Nov 14, 2024
CVE-2024-52374
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects …

Nov 14, 2024
CVE-2024-52373
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.This issue affects …

Nov 14, 2024
CVE-2024-52372
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue …

Nov 14, 2024
CVE-2024-50823
9.8 CRITICAL

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

Nov 14, 2024
CVE-2024-4343
9.8 CRITICAL

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The …

Nov 14, 2024
CVE-2024-50833
9.8 CRITICAL

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.

Nov 14, 2024
CVE-2024-37285
9.1 CRITICAL

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful …

Nov 14, 2024
CVE-2024-10571
9.8 CRITICAL

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the …

Nov 14, 2024
CVE-2024-50306
9.1 CRITICAL

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 …

Nov 14, 2024
CVE-2024-40404
9.8 CRITICAL

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.

Nov 13, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.