CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-43091
9.8 CRITICAL

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with …

Nov 13, 2024
CVE-2024-52300
9.0 CRITICAL

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for …

Nov 13, 2024
CVE-2024-52295
9.8 CRITICAL

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret …

Nov 13, 2024
CVE-2024-48510
9.8 CRITICAL

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects …

Nov 13, 2024
CVE-2022-45157
9.1 CRITICAL

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy …

Nov 13, 2024
CVE-2024-11028
9.8 CRITICAL

The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, …

Nov 13, 2024
CVE-2024-11150
9.8 CRITICAL

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in …

Nov 13, 2024
CVE-2024-10575
9.8 CRITICAL

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

Nov 13, 2024
CVE-2024-10820
9.8 CRITICAL

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all …

Nov 13, 2024
CVE-2024-39712
9.1 CRITICAL

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin …

Nov 13, 2024
CVE-2024-39711
9.1 CRITICAL

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin …

Nov 13, 2024
CVE-2024-39710
9.1 CRITICAL

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin …

Nov 13, 2024
CVE-2024-38656
9.1 CRITICAL

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin …

Nov 13, 2024
CVE-2024-28729
9.8 CRITICAL

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary …

Nov 12, 2024
CVE-2023-52268
9.1 CRITICAL

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent …

Nov 12, 2024
CVE-2024-43639
9.8 CRITICAL

Windows KDC Proxy Remote Code Execution Vulnerability

Nov 12, 2024
CVE-2024-43602
9.9 CRITICAL

Azure CycleCloud Remote Code Execution Vulnerability

Nov 12, 2024
CVE-2024-43498
9.8 CRITICAL

.NET and Visual Studio Remote Code Execution Vulnerability

Nov 12, 2024
CVE-2024-49369
9.8 CRITICAL

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate …

Nov 12, 2024
CVE-2024-11006
9.1 CRITICAL

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows …

Nov 12, 2024
CVE-2024-11005
9.1 CRITICAL

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows …

Nov 12, 2024
CVE-2024-10943
9.1 CRITICAL

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to …

Nov 12, 2024
CVE-2024-52297
9.8 CRITICAL

Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in …

Nov 12, 2024
CVE-2024-50330
9.8 CRITICAL

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote …

Nov 12, 2024
CVE-2024-43415
9.0 CRITICAL

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated …

Nov 12, 2024
CVE-2024-11007
9.1 CRITICAL

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows …

Nov 12, 2024
CVE-2024-46890
9.1 CRITICAL

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to …

Nov 12, 2024
CVE-2024-46888
9.9 CRITICAL

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths …

Nov 12, 2024
CVE-2024-44102
10.0 CRITICAL

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server …

Nov 12, 2024
CVE-2024-10245
9.8 CRITICAL

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and …

Nov 12, 2024
CVE-2024-52533
9.8 CRITICAL

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

Nov 11, 2024
CVE-2024-50636
9.8 CRITICAL

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft …

Nov 11, 2024
CVE-2024-25255
9.8 CRITICAL

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is …

Nov 11, 2024
CVE-2024-25254
9.8 CRITICAL

SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.

Nov 11, 2024
CVE-2024-46962
9.1 CRITICAL

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.

Nov 11, 2024
CVE-2024-44546
9.8 CRITICAL

Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.

Nov 11, 2024
CVE-2024-51748
9.1 CRITICAL

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination …

Nov 11, 2024
CVE-2024-51747
9.1 CRITICAL

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File …

Nov 11, 2024
CVE-2024-36061
9.8 CRITICAL

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping …

Nov 11, 2024
CVE-2024-51135
9.8 CRITICAL

An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying …

Nov 11, 2024
CVE-2024-50667
9.8 CRITICAL

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address …

Nov 11, 2024
CVE-2024-50989
9.8 CRITICAL

A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " …

Nov 11, 2024
CVE-2024-11068
9.8 CRITICAL

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, …

Nov 11, 2024
CVE-2024-11020
9.8 CRITICAL

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database …

Nov 11, 2024
CVE-2024-11018
9.8 CRITICAL

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to …

Nov 11, 2024
CVE-2024-11016
9.8 CRITICAL

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database …

Nov 11, 2024
CVE-2024-51793
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: …

Nov 11, 2024
CVE-2024-51792
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.This issue …

Nov 11, 2024
CVE-2024-51791
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: …

Nov 11, 2024
CVE-2024-51790
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.This issue …

Nov 11, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.