CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-8512
9.1 CRITICAL

The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the …

Oct 30, 2024
CVE-2024-50511
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects …

Oct 30, 2024
CVE-2024-50510
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects …

Oct 30, 2024
CVE-2024-50507
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3.

Oct 30, 2024
CVE-2024-50503
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= …

Oct 30, 2024
CVE-2024-51568
10.0 CRITICAL

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code …

Oct 29, 2024
CVE-2024-51567
10.0 CRITICAL KEV

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware …

Oct 29, 2024
CVE-2024-51378
10.0 CRITICAL KEV

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or …

Oct 29, 2024
CVE-2024-48573
9.8 CRITICAL

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature.

Oct 29, 2024
CVE-2024-48138
9.8 CRITICAL

A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted …

Oct 29, 2024
CVE-2024-44081
9.8 CRITICAL

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an …

Oct 29, 2024
CVE-2024-48206
9.8 CRITICAL

A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.

Oct 29, 2024
CVE-2024-48063
9.8 CRITICAL

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

Oct 29, 2024
CVE-2024-9989
9.8 CRITICAL

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method …

Oct 29, 2024
CVE-2024-9988
9.8 CRITICAL

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the …

Oct 29, 2024
CVE-2024-8923
9.8 CRITICAL

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code …

Oct 29, 2024
CVE-2024-49768
9.1 CRITICAL

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults …

Oct 29, 2024
CVE-2024-8309
9.8 CRITICAL

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, …

Oct 29, 2024
CVE-2024-7774
9.1 CRITICAL

A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite …

Oct 29, 2024
CVE-2024-7475
9.1 CRITICAL

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation …

Oct 29, 2024
CVE-2024-7042
9.8 CRITICAL

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This …

Oct 29, 2024
CVE-2024-6868
9.8 CRITICAL

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., …

Oct 29, 2024
CVE-2024-6581
9.0 CRITICAL

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering …

Oct 29, 2024
CVE-2024-5982
9.8 CRITICAL

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory …

Oct 29, 2024
CVE-2024-5823
9.1 CRITICAL

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within …

Oct 29, 2024
CVE-2024-50490
9.8 CRITICAL

Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2.

Oct 29, 2024
CVE-2024-50485
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.

Oct 29, 2024
CVE-2024-50476
9.8 CRITICAL

Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1.

Oct 29, 2024
CVE-2024-50475
9.8 CRITICAL

Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0.

Oct 29, 2024
CVE-2024-50473
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue …

Oct 29, 2024
CVE-2024-50427
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136.

Oct 29, 2024
CVE-2024-50420
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from …

Oct 29, 2024
CVE-2024-50494
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web …

Oct 29, 2024
CVE-2024-50493
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic …

Oct 29, 2024
CVE-2024-50484
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This …

Oct 29, 2024
CVE-2024-50482
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue …

Oct 29, 2024
CVE-2024-50480
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue …

Oct 29, 2024
CVE-2024-45656
9.8 CRITICAL

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which …

Oct 29, 2024
CVE-2024-44217
9.1 CRITICAL

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill …

Oct 28, 2024
CVE-2024-50496
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects …

Oct 28, 2024
CVE-2024-50495
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin …

Oct 28, 2024
CVE-2024-48356
9.8 CRITICAL

LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.

Oct 28, 2024
CVE-2024-40867
9.6 CRITICAL

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker …

Oct 28, 2024
CVE-2024-48465
9.8 CRITICAL

The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter

Oct 28, 2024
CVE-2024-48357
9.8 CRITICAL

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.

Oct 28, 2024
CVE-2024-39205
9.8 CRITICAL

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

Oct 28, 2024
CVE-2024-50491
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: …

Oct 28, 2024
CVE-2024-50483
9.8 CRITICAL

Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.

Oct 28, 2024
CVE-2024-50479
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects …

Oct 28, 2024
CVE-2024-50478
9.8 CRITICAL

Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.

Oct 28, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.