CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-50498
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from …

Oct 28, 2024
CVE-2024-50489
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through <= …

Oct 28, 2024
CVE-2024-50487
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo MaanStore API maanstore-api allows Authentication Bypass.This issue affects MaanStore API: from n/a through <= …

Oct 28, 2024
CVE-2024-50486
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a …

Oct 28, 2024
CVE-2024-50477
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: …

Oct 28, 2024
CVE-2024-38821
9.1 CRITICAL

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all …

Oct 28, 2024
CVE-2024-10440
9.8 CRITICAL

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database …

Oct 28, 2024
CVE-2024-50623
9.8 CRITICAL KEV

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote …

Oct 28, 2024
CVE-2024-9501
9.8 CRITICAL

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This …

Oct 26, 2024
CVE-2024-9933
9.8 CRITICAL

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value …

Oct 26, 2024
CVE-2024-9932
9.8 CRITICAL

The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions …

Oct 26, 2024
CVE-2024-9931
9.8 CRITICAL

The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation …

Oct 26, 2024
CVE-2024-9930
9.8 CRITICAL

The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing …

Oct 26, 2024
CVE-2024-47821
9.1 CRITICAL

pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download …

Oct 25, 2024
CVE-2024-48237
9.8 CRITICAL

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

Oct 25, 2024
CVE-2024-10386
9.8 CRITICAL

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to …

Oct 25, 2024
CVE-2024-48581
9.8 CRITICAL

File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.

Oct 25, 2024
CVE-2024-48580
9.8 CRITICAL

SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the …

Oct 25, 2024
CVE-2024-48579
9.8 CRITICAL

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter …

Oct 25, 2024
CVE-2024-48204
9.8 CRITICAL

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.

Oct 25, 2024
CVE-2022-30355
9.8 CRITICAL

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is …

Oct 25, 2024
CVE-2024-48428
9.8 CRITICAL

An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.

Oct 25, 2024
CVE-2024-10381
9.8 CRITICAL

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker …

Oct 25, 2024
CVE-2024-47406
9.1 CRITICAL

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.

Oct 25, 2024
CVE-2024-9488
9.8 CRITICAL

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient …

Oct 25, 2024
CVE-2024-41618
9.8 CRITICAL

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input …

Oct 24, 2024
CVE-2024-41617
9.8 CRITICAL

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated …

Oct 24, 2024
CVE-2024-7763
9.8 CRITICAL

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.

Oct 24, 2024
CVE-2024-47883
9.1 CRITICAL

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to …

Oct 24, 2024
CVE-2024-48145
9.1 CRITICAL

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat …

Oct 24, 2024
CVE-2024-48144
9.1 CRITICAL

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous …

Oct 24, 2024
CVE-2024-48143
9.1 CRITICAL

A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering …

Oct 24, 2024
CVE-2024-48514
9.8 CRITICAL

php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the …

Oct 24, 2024
CVE-2024-46478
9.8 CRITICAL

HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

Oct 24, 2024
CVE-2024-48548
9.3 CRITICAL

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows …

Oct 24, 2024
CVE-2024-48539
9.8 CRITICAL

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

Oct 24, 2024
CVE-2024-44206
9.3 CRITICAL

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, …

Oct 24, 2024
CVE-2024-48538
9.8 CRITICAL

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data …

Oct 24, 2024
CVE-2024-49681
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This …

Oct 24, 2024
CVE-2024-20424
9.9 CRITICAL

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote …

Oct 23, 2024
CVE-2024-20412
9.3 CRITICAL

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to …

Oct 23, 2024
CVE-2024-20329
9.9 CRITICAL

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as …

Oct 23, 2024
CVE-2024-49671
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows …

Oct 23, 2024
CVE-2024-49669
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue …

Oct 23, 2024
CVE-2024-49668
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize …

Oct 23, 2024
CVE-2024-49658
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue …

Oct 23, 2024
CVE-2024-49653
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from …

Oct 23, 2024
CVE-2024-49652
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This …

Oct 23, 2024
CVE-2024-47901
10.0 CRITICAL

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if …

Oct 23, 2024
CVE-2024-47575
9.8 CRITICAL KEV

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, …

Oct 23, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.