CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-46483
9.8 CRITICAL

Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow …

Oct 22, 2024
CVE-2024-44812
9.8 CRITICAL

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.

Oct 22, 2024
CVE-2024-43698
9.8 CRITICAL

Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.

Oct 22, 2024
CVE-2024-41717
9.8 CRITICAL

Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.

Oct 22, 2024
CVE-2024-40494
9.8 CRITICAL

Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted …

Oct 22, 2024
CVE-2024-40493
9.8 CRITICAL

Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code …

Oct 22, 2024
CVE-2024-26519
9.0 CRITICAL

An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi …

Oct 22, 2024
CVE-2024-48904
9.8 CRITICAL

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is …

Oct 22, 2024
CVE-2024-8980
9.6 CRITICAL

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, …

Oct 22, 2024
CVE-2024-38002
9.0 CRITICAL

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 …

Oct 22, 2024
CVE-2024-41713
9.1 CRITICAL KEV

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a …

Oct 21, 2024
CVE-2024-40089
9.1 CRITICAL

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into …

Oct 21, 2024
CVE-2024-40087
9.6 CRITICAL

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, …

Oct 21, 2024
CVE-2024-40086
9.6 CRITICAL

A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via …

Oct 21, 2024
CVE-2024-40085
9.6 CRITICAL

A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via …

Oct 21, 2024
CVE-2024-40084
9.6 CRITICAL

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally …

Oct 21, 2024
CVE-2024-40083
9.6 CRITICAL

A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via …

Oct 21, 2024
CVE-2024-35314
9.8 CRITICAL

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker …

Oct 21, 2024
CVE-2024-35286
9.8 CRITICAL

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization …

Oct 21, 2024
CVE-2024-35285
9.8 CRITICAL

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter …

Oct 21, 2024
CVE-2024-48659
9.8 CRITICAL

An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.

Oct 21, 2024
CVE-2024-48509
9.8 CRITICAL

Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate …

Oct 21, 2024
CVE-2024-47223
9.4 CRITICAL

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to …

Oct 21, 2024
CVE-2024-49368
9.8 CRITICAL

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify …

Oct 21, 2024
CVE-2024-47685
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four …

Oct 21, 2024
CVE-2024-43689
9.8 CRITICAL

Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.

Oct 21, 2024
CVE-2024-44000
9.8 CRITICAL

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.

Oct 20, 2024
CVE-2024-49625
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through <= 1.0.

Oct 20, 2024
CVE-2024-49624
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1.

Oct 20, 2024
CVE-2024-49610
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in photokiteditor photokit photokit allows Upload a Web Shell to a Web Server.This issue affects photokit: from …

Oct 20, 2024
CVE-2024-49607
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects …

Oct 20, 2024
CVE-2024-49332
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through <= 2.1.4.

Oct 20, 2024
CVE-2024-49331
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System plms allows Upload a Web Shell to a Web Server.This …

Oct 20, 2024
CVE-2024-49330
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice …

Oct 20, 2024
CVE-2024-49329
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue …

Oct 20, 2024
CVE-2024-49327
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram …

Oct 20, 2024
CVE-2024-49326
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: …

Oct 20, 2024
CVE-2024-49324
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects …

Oct 20, 2024
CVE-2024-49626
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through <= 1.2.

Oct 20, 2024
CVE-2024-49611
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects …

Oct 20, 2024
CVE-2024-49604
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a …

Oct 20, 2024
CVE-2024-49328
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: …

Oct 20, 2024
CVE-2024-49286
9.6 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen Berkvens SSV Events ssv-events allows PHP Local File Inclusion.This issue affects …

Oct 20, 2024
CVE-2024-45944
9.8 CRITICAL

In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution.

Oct 18, 2024
CVE-2024-9537
9.8 CRITICAL KEV

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions …

Oct 18, 2024
CVE-2024-47485
9.8 CRITICAL

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in …

Oct 18, 2024
CVE-2024-10119
9.8 CRITICAL

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted …

Oct 18, 2024
CVE-2024-9264
9.9 CRITICAL

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed …

Oct 18, 2024
CVE-2024-10118
9.8 CRITICAL

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system …

Oct 18, 2024
CVE-2023-26785
9.8 CRITICAL

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" …

Oct 17, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.