9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker …
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced …
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php.
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.
Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method …
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. …
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without …
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to …
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication …
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, …
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from …
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent …
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution …
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger …
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build …
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift …
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the …
This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break …
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out …
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of …
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, …
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: …
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they …
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to …
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote …
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability …
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability …
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is …
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function …
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload …
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
Free website and port scanning — find vulnerabilities before attackers do.