CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-47088
9.8 CRITICAL

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker …

Sep 19, 2024
CVE-2024-46946
9.8 CRITICAL

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced …

Sep 19, 2024
CVE-2024-46377
9.8 CRITICAL

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.

Sep 18, 2024
CVE-2024-46376
9.8 CRITICAL

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php.

Sep 18, 2024
CVE-2024-46375
9.8 CRITICAL

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.

Sep 18, 2024
CVE-2024-46374
9.8 CRITICAL

Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.

Sep 18, 2024
CVE-2024-40568
9.8 CRITICAL

Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component

Sep 18, 2024
CVE-2024-46986
9.9 CRITICAL

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method …

Sep 18, 2024
CVE-2024-45523
9.1 CRITICAL

An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. …

Sep 18, 2024
CVE-2024-34399
9.8 CRITICAL

**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without …

Sep 18, 2024
CVE-2024-5960
9.8 CRITICAL

Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.

Sep 18, 2024
CVE-2024-44542
9.8 CRITICAL

SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.

Sep 18, 2024
CVE-2024-35515
9.8 CRITICAL

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.

Sep 18, 2024
CVE-2024-34026
9.0 CRITICAL

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to …

Sep 18, 2024
CVE-2024-8889
9.3 CRITICAL

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication …

Sep 18, 2024
CVE-2024-8888
10.0 CRITICAL

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, …

Sep 18, 2024
CVE-2024-8887
10.0 CRITICAL

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web …

Sep 18, 2024
CVE-2024-44004
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue …

Sep 17, 2024
CVE-2024-43978
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from …

Sep 17, 2024
CVE-2024-43976
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from …

Sep 17, 2024
CVE-2024-8956
9.1 CRITICAL KEV

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent …

Sep 17, 2024
CVE-2024-45798
9.9 CRITICAL

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution …

Sep 17, 2024
CVE-2024-38183
9.8 CRITICAL

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.

Sep 17, 2024
CVE-2024-38812
9.8 CRITICAL KEV

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger …

Sep 17, 2024
CVE-2024-8767
9.9 CRITICAL

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build …

Sep 17, 2024
CVE-2024-7387
9.1 CRITICAL

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift …

Sep 17, 2024
CVE-2024-45496
9.9 CRITICAL

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the …

Sep 17, 2024
CVE-2024-44148
10.0 CRITICAL

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break …

Sep 17, 2024
CVE-2024-44146
10.0 CRITICAL

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out …

Sep 17, 2024
CVE-2024-45415
9.8 CRITICAL

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of …

Sep 16, 2024
CVE-2024-45414
9.8 CRITICAL

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, …

Sep 16, 2024
CVE-2024-44623
9.8 CRITICAL

An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.

Sep 16, 2024
CVE-2024-7104
9.8 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.

Sep 16, 2024
CVE-2024-7098
9.8 CRITICAL

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.

Sep 16, 2024
CVE-2024-6401
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: …

Sep 16, 2024
CVE-2024-46419
9.8 CRITICAL

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

Sep 16, 2024
CVE-2024-46451
9.8 CRITICAL

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

Sep 16, 2024
CVE-2024-22399
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they …

Sep 16, 2024
CVE-2024-45698
9.8 CRITICAL

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to …

Sep 16, 2024
CVE-2024-45697
9.8 CRITICAL

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote …

Sep 16, 2024
CVE-2024-45695
9.8 CRITICAL

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability …

Sep 16, 2024
CVE-2024-45694
9.8 CRITICAL

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability …

Sep 16, 2024
CVE-2024-46958
9.1 CRITICAL

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is …

Sep 16, 2024
CVE-2024-8669
9.1 CRITICAL

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function …

Sep 14, 2024
CVE-2024-8039
9.8 CRITICAL

Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.

Sep 14, 2024
CVE-2024-44430
9.8 CRITICAL

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload …

Sep 13, 2024
CVE-2024-46049
9.8 CRITICAL

Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.

Sep 13, 2024
CVE-2024-46048
9.8 CRITICAL

Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i

Sep 13, 2024
CVE-2024-46046
9.8 CRITICAL

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.

Sep 13, 2024
CVE-2024-46045
9.8 CRITICAL

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.

Sep 13, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.