CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-46044
9.8 CRITICAL

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.

Sep 13, 2024
CVE-2024-41874
9.8 CRITICAL

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context …

Sep 13, 2024
CVE-2024-6656
9.8 CRITICAL

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.

Sep 13, 2024
CVE-2024-7961
9.8 CRITICAL

A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could …

Sep 12, 2024
CVE-2024-7960
9.1 CRITICAL

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to …

Sep 12, 2024
CVE-2024-6678
9.9 CRITICAL

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from …

Sep 12, 2024
CVE-2024-8696
9.8 CRITICAL

A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.

Sep 12, 2024
CVE-2024-8695
9.8 CRITICAL

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

Sep 12, 2024
CVE-2024-45824
9.8 CRITICAL

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and …

Sep 12, 2024
CVE-2024-40457
9.1 CRITICAL

No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is …

Sep 12, 2024
CVE-2024-28991
9.0 CRITICAL

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user …

Sep 12, 2024
CVE-2024-45856
9.0 CRITICAL

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an …

Sep 12, 2024
CVE-2024-8529
10.0 CRITICAL

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in …

Sep 12, 2024
CVE-2024-8522
10.0 CRITICAL

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in …

Sep 12, 2024
CVE-2024-29847
9.8 CRITICAL

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to …

Sep 12, 2024
CVE-2024-44541
9.8 CRITICAL

evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."

Sep 11, 2024
CVE-2024-44466
9.8 CRITICAL

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.

Sep 11, 2024
CVE-2024-27115
9.8 CRITICAL

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files …

Sep 11, 2024
CVE-2024-27114
9.8 CRITICAL

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker …

Sep 11, 2024
CVE-2024-27113
9.8 CRITICAL

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting …

Sep 11, 2024
CVE-2024-27112
9.8 CRITICAL

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use …

Sep 11, 2024
CVE-2024-6091
9.8 CRITICAL

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to …

Sep 11, 2024
CVE-2024-45790
9.8 CRITICAL

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker …

Sep 11, 2024
CVE-2024-8277
9.8 CRITICAL

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to …

Sep 11, 2024
CVE-2024-8503
9.8 CRITICAL

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

Sep 10, 2024
CVE-2024-43040
9.1 CRITICAL

Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.

Sep 10, 2024
CVE-2024-45409
10.0 CRITICAL

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly …

Sep 10, 2024
CVE-2024-44893
9.8 CRITICAL

An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.

Sep 10, 2024
CVE-2024-43491
9.8 CRITICAL

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version …

Sep 10, 2024
CVE-2024-38220
9.0 CRITICAL

Azure Stack Hub Elevation of Privilege Vulnerability

Sep 10, 2024
CVE-2024-45593
9.0 CRITICAL

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user …

Sep 10, 2024
CVE-2024-44677
9.8 CRITICAL

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

Sep 10, 2024
CVE-2023-37234
9.8 CRITICAL

Loftware Spectrum through 4.6 has unprotected JMX Registry.

Sep 10, 2024
CVE-2023-36103
9.8 CRITICAL

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.

Sep 10, 2024
CVE-2023-37231
9.8 CRITICAL

Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.

Sep 10, 2024
CVE-2023-37227
9.8 CRITICAL

Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.

Sep 10, 2024
CVE-2023-37226
9.8 CRITICAL

Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.

Sep 10, 2024
CVE-2024-40754
9.8 CRITICAL

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

Sep 10, 2024
CVE-2024-45032
10.0 CRITICAL

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do …

Sep 10, 2024
CVE-2024-35783
9.1 CRITICAL

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server …

Sep 10, 2024
CVE-2024-33698
9.8 CRITICAL

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC …

Sep 10, 2024
CVE-2024-6596
9.8 CRITICAL

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

Sep 10, 2024
CVE-2024-6342
9.8 CRITICAL

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could …

Sep 10, 2024
CVE-2024-44411
9.8 CRITICAL

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.

Sep 9, 2024
CVE-2024-44410
9.8 CRITICAL

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.

Sep 9, 2024
CVE-2024-6795
10.0 CRITICAL

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's …

Sep 9, 2024
CVE-2024-44902
9.8 CRITICAL

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Sep 9, 2024
CVE-2024-42500
9.3 CRITICAL

HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.

Sep 9, 2024
CVE-2024-44849
9.8 CRITICAL

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

Sep 9, 2024
CVE-2024-44721
9.8 CRITICAL

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.

Sep 9, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.