CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-40643
9.6 CRITICAL

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character …

Sep 9, 2024
CVE-2024-7015
9.8 CRITICAL

Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.

Sep 9, 2024
CVE-2024-37288
9.9 CRITICAL

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue …

Sep 9, 2024
CVE-2024-8584
9.8 CRITICAL

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege …

Sep 9, 2024
CVE-2024-6928
9.8 CRITICAL

The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX …

Sep 8, 2024
CVE-2024-6924
9.8 CRITICAL

The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action …

Sep 8, 2024
CVE-2024-40711
9.8 CRITICAL KEV

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Sep 7, 2024
CVE-2024-39714
9.9 CRITICAL

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.

Sep 7, 2024
CVE-2024-38650
9.9 CRITICAL

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.

Sep 7, 2024
CVE-2024-45771
9.8 CRITICAL

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.

Sep 6, 2024
CVE-2024-44839
9.8 CRITICAL

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.

Sep 6, 2024
CVE-2024-44838
9.8 CRITICAL

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.

Sep 6, 2024
CVE-2024-8517
9.8 CRITICAL

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by …

Sep 6, 2024
CVE-2024-45758
9.1 CRITICAL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when …

Sep 6, 2024
CVE-2024-44402
9.8 CRITICAL

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.

Sep 6, 2024
CVE-2024-44401
9.8 CRITICAL

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file

Sep 6, 2024
CVE-2024-7493
9.8 CRITICAL

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin …

Sep 6, 2024
CVE-2024-8292
9.8 CRITICAL

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. …

Sep 6, 2024
CVE-2024-8395
9.8 CRITICAL

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication.

Sep 5, 2024
CVE-2024-45159
9.8 CRITICAL

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided …

Sep 5, 2024
CVE-2024-45158
9.8 CRITICAL

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is …

Sep 5, 2024
CVE-2024-7591
10.0 CRITICAL

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 …

Sep 5, 2024
CVE-2024-44727
9.8 CRITICAL

Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.

Sep 5, 2024
CVE-2024-24759
9.3 CRITICAL

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection …

Sep 5, 2024
CVE-2024-42885
9.1 CRITICAL

SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.

Sep 5, 2024
CVE-2024-8470
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8469
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8468
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8467
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8466
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8465
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8464
9.8 CRITICAL

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in …

Sep 5, 2024
CVE-2024-8463
9.9 CRITICAL

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

Sep 5, 2024
CVE-2024-43102
10.0 CRITICAL

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object …

Sep 5, 2024
CVE-2024-20439
9.8 CRITICAL KEV

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative …

Sep 4, 2024
CVE-2024-45076
9.9 CRITICAL

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

Sep 4, 2024
CVE-2024-45053
9.1 CRITICAL

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input …

Sep 4, 2024
CVE-2024-44808
9.8 CRITICAL

An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.

Sep 4, 2024
CVE-2024-7078
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue …

Sep 4, 2024
CVE-2024-7076
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This …

Sep 4, 2024
CVE-2024-7923
9.8 CRITICAL

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises …

Sep 4, 2024
CVE-2024-7012
9.8 CRITICAL

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy …

Sep 4, 2024
CVE-2024-44400
9.8 CRITICAL

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the …

Sep 4, 2024
CVE-2024-8289
9.8 CRITICAL

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability …

Sep 4, 2024
CVE-2024-45507
9.8 CRITICAL

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are …

Sep 4, 2024
CVE-2024-6926
9.8 CRITICAL

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX …

Sep 4, 2024
CVE-2024-7950
9.8 CRITICAL

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary …

Sep 4, 2024
CVE-2024-44809
9.8 CRITICAL

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user …

Sep 3, 2024
CVE-2024-41433
9.8 CRITICAL

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) …

Sep 3, 2024
CVE-2024-4259
9.8 CRITICAL

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before …

Sep 3, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.