CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-8389
9.8 CRITICAL

Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

Sep 3, 2024
CVE-2024-8387
9.8 CRITICAL

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume …

Sep 3, 2024
CVE-2024-8385
9.8 CRITICAL

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox …

Sep 3, 2024
CVE-2024-8384
9.8 CRITICAL

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to …

Sep 3, 2024
CVE-2024-8381
9.8 CRITICAL

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability …

Sep 3, 2024
CVE-2024-44921
9.8 CRITICAL

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.

Sep 3, 2024
CVE-2024-7261
9.8 CRITICAL

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version …

Sep 3, 2024
CVE-2024-45623
9.8 CRITICAL

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP …

Sep 2, 2024
CVE-2024-45622
9.8 CRITICAL

ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.

Sep 2, 2024
CVE-2024-6919
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects …

Sep 2, 2024
CVE-2024-43773
9.8 CRITICAL

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via …

Sep 2, 2024
CVE-2024-43772
9.8 CRITICAL

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via …

Sep 2, 2024
CVE-2024-45522
9.8 CRITICAL

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.

Sep 2, 2024
CVE-2024-45508
9.8 CRITICAL

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

Sep 1, 2024
CVE-2024-8016
9.1 CRITICAL

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted …

Aug 30, 2024
CVE-2024-3673
9.1 CRITICAL

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File …

Aug 30, 2024
CVE-2024-45492
9.8 CRITICAL

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Aug 30, 2024
CVE-2024-45491
9.8 CRITICAL

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Aug 30, 2024
CVE-2024-45488
9.8 CRITICAL

One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware …

Aug 30, 2024
CVE-2024-6671
9.8 CRITICAL

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker …

Aug 29, 2024
CVE-2024-6670
9.8 CRITICAL KEV

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

Aug 29, 2024
CVE-2024-41372
9.8 CRITICAL

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.

Aug 29, 2024
CVE-2024-41370
9.8 CRITICAL

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.

Aug 29, 2024
CVE-2024-41369
9.8 CRITICAL

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php

Aug 29, 2024
CVE-2024-41368
9.8 CRITICAL

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php

Aug 29, 2024
CVE-2024-41367
9.8 CRITICAL

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php

Aug 29, 2024
CVE-2024-41366
9.8 CRITICAL

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php

Aug 29, 2024
CVE-2024-41364
9.8 CRITICAL

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php

Aug 29, 2024
CVE-2024-41361
9.8 CRITICAL

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php

Aug 29, 2024
CVE-2024-44779
9.6 CRITICAL

A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in …

Aug 29, 2024
CVE-2024-44778
9.6 CRITICAL

A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in …

Aug 29, 2024
CVE-2024-44777
9.6 CRITICAL

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in …

Aug 29, 2024
CVE-2024-8255
9.8 CRITICAL

Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.

Aug 29, 2024
CVE-2024-43955
10.0 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.

Aug 29, 2024
CVE-2024-43941
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from …

Aug 29, 2024
CVE-2024-43931
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.

Aug 29, 2024
CVE-2024-43918
10.0 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW …

Aug 29, 2024
CVE-2024-43917
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce …

Aug 29, 2024
CVE-2024-43144
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator …

Aug 29, 2024
CVE-2024-43132
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL …

Aug 29, 2024
CVE-2024-39653
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a …

Aug 29, 2024
CVE-2024-39622
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a …

Aug 29, 2024
CVE-2024-38795
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a …

Aug 29, 2024
CVE-2024-5057
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: …

Aug 29, 2024
CVE-2024-4428
9.8 CRITICAL

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: …

Aug 29, 2024
CVE-2024-29731
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29730
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29729
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29728
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29727
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.