CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-29726
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29725
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29724
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-29723
9.8 CRITICAL

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by …

Aug 29, 2024
CVE-2024-45435
9.8 CRITICAL

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.

Aug 29, 2024
CVE-2024-45233
9.8 CRITICAL

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently …

Aug 29, 2024
CVE-2024-34195
9.8 CRITICAL

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack …

Aug 28, 2024
CVE-2024-44761
9.8 CRITICAL

An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.

Aug 28, 2024
CVE-2024-42905
9.8 CRITICAL

Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the …

Aug 28, 2024
CVE-2024-34198
9.8 CRITICAL

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of …

Aug 28, 2024
CVE-2024-8030
9.8 CRITICAL

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object …

Aug 28, 2024
CVE-2024-7720
9.8 CRITICAL

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.

Aug 27, 2024
CVE-2024-36068
9.8 CRITICAL

An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code.

Aug 27, 2024
CVE-2024-44342
9.8 CRITICAL

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted …

Aug 27, 2024
CVE-2024-44341
9.8 CRITICAL

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted …

Aug 27, 2024
CVE-2024-41622
9.8 CRITICAL

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.

Aug 27, 2024
CVE-2024-6633
9.8 CRITICAL

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead …

Aug 27, 2024
CVE-2024-7071
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. …

Aug 27, 2024
CVE-2024-8181
9.8 CRITICAL

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow …

Aug 27, 2024
CVE-2024-4872
9.9 CRITICAL

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards …

Aug 27, 2024
CVE-2024-3980
9.9 CRITICAL

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If …

Aug 27, 2024
CVE-2024-45265
9.8 CRITICAL

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.

Aug 26, 2024
CVE-2024-42913
9.8 CRITICAL

RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.

Aug 26, 2024
CVE-2024-41444
9.8 CRITICAL

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.

Aug 26, 2024
CVE-2024-44557
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.

Aug 26, 2024
CVE-2024-44555
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.

Aug 26, 2024
CVE-2024-44553
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.

Aug 26, 2024
CVE-2024-44552
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.

Aug 26, 2024
CVE-2024-44551
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.

Aug 26, 2024
CVE-2024-44550
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.

Aug 26, 2024
CVE-2024-44549
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.

Aug 26, 2024
CVE-2024-41285
9.8 CRITICAL

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a …

Aug 26, 2024
CVE-2024-34087
9.8 CRITICAL

An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code …

Aug 26, 2024
CVE-2024-7988
9.8 CRITICAL

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This …

Aug 26, 2024
CVE-2024-8162
9.8 CRITICAL

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component …

Aug 26, 2024
CVE-2024-44558
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.

Aug 26, 2024
CVE-2024-44556
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

Aug 26, 2024
CVE-2024-44565
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.

Aug 26, 2024
CVE-2024-44563
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.

Aug 26, 2024
CVE-2024-8161
9.8 CRITICAL

SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to …

Aug 26, 2024
CVE-2024-45256
9.8 CRITICAL

An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication …

Aug 26, 2024
CVE-2024-8073
9.8 CRITICAL

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from …

Aug 26, 2024
CVE-2024-45258
9.8 CRITICAL

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a …

Aug 25, 2024
CVE-2024-45237
9.8 CRITICAL

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) …

Aug 24, 2024
CVE-2024-7568
9.6 CRITICAL

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or …

Aug 24, 2024
CVE-2024-42914
9.1 CRITICAL

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot …

Aug 23, 2024
CVE-2024-7954
9.8 CRITICAL

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can …

Aug 23, 2024
CVE-2024-42531
9.8 CRITICAL

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a …

Aug 23, 2024
CVE-2024-33854
9.1 CRITICAL

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before …

Aug 23, 2024
CVE-2024-33853
9.1 CRITICAL

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

Aug 23, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.