CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-33852
9.1 CRITICAL

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

Aug 23, 2024
CVE-2024-32501
9.8 CRITICAL

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

Aug 23, 2024
CVE-2024-44382
9.8 CRITICAL

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.

Aug 23, 2024
CVE-2024-44381
9.8 CRITICAL

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.

Aug 23, 2024
CVE-2024-42765
9.8 CRITICAL

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login …

Aug 23, 2024
CVE-2024-42764
9.4 CRITICAL

Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.

Aug 23, 2024
CVE-2024-40766
9.8 CRITICAL KEV

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing …

Aug 23, 2024
CVE-2024-42773
9.1 CRITICAL

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel …

Aug 22, 2024
CVE-2024-42775
9.1 CRITICAL

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel …

Aug 22, 2024
CVE-2023-6452
9.6 CRITICAL

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal …

Aug 22, 2024
CVE-2024-36445
9.8 CRITICAL

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication.

Aug 22, 2024
CVE-2024-36439
9.4 CRITICAL

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the …

Aug 22, 2024
CVE-2024-45169
9.8 CRITICAL

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of …

Aug 22, 2024
CVE-2024-45168
9.1 CRITICAL

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. …

Aug 22, 2024
CVE-2024-45167
9.8 CRITICAL

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of …

Aug 22, 2024
CVE-2024-45166
9.8 CRITICAL

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of …

Aug 22, 2024
CVE-2024-45163
9.1 CRITICAL

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, …

Aug 22, 2024
CVE-2024-28987
9.1 CRITICAL KEV

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Aug 21, 2024
CVE-2024-7971
9.6 CRITICAL KEV

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security …

Aug 21, 2024
CVE-2024-6386
9.9 CRITICAL

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This …

Aug 21, 2024
CVE-2024-42784
9.8 CRITICAL

A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

Aug 21, 2024
CVE-2024-42783
9.8 CRITICAL

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.

Aug 21, 2024
CVE-2024-42782
9.8 CRITICAL

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

Aug 21, 2024
CVE-2024-42781
9.8 CRITICAL

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the …

Aug 21, 2024
CVE-2024-42777
9.8 CRITICAL

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a …

Aug 21, 2024
CVE-2024-40453
9.8 CRITICAL

squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.

Aug 21, 2024
CVE-2024-28000
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.

Aug 21, 2024
CVE-2024-5335
9.8 CRITICAL

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object …

Aug 21, 2024
CVE-2024-7854
10.0 CRITICAL

The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the …

Aug 21, 2024
CVE-2024-6800
9.8 CRITICAL

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation …

Aug 20, 2024
CVE-2024-38175
9.6 CRITICAL

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.

Aug 20, 2024
CVE-2024-42919
9.8 CRITICAL

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.

Aug 20, 2024
CVE-2024-27185
9.1 CRITICAL

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

Aug 20, 2024
CVE-2024-43404
9.8 CRITICAL

MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code …

Aug 20, 2024
CVE-2024-35540
9.0 CRITICAL

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Aug 20, 2024
CVE-2024-30949
9.8 CRITICAL

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

Aug 20, 2024
CVE-2024-33872
9.8 CRITICAL

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.

Aug 20, 2024
CVE-2024-42575
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.

Aug 20, 2024
CVE-2024-42574
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.

Aug 20, 2024
CVE-2024-42573
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.

Aug 20, 2024
CVE-2024-42572
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.

Aug 20, 2024
CVE-2024-42571
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.

Aug 20, 2024
CVE-2024-42570
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.

Aug 20, 2024
CVE-2024-42569
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.

Aug 20, 2024
CVE-2024-42568
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.

Aug 20, 2024
CVE-2024-42567
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.

Aug 20, 2024
CVE-2024-42566
9.8 CRITICAL

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php

Aug 20, 2024
CVE-2024-42565
9.8 CRITICAL

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.

Aug 20, 2024
CVE-2024-42563
9.8 CRITICAL

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.

Aug 20, 2024
CVE-2024-42562
9.8 CRITICAL

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.

Aug 20, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.