CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-38652
9.1 CRITICAL

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

Aug 14, 2024
CVE-2024-20083
9.8 CRITICAL

In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with …

Aug 14, 2024
CVE-2024-20082
9.8 CRITICAL

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution …

Aug 14, 2024
CVE-2024-28986
9.8 CRITICAL KEV

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to …

Aug 13, 2024
CVE-2024-7593
9.8 CRITICAL KEV

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the …

Aug 13, 2024
CVE-2024-7569
9.6 CRITICAL

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client …

Aug 13, 2024
CVE-2024-38199
9.8 CRITICAL

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Aug 13, 2024
CVE-2024-38160
9.1 CRITICAL

Windows Network Virtualization Remote Code Execution Vulnerability

Aug 13, 2024
CVE-2024-38159
9.1 CRITICAL

Windows Network Virtualization Remote Code Execution Vulnerability

Aug 13, 2024
CVE-2024-38140
9.8 CRITICAL

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Aug 13, 2024
CVE-2024-38109
9.1 CRITICAL

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Aug 13, 2024
CVE-2024-38108
9.3 CRITICAL

Azure Stack Hub Spoofing Vulnerability

Aug 13, 2024
CVE-2024-38063
9.8 CRITICAL

Windows TCP/IP Remote Code Execution Vulnerability

Aug 13, 2024
CVE-2024-7746
9.8 CRITICAL

Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the …

Aug 13, 2024
CVE-2024-41623
9.8 CRITICAL

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload

Aug 13, 2024
CVE-2024-43160
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.

Aug 13, 2024
CVE-2024-43153
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.

Aug 13, 2024
CVE-2024-43141
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.

Aug 13, 2024
CVE-2024-37287
9.1 CRITICAL

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access …

Aug 13, 2024
CVE-2024-43121
9.1 CRITICAL

Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.

Aug 13, 2024
CVE-2024-41940
9.1 CRITICAL

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command …

Aug 13, 2024
CVE-2024-41730
9.8 CRITICAL

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a …

Aug 13, 2024
CVE-2024-7094
9.8 CRITICAL

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code …

Aug 13, 2024
CVE-2024-43360
9.8 CRITICAL

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 …

Aug 12, 2024
CVE-2024-42547
9.8 CRITICAL

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

Aug 12, 2024
CVE-2024-42546
9.8 CRITICAL

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.

Aug 12, 2024
CVE-2024-42545
9.8 CRITICAL

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.

Aug 12, 2024
CVE-2024-42543
9.8 CRITICAL

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

Aug 12, 2024
CVE-2024-42489
10.0 CRITICAL

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or …

Aug 12, 2024
CVE-2023-7249
9.8 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: …

Aug 12, 2024
CVE-2024-6917
9.8 CRITICAL

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue …

Aug 12, 2024
CVE-2024-42520
9.8 CRITICAL

TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.

Aug 12, 2024
CVE-2024-42479
10.0 CRITICAL

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in …

Aug 12, 2024
CVE-2024-38530
9.8 CRITICAL

The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of …

Aug 12, 2024
CVE-2024-7503
9.8 CRITICAL

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the …

Aug 12, 2024
CVE-2024-42469
9.8 CRITICAL

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require …

Aug 12, 2024
CVE-2024-42467
10.0 CRITICAL

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu …

Aug 12, 2024
CVE-2024-42167
9.1 CRITICAL

The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated …

Aug 12, 2024
CVE-2024-42166
9.1 CRITICAL

The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated …

Aug 12, 2024
CVE-2024-41577
9.8 CRITICAL

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

Aug 12, 2024
CVE-2024-41570
9.8 CRITICAL

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team …

Aug 12, 2024
CVE-2024-41476
9.8 CRITICAL

AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.

Aug 12, 2024
CVE-2024-40486
9.8 CRITICAL

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the …

Aug 12, 2024
CVE-2024-40482
9.8 CRITICAL

An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a …

Aug 12, 2024
CVE-2024-40480
9.8 CRITICAL

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator …

Aug 12, 2024
CVE-2024-40477
9.8 CRITICAL

A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" …

Aug 12, 2024
CVE-2024-40472
9.8 CRITICAL

Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."

Aug 12, 2024
CVE-2024-3279
9.1 CRITICAL

An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in …

Aug 12, 2024
CVE-2024-39815
9.1 CRITICAL

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an …

Aug 12, 2024
CVE-2024-39791
10.0 CRITICAL

Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to …

Aug 12, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.