CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-38989
9.8 CRITICAL

izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a …

Aug 12, 2024
CVE-2024-37023
9.1 CRITICAL

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker …

Aug 12, 2024
CVE-2024-36461
9.1 CRITICAL

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

Aug 12, 2024
CVE-2024-22116
9.9 CRITICAL

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled …

Aug 12, 2024
CVE-2024-21878
9.8 CRITICAL

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This …

Aug 12, 2024
CVE-2024-21876
9.1 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows …

Aug 12, 2024
CVE-2024-42366
9.0 CRITICAL

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be …

Aug 8, 2024
CVE-2024-7490
9.8 CRITICAL

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is …

Aug 8, 2024
CVE-2024-42037
9.3 CRITICAL

Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Aug 8, 2024
CVE-2024-42256
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, …

Aug 8, 2024
CVE-2024-7350
9.8 CRITICAL

The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This …

Aug 8, 2024
CVE-2024-41912
9.8 CRITICAL

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.

Aug 7, 2024
CVE-2024-41237
9.8 CRITICAL

A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.

Aug 7, 2024
CVE-2024-20454
9.8 CRITICAL

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow …

Aug 7, 2024
CVE-2024-20450
9.8 CRITICAL

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow …

Aug 7, 2024
CVE-2024-34480
9.8 CRITICAL

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.

Aug 7, 2024
CVE-2024-34479
9.8 CRITICAL

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.

Aug 7, 2024
CVE-2024-36130
9.8 CRITICAL

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the …

Aug 7, 2024
CVE-2024-41270
9.1 CRITICAL

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

Aug 6, 2024
CVE-2024-42395
9.8 CRITICAL

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could …

Aug 6, 2024
CVE-2024-42394
9.8 CRITICAL

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow …

Aug 6, 2024
CVE-2024-42393
9.8 CRITICAL

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow …

Aug 6, 2024
CVE-2024-28740
9.6 CRITICAL

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.

Aug 6, 2024
CVE-2024-39227
9.8 CRITICAL

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. …

Aug 6, 2024
CVE-2024-41616
9.8 CRITICAL

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.

Aug 6, 2024
CVE-2024-39228
9.8 CRITICAL

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the …

Aug 6, 2024
CVE-2024-39226
9.8 CRITICAL

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to …

Aug 6, 2024
CVE-2024-39225
9.8 CRITICAL

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

Aug 6, 2024
CVE-2024-33897
9.1 CRITICAL

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. …

Aug 6, 2024
CVE-2024-30170
9.1 CRITICAL

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, …

Aug 6, 2024
CVE-2024-7519
9.6 CRITICAL

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. …

Aug 6, 2024
CVE-2024-33974
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33973
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33972
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33971
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33970
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33969
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33968
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33967
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33966
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33965
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33964
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33963
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33962
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33961
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33960
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33959
9.8 CRITICAL

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted …

Aug 6, 2024
CVE-2024-33958
9.8 CRITICAL

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and …

Aug 6, 2024
CVE-2024-33957
9.8 CRITICAL

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and …

Aug 6, 2024
CVE-2024-6202
9.8 CRITICAL

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate …

Aug 6, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.