CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-39685
9.8 CRITICAL

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) …

Jul 22, 2024
CVE-2024-26020
9.6 CRITICAL

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. …

Jul 22, 2024
CVE-2024-21552
9.8 CRITICAL

All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output …

Jul 22, 2024
CVE-2024-41318
9.8 CRITICAL

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.

Jul 22, 2024
CVE-2024-41316
9.8 CRITICAL

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

Jul 22, 2024
CVE-2024-37998
9.8 CRITICAL

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts …

Jul 22, 2024
CVE-2024-38773
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This …

Jul 22, 2024
CVE-2024-41704
9.8 CRITICAL

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.

Jul 22, 2024
CVE-2024-41703
9.8 CRITICAL

LibreChat through 0.7.4-rc1 has incorrect access control for message updates.

Jul 22, 2024
CVE-2024-38438
9.8 CRITICAL

D-Link - CWE-294: Authentication Bypass by Capture-replay

Jul 21, 2024
CVE-2024-38437
9.8 CRITICAL

D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

Jul 21, 2024
CVE-2024-6636
9.8 CRITICAL

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function …

Jul 20, 2024
CVE-2024-41603
9.6 CRITICAL

Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.

Jul 19, 2024
CVE-2024-39962
9.8 CRITICAL

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This …

Jul 19, 2024
CVE-2024-29736
9.1 CRITICAL

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks …

Jul 19, 2024
CVE-2024-6205
9.8 CRITICAL

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a …

Jul 19, 2024
CVE-2024-35198
9.8 CRITICAL

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if …

Jul 19, 2024
CVE-2024-39173
9.8 CRITICAL

calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary …

Jul 18, 2024
CVE-2024-0857
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue …

Jul 18, 2024
CVE-2024-5619
9.6 CRITICAL

Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: …

Jul 18, 2024
CVE-2024-5618
9.9 CRITICAL

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management …

Jul 18, 2024
CVE-2024-40629
10.0 CRITICAL

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database …

Jul 18, 2024
CVE-2024-40628
10.0 CRITICAL

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database …

Jul 18, 2024
CVE-2024-39911
10.0 CRITICAL

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version …

Jul 18, 2024
CVE-2024-39907
9.8 CRITICAL

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, …

Jul 18, 2024
CVE-2024-6164
9.8 CRITICAL

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated …

Jul 18, 2024
CVE-2024-41184
9.8 CRITICAL

In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty …

Jul 18, 2024
CVE-2024-20419
10.0 CRITICAL

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of …

Jul 17, 2024
CVE-2024-20401
9.8 CRITICAL

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files …

Jul 17, 2024
CVE-2024-6834
9.0 CRITICAL

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a …

Jul 17, 2024
CVE-2024-28074
9.6 CRITICAL

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able …

Jul 17, 2024
CVE-2024-23475
9.6 CRITICAL

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file …

Jul 17, 2024
CVE-2024-23472
9.6 CRITICAL

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.

Jul 17, 2024
CVE-2024-23471
9.6 CRITICAL

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to …

Jul 17, 2024
CVE-2024-23470
9.6 CRITICAL

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user …

Jul 17, 2024
CVE-2024-23469
9.6 CRITICAL

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions …

Jul 17, 2024
CVE-2024-23467
9.6 CRITICAL

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code …

Jul 17, 2024
CVE-2024-23466
9.6 CRITICAL

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform …

Jul 17, 2024
CVE-2024-36491
9.8 CRITICAL

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain …

Jul 17, 2024
CVE-2024-31070
9.1 CRITICAL

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows …

Jul 17, 2024
CVE-2024-6220
9.8 CRITICAL

The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions …

Jul 17, 2024
CVE-2024-21181
9.8 CRITICAL

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability …

Jul 16, 2024
CVE-2023-7012
9.6 CRITICAL

Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to …

Jul 16, 2024
CVE-2023-4860
9.6 CRITICAL

Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jul 16, 2024
CVE-2019-25154
9.6 CRITICAL

Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jul 16, 2024
CVE-2024-6779
9.6 CRITICAL

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 16, 2024
CVE-2024-40535
9.8 CRITICAL

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function.

Jul 16, 2024
CVE-2024-40515
9.8 CRITICAL

An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.

Jul 16, 2024
CVE-2024-40505
9.3 CRITICAL

Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

Jul 16, 2024
CVE-2024-40456
9.8 CRITICAL

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.

Jul 16, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.