CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-31777
9.8 CRITICAL

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.

Jun 13, 2024
CVE-2024-0095
9.0 CRITICAL

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data …

Jun 13, 2024
CVE-2024-32913
9.8 CRITICAL

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with …

Jun 13, 2024
CVE-2024-32911
9.8 CRITICAL

There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges …

Jun 13, 2024
CVE-2024-32905
9.8 CRITICAL

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution …

Jun 13, 2024
CVE-2024-29786
9.8 CRITICAL

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution …

Jun 13, 2024
CVE-2024-37635
9.8 CRITICAL

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg

Jun 13, 2024
CVE-2024-37634
9.8 CRITICAL

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.

Jun 13, 2024
CVE-2024-37632
9.8 CRITICAL

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .

Jun 13, 2024
CVE-2024-38281
9.8 CRITICAL

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.

Jun 13, 2024
CVE-2024-22441
9.8 CRITICAL

HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.

Jun 13, 2024
CVE-2024-37849
9.8 CRITICAL

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.

Jun 13, 2024
CVE-2024-30300
9.8 CRITICAL

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. An attacker …

Jun 13, 2024
CVE-2024-30299
10.0 CRITICAL

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could …

Jun 13, 2024
CVE-2024-4371
9.0 CRITICAL

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all …

Jun 13, 2024
CVE-2024-34108
9.1 CRITICAL

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in …

Jun 13, 2024
CVE-2024-34102
9.8 CRITICAL KEV

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result …

Jun 13, 2024
CVE-2024-3552
9.8 CRITICAL

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX …

Jun 13, 2024
CVE-2024-38295
9.8 CRITICAL

ALCASAR before 3.6.1 allows still_connected.php remote code execution.

Jun 13, 2024
CVE-2024-38294
9.8 CRITICAL

ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.

Jun 13, 2024
CVE-2024-38293
9.6 CRITICAL

ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.

Jun 13, 2024
CVE-2024-3922
10.0 CRITICAL

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to …

Jun 13, 2024
CVE-2024-37036
9.8 CRITICAL

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.

Jun 12, 2024
CVE-2024-36761
9.8 CRITICAL

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.

Jun 12, 2024
CVE-2024-36840
9.1 CRITICAL

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter …

Jun 12, 2024
CVE-2024-36265
9.8 CRITICAL

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project …

Jun 12, 2024
CVE-2024-36264
9.8 CRITICAL

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be …

Jun 12, 2024
CVE-2024-1659
9.8 CRITICAL

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This …

Jun 12, 2024
CVE-2024-1577
9.8 CRITICAL

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP …

Jun 12, 2024
CVE-2024-1576
9.8 CRITICAL

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the …

Jun 12, 2024
CVE-2024-4898
9.8 CRITICAL

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on …

Jun 12, 2024
CVE-2024-4315
9.1 CRITICAL

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths …

Jun 12, 2024
CVE-2024-35225
9.6 CRITICAL

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior …

Jun 11, 2024
CVE-2024-35213
9.0 CRITICAL

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause …

Jun 11, 2024
CVE-2024-34405
9.1 CRITICAL

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app.

Jun 11, 2024
CVE-2024-30080
9.8 CRITICAL

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Jun 11, 2024
CVE-2024-2013
10.0 CRITICAL

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the …

Jun 11, 2024
CVE-2024-2012
9.1 CRITICAL

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed …

Jun 11, 2024
CVE-2024-5701
9.8 CRITICAL

Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

Jun 11, 2024
CVE-2024-5699
9.8 CRITICAL

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked …

Jun 11, 2024
CVE-2024-5695
9.8 CRITICAL

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer …

Jun 11, 2024
CVE-2024-36266
9.3 CRITICAL

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local …

Jun 11, 2024
CVE-2024-3549
9.9 CRITICAL

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, …

Jun 11, 2024
CVE-2024-36360
9.8 CRITICAL

OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary …

Jun 11, 2024
CVE-2024-31401
9.0 CRITICAL

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the …

Jun 11, 2024
CVE-2024-29855
9.0 CRITICAL

Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator

Jun 11, 2024
CVE-2024-37014
9.8 CRITICAL

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.

Jun 10, 2024
CVE-2024-36415
9.1 CRITICAL

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows …

Jun 10, 2024
CVE-2024-36412
10.0 CRITICAL

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for …

Jun 10, 2024
CVE-2024-36411
9.6 CRITICAL

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in …

Jun 10, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.