CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-3200
9.9 CRITICAL

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and …

Jun 1, 2024
CVE-2024-33999
9.8 CRITICAL

The referrer URL used by MFA required additional sanitizing, rather than being used directly.

May 31, 2024
CVE-2024-31030
9.1 CRITICAL

An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially …

May 31, 2024
CVE-2024-36108
9.8 CRITICAL

casgate is an Open Source Identity and Access Management system. In affected versions `casgate` allows remote unauthenticated attacker to obtain sensitive information via GET request …

May 31, 2024
CVE-2024-23692
9.8 CRITICAL KEV

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to …

May 31, 2024
CVE-2024-5436
9.8 CRITICAL

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 …

May 31, 2024
CVE-2024-36246
9.8 CRITICAL

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, …

May 31, 2024
CVE-2024-32850
9.8 CRITICAL

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware …

May 31, 2024
CVE-2024-37018
9.1 CRITICAL

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.

May 31, 2024
CVE-2024-35469
9.8 CRITICAL

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

May 30, 2024
CVE-2024-2421
9.8 CRITICAL

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an …

May 30, 2024
CVE-2024-2420
9.8 CRITICAL

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker …

May 30, 2024
CVE-2024-35359
9.8 CRITICAL

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument …

May 30, 2024
CVE-2024-35353
9.8 CRITICAL

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument …

May 30, 2024
CVE-2024-35350
9.8 CRITICAL

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument …

May 30, 2024
CVE-2024-35349
9.8 CRITICAL

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument …

May 30, 2024
CVE-2024-3300
9.0 CRITICAL

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.

May 30, 2024
CVE-2024-36896
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed …

May 30, 2024
CVE-2024-36031
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is …

May 30, 2024
CVE-2024-35355
9.8 CRITICAL

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument …

May 30, 2024
CVE-2024-35354
9.8 CRITICAL

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument …

May 30, 2024
CVE-2024-1100
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects …

May 30, 2024
CVE-2024-5514
9.8 CRITICAL

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. …

May 30, 2024
CVE-2024-4358
9.8 CRITICAL KEV

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality …

May 29, 2024
CVE-2024-3412
9.1 CRITICAL

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation …

May 29, 2024
CVE-2024-3050
9.1 CRITICAL

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be …

May 29, 2024
CVE-2024-5150
9.8 CRITICAL

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the …

May 29, 2024
CVE-2024-35510
9.8 CRITICAL

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.

May 28, 2024
CVE-2023-43845
9.8 CRITICAL

Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. …

May 28, 2024
CVE-2024-35563
9.8 CRITICAL

CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.

May 28, 2024
CVE-2024-35344
9.9 CRITICAL

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, …

May 28, 2024
CVE-2024-35343
9.8 CRITICAL

Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to the /playback/ URI. This affects …

May 28, 2024
CVE-2024-34854
9.8 CRITICAL

F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`

May 28, 2024
CVE-2024-35324
9.8 CRITICAL

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.

May 28, 2024
CVE-2024-33808
9.8 CRITICAL

A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id …

May 28, 2024
CVE-2024-33806
9.8 CRITICAL

A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id …

May 28, 2024
CVE-2024-33805
9.8 CRITICAL

A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id …

May 28, 2024
CVE-2024-33801
9.8 CRITICAL

A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id …

May 28, 2024
CVE-2024-33800
9.8 CRITICAL

A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index …

May 28, 2024
CVE-2024-33799
9.8 CRITICAL

A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id …

May 28, 2024
CVE-2024-24963
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to …

May 28, 2024
CVE-2024-24962
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to …

May 28, 2024
CVE-2024-23601
9.8 CRITICAL

A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker …

May 28, 2024
CVE-2024-22590
9.1 CRITICAL

The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be …

May 28, 2024
CVE-2024-22187
9.1 CRITICAL

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to …

May 28, 2024
CVE-2024-21785
9.8 CRITICAL

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead …

May 28, 2024
CVE-2024-5274
9.6 CRITICAL KEV

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

May 28, 2024
CVE-2024-35398
9.8 CRITICAL

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.

May 28, 2024
CVE-2024-5407
10.0 CRITICAL

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform …

May 27, 2024
CVE-2024-26289
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from …

May 27, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.