CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-4442
9.1 CRITICAL

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to …

May 21, 2024
CVE-2024-4985
9.8 CRITICAL

An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This …

May 20, 2024
CVE-2024-35580
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.

May 20, 2024
CVE-2024-35571
9.8 CRITICAL

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

May 20, 2024
CVE-2024-34947
9.4 CRITICAL

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.

May 20, 2024
CVE-2024-24294
9.8 CRITICAL

A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.

May 20, 2024
CVE-2024-4323
9.8 CRITICAL

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may …

May 20, 2024
CVE-2024-35960
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly …

May 20, 2024
CVE-2024-36081
9.8 CRITICAL

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that …

May 19, 2024
CVE-2024-36080
9.8 CRITICAL

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter …

May 19, 2024
CVE-2024-36053
9.0 CRITICAL

In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user …

May 19, 2024
CVE-2024-28064
9.8 CRITICAL

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with …

May 18, 2024
CVE-2024-36048
9.8 CRITICAL

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only …

May 18, 2024
CVE-2024-2771
9.8 CRITICAL

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation …

May 18, 2024
CVE-2024-4264
9.8 CRITICAL

A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function …

May 18, 2024
CVE-2024-35845
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we …

May 17, 2024
CVE-2024-34982
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.

May 17, 2024
CVE-2024-34919
9.8 CRITICAL

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading …

May 17, 2024
CVE-2024-32809
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.

May 17, 2024
CVE-2024-22120
9.1 CRITICAL

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is …

May 17, 2024
CVE-2024-33644
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through …

May 17, 2024
CVE-2024-33567
9.8 CRITICAL

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: …

May 17, 2024
CVE-2024-33552
9.8 CRITICAL

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.

May 17, 2024
CVE-2024-32511
9.8 CRITICAL

Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.

May 17, 2024
CVE-2024-31290
9.8 CRITICAL

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.

May 17, 2024
CVE-2024-31231
9.0 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from …

May 17, 2024
CVE-2024-30542
9.8 CRITICAL

Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.

May 17, 2024
CVE-2024-27954
9.3 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects …

May 17, 2024
CVE-2024-24882
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.

May 17, 2024
CVE-2024-22157
9.8 CRITICAL

Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.

May 17, 2024
CVE-2023-51483
9.8 CRITICAL

Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.

May 17, 2024
CVE-2023-51481
9.8 CRITICAL

Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.

May 17, 2024
CVE-2023-51476
9.8 CRITICAL

Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.

May 17, 2024
CVE-2023-51424
9.8 CRITICAL

Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.

May 17, 2024
CVE-2024-31351
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & …

May 17, 2024
CVE-2023-37999
9.8 CRITICAL

Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.

May 17, 2024
CVE-2023-32297
9.0 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: …

May 17, 2024
CVE-2023-32244
9.8 CRITICAL

Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.

May 17, 2024
CVE-2023-26540
9.8 CRITICAL

Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.

May 17, 2024
CVE-2023-26009
9.8 CRITICAL

Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.

May 17, 2024
CVE-2023-25701
9.8 CRITICAL

Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.

May 17, 2024
CVE-2023-25444
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious …

May 17, 2024
CVE-2023-23645
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from …

May 17, 2024
CVE-2024-3551
9.8 CRITICAL

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' …

May 17, 2024
CVE-2024-22476
10.0 CRITICAL

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote …

May 16, 2024
CVE-2024-4609
9.8 CRITICAL

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if …

May 16, 2024
CVE-2024-35187
9.1 CRITICAL

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface …

May 16, 2024
CVE-2023-48643
9.8 CRITICAL

Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through …

May 16, 2024
CVE-2024-4992
9.8 CRITICAL

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially …

May 16, 2024
CVE-2024-4991
9.8 CRITICAL

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially …

May 16, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.