CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-3263
9.8 CRITICAL

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials …

May 14, 2024
CVE-2024-3070
9.8 CRITICAL

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization …

May 14, 2024
CVE-2024-3016
9.1 CRITICAL

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings …

May 14, 2024
CVE-2024-35099
9.8 CRITICAL

TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

May 14, 2024
CVE-2024-35049
9.1 CRITICAL

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590.

May 14, 2024
CVE-2024-34945
9.8 CRITICAL

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle.

May 14, 2024
CVE-2024-34943
9.8 CRITICAL

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.

May 14, 2024
CVE-2024-34706
9.8 CRITICAL

Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is …

May 14, 2024
CVE-2024-34555
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

May 14, 2024
CVE-2024-34440
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

May 14, 2024
CVE-2024-34416
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1.

May 14, 2024
CVE-2024-34411
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0.

May 14, 2024
CVE-2024-34365
9.1 CRITICAL

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is …

May 14, 2024
CVE-2024-34359
9.6 CRITICAL

llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` …

May 14, 2024
CVE-2024-34340
9.1 CRITICAL

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if …

May 14, 2024
CVE-2024-34226
9.4 CRITICAL

SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.

May 14, 2024
CVE-2024-34213
9.8 CRITICAL

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.

May 14, 2024
CVE-2024-34209
9.8 CRITICAL

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.

May 14, 2024
CVE-2024-34204
9.8 CRITICAL

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.

May 14, 2024
CVE-2024-34070
9.6 CRITICAL

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging …

May 14, 2024
CVE-2024-33874
9.8 CRITICAL

HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.

May 14, 2024
CVE-2024-32964
9.0 CRITICAL

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side …

May 14, 2024
CVE-2024-32735
9.8 CRITICAL

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST …

May 14, 2024
CVE-2024-32700
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.

May 14, 2024
CVE-2024-32622
9.1 CRITICAL

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).

May 14, 2024
CVE-2024-32621
9.8 CRITICAL

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction …

May 14, 2024
CVE-2024-32615
9.8 CRITICAL

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.

May 14, 2024
CVE-2024-32611
9.8 CRITICAL

HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.

May 14, 2024
CVE-2024-31810
9.8 CRITICAL

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

May 14, 2024
CVE-2024-31377
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a …

May 14, 2024
CVE-2024-30802
9.8 CRITICAL

An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.

May 14, 2024
CVE-2024-2257
9.1 CRITICAL

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical …

May 14, 2024
CVE-2024-29895
10.0 CRITICAL

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary …

May 14, 2024
CVE-2024-29212
9.9 CRITICAL

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain …

May 14, 2024
CVE-2024-29164
9.8 CRITICAL

HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential …

May 14, 2024
CVE-2024-29159
9.8 CRITICAL

HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code …

May 14, 2024
CVE-2024-29157
9.8 CRITICAL

HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential …

May 14, 2024
CVE-2024-28285
9.8 CRITICAL

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a …

May 14, 2024
CVE-2024-28075
9.0 CRITICAL

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote …

May 14, 2024
CVE-2024-27280
9.8 CRITICAL

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on …

May 14, 2024
CVE-2024-26517
9.1 CRITICAL

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.

May 14, 2024
CVE-2024-25641
9.1 CRITICAL

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows …

May 14, 2024
CVE-2024-0087
9.0 CRITICAL

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, …

May 14, 2024
CVE-2023-47709
9.1 CRITICAL

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially …

May 14, 2024
CVE-2022-32504
9.8 CRITICAL

An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by …

May 14, 2024
CVE-2024-34257
9.8 CRITICAL

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.

May 8, 2024
CVE-2024-25533
9.4 CRITICAL

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write …

May 8, 2024
CVE-2024-25532
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.

May 8, 2024
CVE-2024-31961
9.8 CRITICAL

A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.

May 8, 2024
CVE-2024-25531
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.

May 8, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.