CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-25530
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.

May 8, 2024
CVE-2024-25529
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.

May 8, 2024
CVE-2024-25527
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.

May 8, 2024
CVE-2024-32980
9.1 CRITICAL

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` …

May 8, 2024
CVE-2024-32113
9.8 CRITICAL KEV

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to …

May 8, 2024
CVE-2024-26579
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are …

May 8, 2024
CVE-2024-25525
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.

May 8, 2024
CVE-2024-25524
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.

May 8, 2024
CVE-2024-25523
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.

May 8, 2024
CVE-2024-25522
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.

May 8, 2024
CVE-2024-25521
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.

May 8, 2024
CVE-2024-25520
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.

May 8, 2024
CVE-2024-25519
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.

May 8, 2024
CVE-2024-25518
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.

May 8, 2024
CVE-2024-25517
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.

May 8, 2024
CVE-2024-4393
9.8 CRITICAL

The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on …

May 8, 2024
CVE-2024-4558
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

May 7, 2024
CVE-2024-25514
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.

May 7, 2024
CVE-2024-25511
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.

May 7, 2024
CVE-2024-25510
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.

May 7, 2024
CVE-2024-25509
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.

May 7, 2024
CVE-2024-25508
9.8 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.

May 7, 2024
CVE-2024-25507
9.4 CRITICAL

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.

May 7, 2024
CVE-2024-33164
9.8 CRITICAL

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.

May 7, 2024
CVE-2024-33155
9.8 CRITICAL

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.

May 7, 2024
CVE-2024-33153
9.8 CRITICAL

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.

May 7, 2024
CVE-2024-33857
9.6 CRITICAL

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access …

May 7, 2024
CVE-2024-33146
9.1 CRITICAL

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.

May 7, 2024
CVE-2024-33124
9.8 CRITICAL

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..

May 7, 2024
CVE-2024-33120
9.8 CRITICAL

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute …

May 7, 2024
CVE-2024-32370
9.8 CRITICAL

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id …

May 7, 2024
CVE-2024-33434
9.8 CRITICAL

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` …

May 7, 2024
CVE-2023-46012
9.8 CRITICAL

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.

May 7, 2024
CVE-2024-4346
9.1 CRITICAL

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to …

May 7, 2024
CVE-2024-4345
9.8 CRITICAL

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the …

May 7, 2024
CVE-2024-4186
9.8 CRITICAL

The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default …

May 7, 2024
CVE-2024-34532
9.8 CRITICAL

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the …

May 6, 2024
CVE-2024-33411
9.8 CRITICAL

A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.

May 6, 2024
CVE-2024-33409
9.8 CRITICAL

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.

May 6, 2024
CVE-2024-33408
9.8 CRITICAL

A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.

May 6, 2024
CVE-2024-33403
9.8 CRITICAL

A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.

May 6, 2024
CVE-2024-34249
9.8 CRITICAL

wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c.

May 6, 2024
CVE-2024-33294
9.1 CRITICAL

An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the …

May 6, 2024
CVE-2024-33110
9.1 CRITICAL

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.

May 6, 2024
CVE-2024-4548
9.8 CRITICAL

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the …

May 6, 2024
CVE-2024-4547
9.8 CRITICAL

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the …

May 6, 2024
CVE-2024-33749
9.1 CRITICAL

DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.

May 6, 2024
CVE-2024-34524
9.1 CRITICAL

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content.

May 6, 2024
CVE-2024-34502
9.8 CRITICAL

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit …

May 5, 2024
CVE-2024-34461
9.8 CRITICAL

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a …

May 4, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.