CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-3191
9.8 CRITICAL

A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email …

Apr 29, 2024
CVE-2024-33546
9.6 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through …

Apr 29, 2024
CVE-2024-33544
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through …

Apr 29, 2024
CVE-2024-33559
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through …

Apr 29, 2024
CVE-2024-33551
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from …

Apr 29, 2024
CVE-2024-4300
9.8 CRITICAL

E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. …

Apr 29, 2024
CVE-2024-1874
9.4 CRITICAL

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the …

Apr 29, 2024
CVE-2024-3342
9.9 CRITICAL

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all …

Apr 27, 2024
CVE-2024-30804
9.8 CRITICAL

An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.

Apr 26, 2024
CVE-2024-28322
9.8 CRITICAL

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST …

Apr 26, 2024
CVE-2024-32881
9.8 CRITICAL

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone …

Apr 26, 2024
CVE-2024-31601
9.8 CRITICAL

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via …

Apr 26, 2024
CVE-2024-25343
9.1 CRITICAL

Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.

Apr 26, 2024
CVE-2024-33344
9.8 CRITICAL

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.

Apr 26, 2024
CVE-2024-32880
9.1 CRITICAL

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the …

Apr 26, 2024
CVE-2024-32766
10.0 CRITICAL

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands …

Apr 26, 2024
CVE-2024-32764
9.9 CRITICAL

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level …

Apr 26, 2024
CVE-2023-47222
9.6 CRITICAL

An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security …

Apr 26, 2024
CVE-2024-0740
9.8 CRITICAL

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed …

Apr 26, 2024
CVE-2024-3962
9.8 CRITICAL

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file …

Apr 26, 2024
CVE-2024-22633
9.8 CRITICAL

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is …

Apr 26, 2024
CVE-2024-22632
9.8 CRITICAL

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is …

Apr 26, 2024
CVE-2024-33668
9.1 CRITICAL

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to …

Apr 26, 2024
CVE-2024-33661
9.1 CRITICAL

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

Apr 26, 2024
CVE-2024-32651
10.0 CRITICAL

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in …

Apr 26, 2024
CVE-2024-0916
10.0 CRITICAL

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.

Apr 25, 2024
CVE-2022-36029
9.1 CRITICAL

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the …

Apr 25, 2024
CVE-2022-36028
9.1 CRITICAL

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the …

Apr 25, 2024
CVE-2024-31615
9.8 CRITICAL

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.

Apr 25, 2024
CVE-2024-31266
9.1 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For …

Apr 25, 2024
CVE-2024-30560
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.

Apr 25, 2024
CVE-2024-22144
9.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security …

Apr 25, 2024
CVE-2023-51484
9.8 CRITICAL

Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from …

Apr 25, 2024
CVE-2023-51482
9.9 CRITICAL

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.

Apr 25, 2024
CVE-2023-51478
9.8 CRITICAL

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.

Apr 25, 2024
CVE-2023-51477
9.8 CRITICAL

Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60.

Apr 24, 2024
CVE-2023-51472
9.8 CRITICAL

Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.

Apr 24, 2024
CVE-2023-51425
9.8 CRITICAL

Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

Apr 24, 2024
CVE-2023-31090
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to …

Apr 24, 2024
CVE-2024-32954
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

Apr 24, 2024
CVE-2024-32836
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through …

Apr 24, 2024
CVE-2024-32709
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.

Apr 24, 2024
CVE-2024-32948
9.1 CRITICAL

Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.

Apr 24, 2024
CVE-2024-28613
9.8 CRITICAL

SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of …

Apr 24, 2024
CVE-2024-32659
9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == …

Apr 23, 2024
CVE-2024-32658
9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains …

Apr 23, 2024
CVE-2024-33215
9.8 CRITICAL

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.

Apr 23, 2024
CVE-2024-21511
9.8 CRITICAL

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function …

Apr 23, 2024
CVE-2024-32459
9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or …

Apr 22, 2024
CVE-2024-32458
9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are …

Apr 22, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.