CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-32041
9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are …

Apr 22, 2024
CVE-2024-32039
9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable …

Apr 22, 2024
CVE-2024-27574
9.1 CRITICAL

SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.

Apr 22, 2024
CVE-2024-4040
9.8 CRITICAL KEV

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files …

Apr 22, 2024
CVE-2024-32238
9.8 CRITICAL

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.

Apr 22, 2024
CVE-2024-31545
9.4 CRITICAL

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.

Apr 22, 2024
CVE-2024-31666
9.8 CRITICAL

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.

Apr 22, 2024
CVE-2024-27349
9.1 CRITICAL

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which …

Apr 22, 2024
CVE-2024-27348
9.8 CRITICAL KEV

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to …

Apr 22, 2024
CVE-2024-29661
9.8 CRITICAL

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload.

Apr 22, 2024
CVE-2024-32418
9.8 CRITICAL

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

Apr 22, 2024
CVE-2024-31547
9.1 CRITICAL

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.

Apr 19, 2024
CVE-2024-31546
9.8 CRITICAL

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.

Apr 19, 2024
CVE-2023-47435
9.8 CRITICAL

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages.

Apr 19, 2024
CVE-2024-32644
9.1 CRITICAL

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint …

Apr 19, 2024
CVE-2024-32038
9.8 CRITICAL

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling …

Apr 19, 2024
CVE-2024-29204
9.8 CRITICAL

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands

Apr 19, 2024
CVE-2024-24996
9.8 CRITICAL

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.

Apr 19, 2024
CVE-2024-22061
9.8 CRITICAL

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands

Apr 19, 2024
CVE-2024-31750
9.8 CRITICAL

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.

Apr 19, 2024
CVE-2024-30938
9.8 CRITICAL

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.

Apr 19, 2024
CVE-2024-30923
9.8 CRITICAL

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering

Apr 18, 2024
CVE-2024-30922
9.8 CRITICAL

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.

Apr 18, 2024
CVE-2024-30564
9.8 CRITICAL

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of …

Apr 18, 2024
CVE-2024-2796
9.3 CRITICAL

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.

Apr 18, 2024
CVE-2024-29021
9.0 CRITICAL

Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request …

Apr 18, 2024
CVE-2024-28189
10.0 CRITICAL

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can …

Apr 18, 2024
CVE-2024-28185
10.0 CRITICAL

Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by …

Apr 18, 2024
CVE-2024-32599
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a …

Apr 18, 2024
CVE-2023-49742
9.9 CRITICAL

Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.

Apr 18, 2024
CVE-2024-32340
9.6 CRITICAL

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload …

Apr 17, 2024
CVE-2024-3817
9.8 CRITICAL

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.

Apr 17, 2024
CVE-2024-31581
9.8 CRITICAL

FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within …

Apr 17, 2024
CVE-2024-30990
9.8 CRITICAL

SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via …

Apr 17, 2024
CVE-2024-32161
9.8 CRITICAL

jizhiCMS 2.5 suffers from a File upload vulnerability.

Apr 17, 2024
CVE-2024-30985
9.8 CRITICAL

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands …

Apr 17, 2024
CVE-2024-30982
9.8 CRITICAL

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter …

Apr 17, 2024
CVE-2024-30981
9.8 CRITICAL

SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid …

Apr 17, 2024
CVE-2024-30980
9.8 CRITICAL

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location …

Apr 17, 2024
CVE-2024-32318
9.8 CRITICAL

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function.

Apr 17, 2024
CVE-2024-32286
9.8 CRITICAL

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.

Apr 17, 2024
CVE-2024-32301
9.8 CRITICAL

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.

Apr 17, 2024
CVE-2023-39367
9.1 CRITICAL

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can …

Apr 17, 2024
CVE-2024-32514
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from …

Apr 17, 2024
CVE-2024-21082
9.8 CRITICAL

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability …

Apr 16, 2024
CVE-2024-21071
9.1 CRITICAL

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable …

Apr 16, 2024
CVE-2024-21014
9.8 CRITICAL

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily …

Apr 16, 2024
CVE-2024-21010
9.9 CRITICAL

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily …

Apr 16, 2024
CVE-2024-20997
9.9 CRITICAL

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily …

Apr 16, 2024
CVE-2024-3660
9.8 CRITICAL

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a …

Apr 16, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.