CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-3863
9.8 CRITICAL

The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This …

Apr 16, 2024
CVE-2024-32027
9.1 CRITICAL

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.

Apr 16, 2024
CVE-2024-32026
9.1 CRITICAL

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5.

Apr 16, 2024
CVE-2024-32025
9.1 CRITICAL

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.

Apr 16, 2024
CVE-2024-32022
9.1 CRITICAL

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.

Apr 16, 2024
CVE-2024-3871
9.8 CRITICAL

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack …

Apr 16, 2024
CVE-2024-3573
9.3 CRITICAL

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the …

Apr 16, 2024
CVE-2024-3271
9.8 CRITICAL

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the …

Apr 16, 2024
CVE-2024-2912
10.0 CRITICAL

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, …

Apr 16, 2024
CVE-2024-2083
9.9 CRITICAL

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path …

Apr 16, 2024
CVE-2024-1739
9.1 CRITICAL

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email …

Apr 16, 2024
CVE-2024-1601
9.8 CRITICAL

An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability …

Apr 16, 2024
CVE-2024-0404
9.1 CRITICAL

A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP …

Apr 16, 2024
CVE-2024-31650
9.6 CRITICAL

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload …

Apr 15, 2024
CVE-2024-28557
9.8 CRITICAL

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted …

Apr 15, 2024
CVE-2024-28556
9.8 CRITICAL

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted …

Apr 15, 2024
CVE-2024-24486
9.1 CRITICAL

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command.

Apr 15, 2024
CVE-2024-28056
9.8 CRITICAL

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed …

Apr 15, 2024
CVE-2023-48710
9.8 CRITICAL

iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is …

Apr 15, 2024
CVE-2024-3781
9.1 CRITICAL

Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent …

Apr 15, 2024
CVE-2024-23486
9.8 CRITICAL

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login …

Apr 15, 2024
CVE-2024-3701
9.8 CRITICAL

The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.

Apr 15, 2024
CVE-2024-32128
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: …

Apr 15, 2024
CVE-2024-3777
9.8 CRITICAL

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

Apr 15, 2024
CVE-2024-29844
9.8 CRITICAL

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation …

Apr 15, 2024
CVE-2024-29836
9.8 CRITICAL

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user …

Apr 15, 2024
CVE-2024-3765
9.8 CRITICAL

A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality …

Apr 14, 2024
CVE-2024-28878
9.6 CRITICAL

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of …

Apr 12, 2024
CVE-2024-3704
9.8 CRITICAL

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login …

Apr 12, 2024
CVE-2023-51409
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

Apr 12, 2024
CVE-2024-31818
9.8 CRITICAL

Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.

Apr 12, 2024
CVE-2024-28718
9.8 CRITICAL

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

Apr 12, 2024
CVE-2024-3400
10.0 CRITICAL KEV

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions …

Apr 12, 2024
CVE-2024-22718
9.6 CRITICAL

Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.

Apr 11, 2024
CVE-2024-31678
9.8 CRITICAL

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.

Apr 11, 2024
CVE-2024-21508
9.8 CRITICAL

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers …

Apr 11, 2024
CVE-2024-29937
9.8 CRITICAL

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a …

Apr 11, 2024
CVE-2024-27683
9.8 CRITICAL

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.

Apr 11, 2024
CVE-2024-25912
9.8 CRITICAL

Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Apr 11, 2024
CVE-2024-31997
9.9 CRITICAL

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and …

Apr 10, 2024
CVE-2024-31996
10.0 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool …

Apr 10, 2024
CVE-2024-31988
9.6 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed …

Apr 10, 2024
CVE-2024-31987
9.9 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any …

Apr 10, 2024
CVE-2024-31986
9.0 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a …

Apr 10, 2024
CVE-2024-31984
9.9 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a …

Apr 10, 2024
CVE-2024-31983
9.9 CRITICAL

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that …

Apr 10, 2024
CVE-2024-31982
10.0 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code …

Apr 10, 2024
CVE-2024-31981
9.9 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via …

Apr 10, 2024
CVE-2024-31819
9.8 CRITICAL

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

Apr 10, 2024
CVE-2024-31465
9.9 CRITICAL

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on …

Apr 10, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.