CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-29433
9.8 CRITICAL

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.

Apr 1, 2024
CVE-2024-30867
9.8 CRITICAL

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.

Apr 1, 2024
CVE-2024-30858
9.8 CRITICAL

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.

Apr 1, 2024
CVE-2024-30865
9.8 CRITICAL

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php.

Apr 1, 2024
CVE-2024-21473
9.8 CRITICAL

Memory corruption while redirecting log file to any file location with any file name.

Apr 1, 2024
CVE-2024-30868
9.8 CRITICAL

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.

Apr 1, 2024
CVE-2023-51803
9.8 CRITICAL

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring.

Apr 1, 2024
CVE-2024-31115
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from …

Mar 31, 2024
CVE-2024-31114
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.

Mar 31, 2024
CVE-2023-46808
9.9 CRITICAL

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead …

Mar 31, 2024
CVE-2024-2086
10.0 CRITICAL

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress …

Mar 30, 2024
CVE-2024-28288
9.8 CRITICAL

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to …

Mar 30, 2024
CVE-2024-29667
9.8 CRITICAL

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the …

Mar 29, 2024
CVE-2024-3094
10.0 CRITICAL

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts …

Mar 29, 2024
CVE-2024-31032
9.8 CRITICAL

An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component.

Mar 29, 2024
CVE-2024-29640
9.8 CRITICAL

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the …

Mar 29, 2024
CVE-2023-49232
9.8 CRITICAL

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.

Mar 29, 2024
CVE-2024-30247
10.0 CRITICAL

NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows …

Mar 29, 2024
CVE-2023-49231
9.8 CRITICAL

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.

Mar 29, 2024
CVE-2024-30502
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through …

Mar 29, 2024
CVE-2024-29202
9.9 CRITICAL

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's …

Mar 29, 2024
CVE-2024-29201
9.9 CRITICAL

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible …

Mar 29, 2024
CVE-2024-23538
9.9 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to …

Mar 29, 2024
CVE-2024-30635
9.8 CRITICAL

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function.

Mar 29, 2024
CVE-2024-30510
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.

Mar 29, 2024
CVE-2024-30500
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from …

Mar 29, 2024
CVE-2024-30498
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from …

Mar 29, 2024
CVE-2024-30490
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.

Mar 29, 2024
CVE-2024-30630
9.8 CRITICAL

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function.

Mar 29, 2024
CVE-2024-30628
9.8 CRITICAL

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function.

Mar 29, 2024
CVE-2024-30622
9.8 CRITICAL

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function.

Mar 29, 2024
CVE-2023-6191
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. …

Mar 29, 2024
CVE-2024-2411
9.8 CRITICAL

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This …

Mar 29, 2024
CVE-2024-2409
9.8 CRITICAL

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation …

Mar 29, 2024
CVE-2023-50969
9.8 CRITICAL

Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.

Mar 28, 2024
CVE-2024-28713
9.8 CRITICAL

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.

Mar 28, 2024
CVE-2024-30602
9.8 CRITICAL

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.

Mar 28, 2024
CVE-2024-30589
9.8 CRITICAL

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.

Mar 28, 2024
CVE-2024-30587
9.8 CRITICAL

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.

Mar 28, 2024
CVE-2024-30584
9.8 CRITICAL

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.

Mar 28, 2024
CVE-2023-6437
9.8 CRITICAL

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, …

Mar 28, 2024
CVE-2024-30596
9.8 CRITICAL

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.

Mar 28, 2024
CVE-2024-30593
9.8 CRITICAL

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function.

Mar 28, 2024
CVE-2024-30595
9.8 CRITICAL

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.

Mar 28, 2024
CVE-2024-2890
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

Mar 28, 2024
CVE-2024-29241
9.9 CRITICAL

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive …

Mar 28, 2024
CVE-2024-29100
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

Mar 28, 2024
CVE-2024-30228
9.9 CRITICAL

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.

Mar 28, 2024
CVE-2024-30227
9.0 CRITICAL

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.

Mar 28, 2024
CVE-2024-30226
9.0 CRITICAL

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.

Mar 28, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.