CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-30225
10.0 CRITICAL

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.

Mar 28, 2024
CVE-2024-30224
10.0 CRITICAL

Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.

Mar 28, 2024
CVE-2024-30223
9.0 CRITICAL

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.

Mar 28, 2024
CVE-2024-28015
9.8 CRITICAL

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, …

Mar 28, 2024
CVE-2024-28014
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, …

Mar 28, 2024
CVE-2024-28012
9.8 CRITICAL

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, …

Mar 28, 2024
CVE-2024-28011
9.8 CRITICAL

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, …

Mar 28, 2024
CVE-2024-28010
9.8 CRITICAL

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, …

Mar 28, 2024
CVE-2024-28009
9.8 CRITICAL

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, …

Mar 28, 2024
CVE-2024-28008
9.8 CRITICAL

Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, …

Mar 28, 2024
CVE-2024-28007
9.8 CRITICAL

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, …

Mar 28, 2024
CVE-2023-6153
9.8 CRITICAL

Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about …

Mar 27, 2024
CVE-2023-6173
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. …

Mar 27, 2024
CVE-2024-28815
9.8 CRITICAL

A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, …

Mar 27, 2024
CVE-2024-28335
9.1 CRITICAL

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, …

Mar 27, 2024
CVE-2023-49815
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

Mar 27, 2024
CVE-2023-31634
9.8 CRITICAL

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for …

Mar 27, 2024
CVE-2023-45924
9.8 CRITICAL

libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common …

Mar 27, 2024
CVE-2023-45929
9.1 CRITICAL

S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().

Mar 27, 2024
CVE-2023-45927
9.1 CRITICAL

S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().

Mar 27, 2024
CVE-2024-25735
9.1 CRITICAL

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.

Mar 27, 2024
CVE-2024-25393
9.8 CRITICAL

A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.

Mar 27, 2024
CVE-2024-28545
9.8 CRITICAL

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.

Mar 26, 2024
CVE-2024-25421
9.8 CRITICAL

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.

Mar 26, 2024
CVE-2023-48777
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

Mar 26, 2024
CVE-2023-47873
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.

Mar 26, 2024
CVE-2023-47846
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.

Mar 26, 2024
CVE-2023-47842
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.

Mar 26, 2024
CVE-2023-38388
9.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.

Mar 26, 2024
CVE-2023-29386
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.

Mar 26, 2024
CVE-2023-28787
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: …

Mar 26, 2024
CVE-2023-23656
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.

Mar 26, 2024
CVE-2024-2921
9.8 CRITICAL

Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized …

Mar 26, 2024
CVE-2024-29401
9.8 CRITICAL

xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.

Mar 26, 2024
CVE-2024-29684
9.8 CRITICAL

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.

Mar 26, 2024
CVE-2024-30231
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through …

Mar 26, 2024
CVE-2024-28048
9.8 CRITICAL

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of …

Mar 26, 2024
CVE-2024-29303
9.8 CRITICAL

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection

Mar 26, 2024
CVE-2024-28421
9.8 CRITICAL

SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php

Mar 25, 2024
CVE-2024-2873
9.1 CRITICAL

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in …

Mar 25, 2024
CVE-2024-29666
9.8 CRITICAL

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.

Mar 25, 2024
CVE-2024-29650
9.8 CRITICAL

An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.

Mar 25, 2024
CVE-2024-2865
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality …

Mar 25, 2024
CVE-2024-28393
9.8 CRITICAL

SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.

Mar 25, 2024
CVE-2024-28386
9.8 CRITICAL

An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.

Mar 25, 2024
CVE-2024-2862
9.1 CRITICAL

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.

Mar 25, 2024
CVE-2022-36407
9.9 CRITICAL

Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi …

Mar 25, 2024
CVE-2024-29385
9.0 CRITICAL

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

Mar 22, 2024
CVE-2024-29185
9.0 CRITICAL

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The …

Mar 22, 2024
CVE-2024-28861
9.8 CRITICAL

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to …

Mar 22, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.