CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-2636
9.0 CRITICAL

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via …

Mar 19, 2024
CVE-2024-2615
9.8 CRITICAL

Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

Mar 19, 2024
CVE-2023-40276
9.1 CRITICAL

An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.

Mar 19, 2024
CVE-2023-40275
9.1 CRITICAL

An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.

Mar 19, 2024
CVE-2024-24578
10.0 CRITICAL

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, …

Mar 18, 2024
CVE-2024-21652
9.8 CRITICAL

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of …

Mar 18, 2024
CVE-2024-2051
9.8 CRITICAL

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force …

Mar 18, 2024
CVE-2024-2599
9.9 CRITICAL

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire …

Mar 18, 2024
CVE-2024-28537
9.8 CRITICAL

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.

Mar 18, 2024
CVE-2024-27768
9.8 CRITICAL

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

Mar 18, 2024
CVE-2024-27767
10.0 CRITICAL

CWE-287: Improper Authentication may allow Authentication Bypass

Mar 18, 2024
CVE-2024-28125
9.8 CRITICAL

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a …

Mar 18, 2024
CVE-2024-29151
9.1 CRITICAL

Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.

Mar 18, 2024
CVE-2021-47157
9.8 CRITICAL

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.

Mar 18, 2024
CVE-2021-47155
9.1 CRITICAL

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to …

Mar 18, 2024
CVE-2018-25099
9.8 CRITICAL

In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.

Mar 18, 2024
CVE-2022-47036
9.8 CRITICAL

Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. …

Mar 18, 2024
CVE-2024-27957
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.

Mar 17, 2024
CVE-2024-28639
9.8 CRITICAL

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via …

Mar 16, 2024
CVE-2024-28255
9.8 CRITICAL

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles …

Mar 15, 2024
CVE-2024-28253
9.4 CRITICAL

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also …

Mar 15, 2024
CVE-2023-7017
9.8 CRITICAL

Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge …

Mar 15, 2024
CVE-2023-7006
9.1 CRITICAL

The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.

Mar 15, 2024
CVE-2024-28752
9.3 CRITICAL

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks …

Mar 15, 2024
CVE-2024-28354
10.0 CRITICAL

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters …

Mar 15, 2024
CVE-2024-25227
9.8 CRITICAL

SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive …

Mar 15, 2024
CVE-2024-1917
9.8 CRITICAL

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code …

Mar 15, 2024
CVE-2024-1916
9.8 CRITICAL

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code …

Mar 15, 2024
CVE-2024-1915
9.8 CRITICAL

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on …

Mar 15, 2024
CVE-2024-0803
9.8 CRITICAL

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code …

Mar 15, 2024
CVE-2024-0802
9.8 CRITICAL

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from …

Mar 15, 2024
CVE-2024-26503
9.1 CRITICAL

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to …

Mar 14, 2024
CVE-2023-42286
9.8 CRITICAL

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully …

Mar 14, 2024
CVE-2024-28423
9.8 CRITICAL

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code …

Mar 14, 2024
CVE-2024-25139
10.0 CRITICAL

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After …

Mar 14, 2024
CVE-2024-28383
9.8 CRITICAL

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.

Mar 14, 2024
CVE-2024-28391
9.8 CRITICAL

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the …

Mar 14, 2024
CVE-2024-28390
9.8 CRITICAL

An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access …

Mar 14, 2024
CVE-2024-28388
9.8 CRITICAL

SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the …

Mar 14, 2024
CVE-2024-28175
9.0 CRITICAL

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations …

Mar 13, 2024
CVE-2024-27102
9.9 CRITICAL

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used …

Mar 13, 2024
CVE-2024-25250
9.8 CRITICAL

SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.

Mar 13, 2024
CVE-2023-41505
9.8 CRITICAL

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via …

Mar 13, 2024
CVE-2024-28194
9.1 CRITICAL

your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication …

Mar 13, 2024
CVE-2024-0799
9.8 CRITICAL

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.

Mar 13, 2024
CVE-2024-2172
9.8 CRITICAL

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability …

Mar 13, 2024
CVE-2024-1071
9.8 CRITICAL

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the …

Mar 13, 2024
CVE-2023-6825
9.9 CRITICAL

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) …

Mar 13, 2024
CVE-2024-25153
9.8 CRITICAL

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a …

Mar 13, 2024
CVE-2024-2413
9.8 CRITICAL

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and …

Mar 13, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.