CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-24101
9.8 CRITICAL

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.

Mar 12, 2024
CVE-2024-24093
9.8 CRITICAL

SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.

Mar 12, 2024
CVE-2024-21400
9.0 CRITICAL

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Mar 12, 2024
CVE-2024-21334
9.8 CRITICAL

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Mar 12, 2024
CVE-2024-1527
9.8 CRITICAL

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload …

Mar 12, 2024
CVE-2024-1301
9.8 CRITICAL

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server …

Mar 12, 2024
CVE-2023-48788
9.8 CRITICAL KEV

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows …

Mar 12, 2024
CVE-2023-47534
9.6 CRITICAL

A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through …

Mar 12, 2024
CVE-2023-42789
9.8 CRITICAL

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through …

Mar 12, 2024
CVE-2024-28553
9.8 CRITICAL

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.

Mar 12, 2024
CVE-2024-28535
9.8 CRITICAL

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.

Mar 12, 2024
CVE-2024-22039
10.0 CRITICAL

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < …

Mar 12, 2024
CVE-2023-41313
9.8 CRITICAL

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, …

Mar 12, 2024
CVE-2022-32257
9.8 CRITICAL

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper …

Mar 12, 2024
CVE-2024-25995
9.8 CRITICAL

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.

Mar 12, 2024
CVE-2024-25331
9.3 CRITICAL

DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based …

Mar 12, 2024
CVE-2024-22127
9.1 CRITICAL

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads …

Mar 12, 2024
CVE-2023-49785
9.1 CRITICAL

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery …

Mar 12, 2024
CVE-2024-27228
9.8 CRITICAL

there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution …

Mar 11, 2024
CVE-2024-27227
9.8 CRITICAL

A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues

Mar 11, 2024
CVE-2024-27207
9.1 CRITICAL

Exported broadcast receivers allowing malicious apps to bypass broadcast protection.

Mar 11, 2024
CVE-2024-0039
9.8 CRITICAL

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution …

Mar 11, 2024
CVE-2024-2184
9.8 CRITICAL

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the …

Mar 11, 2024
CVE-2023-46427
9.8 CRITICAL

An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information …

Mar 9, 2024
CVE-2023-49340
9.8 CRITICAL

An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control …

Mar 9, 2024
CVE-2024-21899
9.8 CRITICAL

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security …

Mar 8, 2024
CVE-2024-25849
9.8 CRITICAL

In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .

Mar 8, 2024
CVE-2024-25845
9.8 CRITICAL

In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.

Mar 8, 2024
CVE-2024-2044
9.9 CRITICAL

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, …

Mar 7, 2024
CVE-2024-0818
9.1 CRITICAL

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

Mar 7, 2024
CVE-2024-0917
9.8 CRITICAL

remote code execution in paddlepaddle/paddle 2.6.0

Mar 7, 2024
CVE-2023-42662
9.3 CRITICAL

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could …

Mar 7, 2024
CVE-2023-41503
9.8 CRITICAL

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.

Mar 7, 2024
CVE-2023-41014
9.8 CRITICAL

code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer."

Mar 7, 2024
CVE-2024-28222
9.8 CRITICAL

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and …

Mar 7, 2024
CVE-2024-28213
9.8 CRITICAL

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects …

Mar 7, 2024
CVE-2024-28212
9.8 CRITICAL

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

Mar 7, 2024
CVE-2024-28211
9.8 CRITICAL

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote …

Mar 7, 2024
CVE-2024-22857
9.8 CRITICAL

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) …

Mar 7, 2024
CVE-2023-51786
9.1 CRITICAL

An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access …

Mar 7, 2024
CVE-2023-49989
9.8 CRITICAL

Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.

Mar 7, 2024
CVE-2024-27307
9.8 CRITICAL

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the …

Mar 6, 2024
CVE-2024-27304
9.8 CRITICAL

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to …

Mar 6, 2024
CVE-2024-27302
9.1 CRITICAL

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array …

Mar 6, 2024
CVE-2024-24767
9.1 CRITICAL

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which …

Mar 6, 2024
CVE-2023-50716
9.6 CRITICAL

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, …

Mar 6, 2024
CVE-2024-2005
9.0 CRITICAL

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® …

Mar 6, 2024
CVE-2024-26580
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read …

Mar 6, 2024
CVE-2023-38945
9.8 CRITICAL

Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access …

Mar 6, 2024
CVE-2023-38944
9.8 CRITICAL

An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the …

Mar 6, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.