CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-27764
9.8 CRITICAL

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.

Mar 5, 2024
CVE-2024-24276
9.6 CRITICAL

Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload …

Mar 5, 2024
CVE-2024-24275
9.6 CRITICAL

Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to …

Mar 5, 2024
CVE-2024-2056
9.8 CRITICAL

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service …

Mar 5, 2024
CVE-2024-2055
9.8 CRITICAL

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication …

Mar 5, 2024
CVE-2024-22253
9.3 CRITICAL

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine …

Mar 5, 2024
CVE-2024-22252
9.3 CRITICAL

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine …

Mar 5, 2024
CVE-2024-27565
9.8 CRITICAL

A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests.

Mar 5, 2024
CVE-2023-7103
9.8 CRITICAL

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024.

Mar 5, 2024
CVE-2024-26339
9.1 CRITICAL

swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.

Mar 5, 2024
CVE-2024-21815
9.1 CRITICAL

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher …

Mar 5, 2024
CVE-2023-49970
9.8 CRITICAL

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket.

Mar 5, 2024
CVE-2023-49547
9.8 CRITICAL

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.

Mar 5, 2024
CVE-2024-27198
9.8 CRITICAL KEV

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Mar 4, 2024
CVE-2023-43553
9.8 CRITICAL

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

Mar 4, 2024
CVE-2023-43552
9.8 CRITICAL

Memory corruption while processing MBSSID beacon containing several subelement IE.

Mar 4, 2024
CVE-2023-28582
9.8 CRITICAL

Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.

Mar 4, 2024
CVE-2023-28578
9.3 CRITICAL

Memory corruption in Core Services while executing the command for removing a single event listener.

Mar 4, 2024
CVE-2024-20018
9.8 CRITICAL

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with …

Mar 4, 2024
CVE-2024-20017
9.8 CRITICAL

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no …

Mar 4, 2024
CVE-2024-25847
9.8 CRITICAL

SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain …

Mar 3, 2024
CVE-2024-24302
9.8 CRITICAL

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, …

Mar 3, 2024
CVE-2024-27747
9.8 CRITICAL

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter …

Mar 1, 2024
CVE-2024-27746
9.8 CRITICAL

SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter …

Mar 1, 2024
CVE-2023-49543
9.8 CRITICAL

Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.

Mar 1, 2024
CVE-2024-21767
9.4 CRITICAL

A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.

Mar 1, 2024
CVE-2023-7244
9.8 CRITICAL

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function …

Mar 1, 2024
CVE-2023-7243
9.8 CRITICAL

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. …

Mar 1, 2024
CVE-2024-27298
10.0 CRITICAL

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The …

Mar 1, 2024
CVE-2024-1624
9.4 CRITICAL

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release …

Mar 1, 2024
CVE-2024-25091
9.1 CRITICAL

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using …

Mar 1, 2024
CVE-2024-25293
9.3 CRITICAL

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.

Mar 1, 2024
CVE-2024-22891
9.8 CRITICAL

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

Mar 1, 2024
CVE-2024-26548
9.8 CRITICAL

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.

Feb 29, 2024
CVE-2024-25180
9.8 CRITICAL

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed …

Feb 29, 2024
CVE-2024-0864
9.8 CRITICAL

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a …

Feb 29, 2024
CVE-2024-25292
9.6 CRITICAL

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title …

Feb 29, 2024
CVE-2024-25291
9.8 CRITICAL

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.

Feb 29, 2024
CVE-2024-1981
9.8 CRITICAL

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping …

Feb 29, 2024
CVE-2024-24525
9.8 CRITICAL

An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.

Feb 29, 2024
CVE-2023-6090
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.

Feb 29, 2024
CVE-2023-51801
9.8 CRITICAL

SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id …

Feb 29, 2024
CVE-2024-27516
9.8 CRITICAL

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in …

Feb 29, 2024
CVE-2024-25833
9.8 CRITICAL

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.

Feb 29, 2024
CVE-2024-25830
9.8 CRITICAL

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending …

Feb 29, 2024
CVE-2024-25128
9.1 CRITICAL

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an …

Feb 29, 2024
CVE-2024-25065
9.1 CRITICAL

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

Feb 29, 2024
CVE-2024-23807
9.8 CRITICAL

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended …

Feb 29, 2024
CVE-2024-23328
9.1 CRITICAL

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. …

Feb 29, 2024
CVE-2024-23052
9.8 CRITICAL

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.

Feb 29, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.