CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-52153
9.8 CRITICAL

A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.

Feb 21, 2024
CVE-2023-51828
9.8 CRITICAL

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter …

Feb 21, 2024
CVE-2024-25124
9.4 CRITICAL

Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application …

Feb 21, 2024
CVE-2023-37177
9.8 CRITICAL

SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the …

Feb 21, 2024
CVE-2023-24331
9.8 CRITICAL

Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.

Feb 21, 2024
CVE-2024-25249
9.8 CRITICAL

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Feb 21, 2024
CVE-2024-25897
9.8 CRITICAL

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

Feb 21, 2024
CVE-2024-25894
9.8 CRITICAL

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.

Feb 21, 2024
CVE-2024-25893
9.1 CRITICAL

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

Feb 21, 2024
CVE-2024-1212
10.0 CRITICAL KEV

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Feb 21, 2024
CVE-2024-23346
9.3 CRITICAL

Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library …

Feb 21, 2024
CVE-2024-1709
10.0 CRITICAL KEV

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access …

Feb 21, 2024
CVE-2023-46241
9.0 CRITICAL

`discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's …

Feb 21, 2024
CVE-2023-47795
9.0 CRITICAL

Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and …

Feb 21, 2024
CVE-2024-26269
9.6 CRITICAL

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before …

Feb 21, 2024
CVE-2024-26266
9.0 CRITICAL

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before …

Feb 21, 2024
CVE-2024-25603
9.0 CRITICAL

Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP …

Feb 21, 2024
CVE-2024-1631
9.1 CRITICAL

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, …

Feb 21, 2024
CVE-2023-42498
9.6 CRITICAL

Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and …

Feb 21, 2024
CVE-2023-42496
9.6 CRITICAL

Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch …

Feb 21, 2024
CVE-2023-40191
9.0 CRITICAL

Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and …

Feb 21, 2024
CVE-2024-25602
9.0 CRITICAL

Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP …

Feb 21, 2024
CVE-2024-25601
9.0 CRITICAL

Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 …

Feb 21, 2024
CVE-2024-25152
9.0 CRITICAL

Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service …

Feb 21, 2024
CVE-2024-25147
9.6 CRITICAL

Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 …

Feb 21, 2024
CVE-2024-25141
9.1 CRITICAL

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are …

Feb 20, 2024
CVE-2024-22245
9.6 CRITICAL

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target …

Feb 20, 2024
CVE-2024-0794
9.8 CRITICAL

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering …

Feb 20, 2024
CVE-2024-25274
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

Feb 20, 2024
CVE-2024-23809
9.8 CRITICAL

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr …

Feb 20, 2024
CVE-2024-23606
9.8 CRITICAL

An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can …

Feb 20, 2024
CVE-2024-23313
9.8 CRITICAL

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can …

Feb 20, 2024
CVE-2024-23310
9.8 CRITICAL

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead …

Feb 20, 2024
CVE-2024-23305
9.8 CRITICAL

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file …

Feb 20, 2024
CVE-2024-22097
9.8 CRITICAL

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file …

Feb 20, 2024
CVE-2024-21812
9.8 CRITICAL

An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can …

Feb 20, 2024
CVE-2024-21795
9.8 CRITICAL

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi …

Feb 20, 2024
CVE-2024-23114
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize …

Feb 20, 2024
CVE-2024-22824
9.8 CRITICAL

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.

Feb 20, 2024
CVE-2023-45318
10.0 CRITICAL

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead …

Feb 20, 2024
CVE-2024-25198
9.1 CRITICAL

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

Feb 20, 2024
CVE-2024-1554
9.8 CRITICAL

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the …

Feb 20, 2024
CVE-2024-25610
9.0 CRITICAL

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack …

Feb 20, 2024
CVE-2023-49109
9.8 CRITICAL

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, …

Feb 20, 2024
CVE-2024-1608
9.1 CRITICAL

In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o …

Feb 20, 2024
CVE-2024-21896
9.8 CRITICAL

The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be …

Feb 20, 2024
CVE-2024-1651
10.0 CRITICAL

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.

Feb 20, 2024
CVE-2024-1644
9.9 CRITICAL

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.

Feb 20, 2024
CVE-2023-6260
9.0 CRITICAL

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This …

Feb 19, 2024
CVE-2023-50257
9.6 CRITICAL

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application …

Feb 19, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.