9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.
A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter …
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application …
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the …
Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library …
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access …
`discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's …
Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and …
Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before …
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before …
Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP …
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, …
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and …
Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch …
Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and …
Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP …
Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 …
Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service …
Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 …
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are …
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target …
Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering …
An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.
A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr …
An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can …
An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can …
A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead …
An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file …
A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file …
An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can …
A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi …
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize …
An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead …
Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the …
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack …
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, …
In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o …
The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be …
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This …
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application …
Free website and port scanning — find vulnerabilities before attackers do.