CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-1597
10.0 CRITICAL

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is …

Feb 19, 2024
CVE-2024-24722
9.1 CRITICAL

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the …

Feb 19, 2024
CVE-2023-52381
9.8 CRITICAL

Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Feb 18, 2024
CVE-2023-52378
9.8 CRITICAL

Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Feb 18, 2024
CVE-2023-52370
9.8 CRITICAL

Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

Feb 18, 2024
CVE-2023-52369
9.1 CRITICAL

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.

Feb 18, 2024
CVE-2024-1512
9.8 CRITICAL

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter …

Feb 17, 2024
CVE-2024-0610
9.8 CRITICAL

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, …

Feb 17, 2024
CVE-2024-21915
9.0 CRITICAL

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign …

Feb 16, 2024
CVE-2024-25320
9.8 CRITICAL

Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.

Feb 16, 2024
CVE-2024-24377
9.8 CRITICAL

An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.

Feb 16, 2024
CVE-2024-25414
9.8 CRITICAL

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Feb 16, 2024
CVE-2024-0031
9.8 CRITICAL

In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution …

Feb 16, 2024
CVE-2024-23674
9.6 CRITICAL

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify …

Feb 15, 2024
CVE-2024-23479
9.6 CRITICAL

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated …

Feb 15, 2024
CVE-2024-23476
9.6 CRITICAL

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an …

Feb 15, 2024
CVE-2023-40057
9.0 CRITICAL

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to …

Feb 15, 2024
CVE-2024-25502
9.8 CRITICAL

Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.

Feb 15, 2024
CVE-2023-7081
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.This issue affects Online Payment …

Feb 15, 2024
CVE-2023-5155
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects …

Feb 15, 2024
CVE-2024-23113
9.8 CRITICAL KEV

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 …

Feb 15, 2024
CVE-2024-20720
9.1 CRITICAL

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') …

Feb 15, 2024
CVE-2024-20719
9.1 CRITICAL

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker …

Feb 15, 2024
CVE-2024-20738
9.8 CRITICAL

Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker …

Feb 15, 2024
CVE-2023-39245
9.8 CRITICAL

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit …

Feb 15, 2024
CVE-2023-32484
9.8 CRITICAL

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit …

Feb 15, 2024
CVE-2023-32462
9.8 CRITICAL

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially …

Feb 15, 2024
CVE-2023-28078
9.1 CRITICAL

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this …

Feb 15, 2024
CVE-2024-0390
9.8 CRITICAL

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability …

Feb 15, 2024
CVE-2022-23088
9.8 CRITICAL

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a …

Feb 15, 2024
CVE-2024-26264
9.8 CRITICAL

EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers …

Feb 15, 2024
CVE-2024-26261
9.8 CRITICAL

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific …

Feb 15, 2024
CVE-2024-26260
9.8 CRITICAL

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request …

Feb 15, 2024
CVE-2024-24300
9.8 CRITICAL

4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs …

Feb 14, 2024
CVE-2024-25223
9.8 CRITICAL

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.

Feb 14, 2024
CVE-2024-25222
9.8 CRITICAL

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.

Feb 14, 2024
CVE-2024-25220
9.8 CRITICAL

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.

Feb 14, 2024
CVE-2024-25217
9.8 CRITICAL

Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.

Feb 14, 2024
CVE-2024-25216
9.8 CRITICAL

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.

Feb 14, 2024
CVE-2024-25215
9.8 CRITICAL

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.

Feb 14, 2024
CVE-2024-25214
9.8 CRITICAL

An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.

Feb 14, 2024
CVE-2024-25211
9.8 CRITICAL

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.

Feb 14, 2024
CVE-2024-25210
9.8 CRITICAL

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.

Feb 14, 2024
CVE-2024-25209
9.8 CRITICAL

Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.

Feb 14, 2024
CVE-2023-6441
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System …

Feb 14, 2024
CVE-2024-23786
9.3 CRITICAL

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script …

Feb 14, 2024
CVE-2024-24691
9.6 CRITICAL

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user …

Feb 14, 2024
CVE-2024-24142
9.8 CRITICAL

Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.

Feb 13, 2024
CVE-2024-1378
9.1 CRITICAL

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin …

Feb 13, 2024
CVE-2024-1374
9.1 CRITICAL

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin …

Feb 13, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.