CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-1372
9.1 CRITICAL

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin …

Feb 13, 2024
CVE-2024-1369
9.1 CRITICAL

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin …

Feb 13, 2024
CVE-2024-1359
9.1 CRITICAL

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin …

Feb 13, 2024
CVE-2024-1355
9.1 CRITICAL

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin …

Feb 13, 2024
CVE-2024-21413
9.8 CRITICAL KEV

Microsoft Outlook Remote Code Execution Vulnerability

Feb 13, 2024
CVE-2024-21410
9.8 CRITICAL KEV

Microsoft Exchange Server Elevation of Privilege Vulnerability

Feb 13, 2024
CVE-2024-21403
9.0 CRITICAL

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Feb 13, 2024
CVE-2024-21401
9.8 CRITICAL

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

Feb 13, 2024
CVE-2024-21376
9.0 CRITICAL

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

Feb 13, 2024
CVE-2024-21364
9.3 CRITICAL

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

Feb 13, 2024
CVE-2024-22923
9.8 CRITICAL

SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.

Feb 13, 2024
CVE-2024-23816
9.8 CRITICAL

A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location …

Feb 13, 2024
CVE-2022-48623
9.1 CRITICAL

The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of …

Feb 13, 2024
CVE-2024-22131
9.1 CRITICAL

In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a …

Feb 13, 2024
CVE-2023-42374
9.8 CRITICAL

An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted …

Feb 13, 2024
CVE-2024-23763
9.8 CRITICAL

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.

Feb 12, 2024
CVE-2024-23761
9.8 CRITICAL

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.

Feb 12, 2024
CVE-2024-23759
9.8 CRITICAL

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

Feb 12, 2024
CVE-2024-25110
9.8 CRITICAL

The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue …

Feb 12, 2024
CVE-2024-25108
9.9 CRITICAL

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than …

Feb 12, 2024
CVE-2023-6036
9.8 CRITICAL

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and …

Feb 12, 2024
CVE-2024-24797
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: …

Feb 12, 2024
CVE-2024-25100
10.0 CRITICAL

Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.

Feb 12, 2024
CVE-2024-25722
9.8 CRITICAL

qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.

Feb 11, 2024
CVE-2024-25718
9.8 CRITICAL

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session …

Feb 11, 2024
CVE-2024-25714
9.8 CRITICAL

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first …

Feb 11, 2024
CVE-2024-23724
9.0 CRITICAL

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that …

Feb 11, 2024
CVE-2024-25316
9.8 CRITICAL

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.

Feb 9, 2024
CVE-2024-25315
9.8 CRITICAL

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.

Feb 9, 2024
CVE-2024-25314
9.8 CRITICAL

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.

Feb 9, 2024
CVE-2024-25307
9.8 CRITICAL

Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."

Feb 9, 2024
CVE-2024-25302
9.8 CRITICAL

Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.

Feb 9, 2024
CVE-2023-6677
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online …

Feb 9, 2024
CVE-2024-25678
9.8 CRITICAL

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.

Feb 9, 2024
CVE-2024-25675
9.8 CRITICAL

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related …

Feb 9, 2024
CVE-2024-25674
9.8 CRITICAL

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME …

Feb 9, 2024
CVE-2024-21762
9.8 CRITICAL KEV

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, …

Feb 9, 2024
CVE-2024-24308
9.8 CRITICAL

SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, …

Feb 9, 2024
CVE-2023-50026
9.8 CRITICAL

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain …

Feb 9, 2024
CVE-2023-46350
9.8 CRITICAL

SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and …

Feb 9, 2024
CVE-2023-46687
9.8 CRITICAL

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.

Feb 9, 2024
CVE-2024-24825
9.1 CRITICAL

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose …

Feb 9, 2024
CVE-2024-25106
9.1 CRITICAL

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in …

Feb 8, 2024
CVE-2024-24830
9.9 CRITICAL

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the …

Feb 8, 2024
CVE-2023-47132
9.8 CRITICAL

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

Feb 8, 2024
CVE-2024-24393
9.8 CRITICAL

File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.

Feb 8, 2024
CVE-2023-40266
9.8 CRITICAL

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.

Feb 8, 2024
CVE-2024-24496
9.8 CRITICAL

An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.

Feb 8, 2024
CVE-2024-24495
9.8 CRITICAL

SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.

Feb 8, 2024
CVE-2024-22836
9.8 CRITICAL

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system …

Feb 8, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.