CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-22852
9.8 CRITICAL

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.

Feb 6, 2024
CVE-2024-24112
9.8 CRITICAL

xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.

Feb 6, 2024
CVE-2024-0244
9.8 CRITICAL

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger …

Feb 6, 2024
CVE-2023-6234
9.8 CRITICAL

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment …

Feb 6, 2024
CVE-2023-6233
9.8 CRITICAL

Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger …

Feb 6, 2024
CVE-2023-6232
9.8 CRITICAL

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an …

Feb 6, 2024
CVE-2023-6231
9.8 CRITICAL

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger …

Feb 6, 2024
CVE-2023-6230
9.8 CRITICAL

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an …

Feb 6, 2024
CVE-2023-6229
9.8 CRITICAL

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to …

Feb 6, 2024
CVE-2023-46359
9.8 CRITICAL

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on …

Feb 6, 2024
CVE-2024-24398
9.8 CRITICAL

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName …

Feb 6, 2024
CVE-2024-23049
9.8 CRITICAL

An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.

Feb 5, 2024
CVE-2024-0964
9.4 CRITICAL

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

Feb 5, 2024
CVE-2024-0709
9.8 CRITICAL

The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to …

Feb 5, 2024
CVE-2024-0221
9.1 CRITICAL

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 …

Feb 5, 2024
CVE-2023-6989
9.8 CRITICAL

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, …

Feb 5, 2024
CVE-2024-24543
9.8 CRITICAL

Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or …

Feb 5, 2024
CVE-2023-51951
9.8 CRITICAL

SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.

Feb 5, 2024
CVE-2024-23054
9.8 CRITICAL

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components …

Feb 5, 2024
CVE-2024-0323
9.8 CRITICAL

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the …

Feb 5, 2024
CVE-2024-23109
10.0 CRITICAL

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands …

Feb 5, 2024
CVE-2024-23108
10.0 CRITICAL

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands …

Feb 5, 2024
CVE-2021-4436
9.8 CRITICAL

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , …

Feb 5, 2024
CVE-2023-7077
9.8 CRITICAL

Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, …

Feb 5, 2024
CVE-2024-20011
9.8 CRITICAL

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional …

Feb 5, 2024
CVE-2024-25089
9.8 CRITICAL

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.

Feb 4, 2024
CVE-2020-36773
9.8 CRITICAL

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map …

Feb 4, 2024
CVE-2024-24029
9.8 CRITICAL

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.

Feb 2, 2024
CVE-2024-22108
9.8 CRITICAL

An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an …

Feb 2, 2024
CVE-2023-45025
9.0 CRITICAL

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands …

Feb 2, 2024
CVE-2022-34381
9.1 CRITICAL

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. …

Feb 2, 2024
CVE-2023-6675
9.8 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue …

Feb 2, 2024
CVE-2023-47143
10.0 CRITICAL

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. …

Feb 2, 2024
CVE-2023-50488
9.8 CRITICAL

An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.

Feb 2, 2024
CVE-2024-23978
9.8 CRITICAL

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected …

Feb 2, 2024
CVE-2024-1143
9.3 CRITICAL

Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.

Feb 2, 2024
CVE-2024-24482
9.8 CRITICAL

Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.

Feb 2, 2024
CVE-2024-22533
9.8 CRITICAL

Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the …

Feb 2, 2024
CVE-2024-22320
9.8 CRITICAL

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending …

Feb 2, 2024
CVE-2024-23746
9.8 CRITICAL

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a …

Feb 2, 2024
CVE-2024-22902
9.8 CRITICAL

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.

Feb 2, 2024
CVE-2024-22901
9.8 CRITICAL

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.

Feb 2, 2024
CVE-2023-48793
9.8 CRITICAL

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

Feb 2, 2024
CVE-2023-48792
9.8 CRITICAL

Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.

Feb 2, 2024
CVE-2024-21764
9.8 CRITICAL

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a …

Feb 2, 2024
CVE-2023-49617
10.0 CRITICAL

The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without …

Feb 1, 2024
CVE-2023-46706
9.1 CRITICAL

Multiple MachineSense devices have credentials unable to be changed by the user or administrator.

Feb 1, 2024
CVE-2024-1039
9.8 CRITICAL

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management …

Feb 1, 2024
CVE-2023-4472
9.8 CRITICAL

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated …

Feb 1, 2024
CVE-2023-5841
9.1 CRITICAL

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing …

Feb 1, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.