CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-24561
9.8 CRITICAL

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account …

Feb 1, 2024
CVE-2024-23832
9.4 CRITICAL

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all …

Feb 1, 2024
CVE-2024-23653
9.8 CRITICAL

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build …

Jan 31, 2024
CVE-2024-23652
10.0 CRITICAL

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using …

Jan 31, 2024
CVE-2022-47072
9.8 CRITICAL

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box..

Jan 31, 2024
CVE-2024-21917
9.8 CRITICAL

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on …

Jan 31, 2024
CVE-2024-23745
9.8 CRITICAL

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, …

Jan 31, 2024
CVE-2023-5389
9.1 CRITICAL

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit …

Jan 30, 2024
CVE-2024-24333
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.

Jan 30, 2024
CVE-2024-24332
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.

Jan 30, 2024
CVE-2024-24331
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

Jan 30, 2024
CVE-2024-24330
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.

Jan 30, 2024
CVE-2024-24329
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

Jan 30, 2024
CVE-2024-24328
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

Jan 30, 2024
CVE-2024-24327
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.

Jan 30, 2024
CVE-2024-24326
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.

Jan 30, 2024
CVE-2024-24325
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.

Jan 30, 2024
CVE-2024-24324
9.8 CRITICAL

TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.

Jan 30, 2024
CVE-2023-6943
9.8 CRITICAL

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions …

Jan 30, 2024
CVE-2023-51982
9.8 CRITICAL

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, …

Jan 30, 2024
CVE-2023-51837
9.8 CRITICAL

Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.

Jan 30, 2024
CVE-2024-24141
9.8 CRITICAL

Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.

Jan 29, 2024
CVE-2023-51840
9.8 CRITICAL

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.

Jan 29, 2024
CVE-2023-51839
9.1 CRITICAL

DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.

Jan 29, 2024
CVE-2024-23827
9.8 CRITICAL

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if …

Jan 29, 2024
CVE-2024-1015
9.8 CRITICAL

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the …

Jan 29, 2024
CVE-2024-23740
9.8 CRITICAL

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Jan 28, 2024
CVE-2024-23742
9.8 CRITICAL

An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the …

Jan 28, 2024
CVE-2024-23741
9.8 CRITICAL

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Jan 28, 2024
CVE-2024-23739
9.8 CRITICAL

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Jan 28, 2024
CVE-2024-23738
9.8 CRITICAL

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: …

Jan 28, 2024
CVE-2024-22862
9.8 CRITICAL

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.

Jan 27, 2024
CVE-2024-22860
9.8 CRITICAL

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.

Jan 27, 2024
CVE-2023-52389
9.8 CRITICAL

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 …

Jan 27, 2024
CVE-2024-20253
9.9 CRITICAL

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected …

Jan 26, 2024
CVE-2023-38323
9.8 CRITICAL

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have …

Jan 26, 2024
CVE-2023-38319
9.8 CRITICAL

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct …

Jan 26, 2024
CVE-2023-38318
9.8 CRITICAL

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct …

Jan 26, 2024
CVE-2023-38317
9.8 CRITICAL

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have …

Jan 26, 2024
CVE-2024-21326
9.6 CRITICAL

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Jan 26, 2024
CVE-2024-0402
9.9 CRITICAL

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 …

Jan 26, 2024
CVE-2024-23630
9.0 CRITICAL

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is …

Jan 26, 2024
CVE-2024-23629
9.6 CRITICAL

An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve …

Jan 26, 2024
CVE-2024-23628
9.0 CRITICAL

A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication …

Jan 26, 2024
CVE-2024-23627
9.0 CRITICAL

A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication …

Jan 26, 2024
CVE-2024-23626
9.0 CRITICAL

A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication …

Jan 26, 2024
CVE-2024-23625
9.6 CRITICAL

A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution …

Jan 26, 2024
CVE-2024-23624
9.6 CRITICAL

A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on …

Jan 26, 2024
CVE-2024-23622
10.0 CRITICAL

A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code …

Jan 26, 2024
CVE-2024-23621
10.0 CRITICAL

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Jan 26, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.