CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-31030
9.3 CRITICAL

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially …

Jan 12, 2024
CVE-2023-31029
9.3 CRITICAL

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by …

Jan 12, 2024
CVE-2023-31024
9.0 CRITICAL

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially …

Jan 12, 2024
CVE-2024-21887
9.1 CRITICAL KEV

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send …

Jan 12, 2024
CVE-2023-49262
9.8 CRITICAL

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.

Jan 12, 2024
CVE-2023-49255
9.8 CRITICAL

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, …

Jan 12, 2024
CVE-2023-49253
9.8 CRITICAL

Root user password is hardcoded into the device and cannot be changed in the user interface.

Jan 12, 2024
CVE-2023-7028
10.0 CRITICAL KEV

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 …

Jan 12, 2024
CVE-2023-52026
9.8 CRITICAL

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface

Jan 12, 2024
CVE-2023-49569
9.8 CRITICAL

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. …

Jan 12, 2024
CVE-2023-30016
9.8 CRITICAL

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.

Jan 12, 2024
CVE-2023-30015
9.8 CRITICAL

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.

Jan 12, 2024
CVE-2023-30014
9.8 CRITICAL

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.

Jan 12, 2024
CVE-2023-50919
9.8 CRITICAL

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, …

Jan 12, 2024
CVE-2023-37117
9.8 CRITICAL

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

Jan 12, 2024
CVE-2022-48620
9.8 CRITICAL

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

Jan 12, 2024
CVE-2016-20021
9.8 CRITICAL

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature …

Jan 12, 2024
CVE-2024-21591
9.8 CRITICAL

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a …

Jan 12, 2024
CVE-2023-51350
9.8 CRITICAL

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For …

Jan 11, 2024
CVE-2024-22199
9.3 CRITICAL

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications …

Jan 11, 2024
CVE-2024-23061
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

Jan 11, 2024
CVE-2024-23060
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.

Jan 11, 2024
CVE-2024-23059
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.

Jan 11, 2024
CVE-2024-23058
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

Jan 11, 2024
CVE-2024-23057
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

Jan 11, 2024
CVE-2024-22942
9.8 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.

Jan 11, 2024
CVE-2023-51987
9.8 CRITICAL

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.

Jan 11, 2024
CVE-2023-51984
9.8 CRITICAL

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.

Jan 11, 2024
CVE-2023-6875
9.8 CRITICAL

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of …

Jan 11, 2024
CVE-2023-6567
9.8 CRITICAL

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to …

Jan 11, 2024
CVE-2023-6316
9.8 CRITICAL

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions …

Jan 11, 2024
CVE-2023-52032
9.8 CRITICAL

TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.

Jan 11, 2024
CVE-2023-52031
9.8 CRITICAL

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.

Jan 11, 2024
CVE-2023-52030
9.8 CRITICAL

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.

Jan 11, 2024
CVE-2023-52029
9.8 CRITICAL

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.

Jan 11, 2024
CVE-2023-52028
9.8 CRITICAL

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.

Jan 11, 2024
CVE-2023-52027
9.8 CRITICAL

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.

Jan 11, 2024
CVE-2023-6699
9.1 CRITICAL

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the …

Jan 11, 2024
CVE-2024-21669
9.9 CRITICAL

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable …

Jan 11, 2024
CVE-2024-21638
9.1 CRITICAL

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address …

Jan 10, 2024
CVE-2023-51123
9.8 CRITICAL

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in …

Jan 10, 2024
CVE-2023-40414
9.8 CRITICAL

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma …

Jan 10, 2024
CVE-2023-52064
9.8 CRITICAL

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.

Jan 10, 2024
CVE-2023-51126
9.8 CRITICAL

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has …

Jan 10, 2024
CVE-2023-31488
9.8 CRITICAL

Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, …

Jan 10, 2024
CVE-2023-51970
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

Jan 10, 2024
CVE-2023-51969
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.

Jan 10, 2024
CVE-2023-51968
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.

Jan 10, 2024
CVE-2023-51967
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.

Jan 10, 2024
CVE-2023-51962
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.

Jan 10, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.