CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-49599
9.8 CRITICAL

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can …

Jan 10, 2024
CVE-2023-48728
9.6 CRITICAL

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request …

Jan 10, 2024
CVE-2023-47862
9.8 CRITICAL

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to …

Jan 10, 2024
CVE-2023-47861
9.0 CRITICAL

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP …

Jan 10, 2024
CVE-2023-51965
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.

Jan 10, 2024
CVE-2023-51964
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.

Jan 10, 2024
CVE-2023-51963
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.

Jan 10, 2024
CVE-2023-51960
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.

Jan 10, 2024
CVE-2023-51959
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.

Jan 10, 2024
CVE-2023-51958
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.

Jan 10, 2024
CVE-2023-51957
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.

Jan 10, 2024
CVE-2023-51956
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv

Jan 10, 2024
CVE-2023-51955
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.

Jan 10, 2024
CVE-2023-51954
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.

Jan 10, 2024
CVE-2023-51953
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

Jan 10, 2024
CVE-2023-51952
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.

Jan 10, 2024
CVE-2023-51966
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

Jan 10, 2024
CVE-2023-51961
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.

Jan 10, 2024
CVE-2023-51972
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.

Jan 10, 2024
CVE-2023-51971
9.8 CRITICAL

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.

Jan 10, 2024
CVE-2020-26629
9.8 CRITICAL

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the …

Jan 10, 2024
CVE-2022-46025
9.1 CRITICAL

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi …

Jan 10, 2024
CVE-2023-31446
9.8 CRITICAL

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with …

Jan 10, 2024
CVE-2023-3043
9.6 CRITICAL

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of …

Jan 9, 2024
CVE-2023-37293
9.6 CRITICAL

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of …

Jan 9, 2024
CVE-2024-0057
9.1 CRITICAL

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Jan 9, 2024
CVE-2023-7221
9.8 CRITICAL

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the …

Jan 9, 2024
CVE-2023-5347
9.8 CRITICAL

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This …

Jan 9, 2024
CVE-2023-51438
10.0 CRITICAL

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage …

Jan 9, 2024
CVE-2023-49621
9.8 CRITICAL

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential …

Jan 9, 2024
CVE-2023-50585
9.8 CRITICAL

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Jan 9, 2024
CVE-2023-49237
9.8 CRITICAL

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language …

Jan 9, 2024
CVE-2023-49236
9.8 CRITICAL

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation …

Jan 9, 2024
CVE-2023-49235
9.8 CRITICAL

An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker …

Jan 9, 2024
CVE-2023-7220
9.8 CRITICAL

A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The …

Jan 9, 2024
CVE-2023-51717
9.8 CRITICAL

Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.

Jan 9, 2024
CVE-2023-49238
9.8 CRITICAL

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a …

Jan 9, 2024
CVE-2023-26999
9.8 CRITICAL

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.

Jan 9, 2024
CVE-2024-21646
9.8 CRITICAL

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When …

Jan 9, 2024
CVE-2023-50643
9.8 CRITICAL

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.

Jan 9, 2024
CVE-2024-21663
9.9 CRITICAL

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote …

Jan 9, 2024
CVE-2023-52202
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist …

Jan 8, 2024
CVE-2023-52205
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through …

Jan 8, 2024
CVE-2023-52200
9.6 CRITICAL

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This …

Jan 8, 2024
CVE-2023-50982
9.0 CRITICAL

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This …

Jan 8, 2024
CVE-2023-52207
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through …

Jan 8, 2024
CVE-2018-25095
9.8 CRITICAL

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script …

Jan 8, 2024
CVE-2023-52225
10.0 CRITICAL

Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social …

Jan 8, 2024
CVE-2023-52219
9.9 CRITICAL

Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1.

Jan 8, 2024
CVE-2023-52218
10.0 CRITICAL

Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8.

Jan 8, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.