CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-47458
9.8 CRITICAL

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

Jan 2, 2024
CVE-2023-48419
10.0 CRITICAL

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege

Jan 2, 2024
CVE-2023-4280
9.3 CRITICAL

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of …

Jan 2, 2024
CVE-2023-6436
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: …

Jan 2, 2024
CVE-2023-33032
9.3 CRITICAL

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

Jan 2, 2024
CVE-2023-33030
9.3 CRITICAL

Memory corruption in HLOS while running playready use-case.

Jan 2, 2024
CVE-2023-33025
9.8 CRITICAL

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

Jan 2, 2024
CVE-2023-32874
9.8 CRITICAL

In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution …

Jan 2, 2024
CVE-2023-5877
9.8 CRITICAL

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, …

Jan 1, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.