36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 …
Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through …
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos …
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In io_link_skb function, there is a bug where …
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: …
In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct …
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker …
In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to …
GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed …
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make …
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is …
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into …
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk …
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, …
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in …
Memory corruption while invoking remote procedure IOCTL calls.
Memory corruption while allocating buffers in DSP service.
Memory corruption while processing user buffers.
Memory corruption while processing an escape call.
Memory corruption while processing control commands in the virtual memory management interface.
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.
memory corruption while processing an image encoding completion event.
Memory corruption while processing IOCTL call to get the mapping.
Memory corruption while processing escape commands from userspace.
Memory corruption while performing SCM call with malformed inputs.
Memory corruption while performing SCM call.
Memory corruption while processing a malformed license file during reboot.
Memory corruption during PlayReady APP usecase while processing TA commands.
Memory corruption while processing camera platform driver IOCTL calls.
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. …
A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to …
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument …
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument …
A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads …
A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn …
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, …
A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes …
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation …
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The …
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument …
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of …
An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of …
An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" …
A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to …
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell …
A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the …
A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of …
A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of …
Free website and port scanning — find vulnerabilities before attackers do.