CVE Database

37788+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-54015
7.5 HIGH

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC …

Feb 11, 2025
CVE-2024-45386
8.8 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo …

Feb 11, 2025
CVE-2025-26411
8.8 HIGH

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to …

Feb 11, 2025
CVE-2025-0525
7.5 HIGH

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an …

Feb 11, 2025
CVE-2024-13643
8.8 HIGH

The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege …

Feb 11, 2025
CVE-2025-1143
8.4 HIGH

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and …

Feb 11, 2025
CVE-2025-25243
8.6 HIGH

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the …

Feb 11, 2025
CVE-2025-24876
8.1 HIGH

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session …

Feb 11, 2025
CVE-2025-24868
7.1 HIGH

The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to …

Feb 11, 2025
CVE-2025-1165
7.3 HIGH

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of …

Feb 11, 2025
CVE-2025-0064
8.7 HIGH

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a …

Feb 11, 2025
CVE-2025-1160
7.3 HIGH

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Feb 10, 2025
CVE-2025-24970
7.5 HIGH

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is …

Feb 10, 2025
CVE-2025-1156
7.3 HIGH

A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. This vulnerability affects unknown code of the file /servlet?act=login. The manipulation …

Feb 10, 2025
CVE-2024-57177
7.3 HIGH

A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change …

Feb 10, 2025
CVE-2024-8550
7.5 HIGH

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from …

Feb 10, 2025
CVE-2024-46436
8.3 HIGH

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.

Feb 10, 2025
CVE-2024-46435
8.0 HIGH

A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially …

Feb 10, 2025
CVE-2024-46434
8.8 HIGH

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially …

Feb 10, 2025
CVE-2024-46433
8.8 HIGH

A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative …

Feb 10, 2025
CVE-2024-46432
8.8 HIGH

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows …

Feb 10, 2025
CVE-2024-46431
8.0 HIGH

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted …

Feb 10, 2025
CVE-2024-46429
8.8 HIGH

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative …

Feb 10, 2025
CVE-2024-42512
8.6 HIGH

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is …

Feb 10, 2025
CVE-2024-27859
8.8 HIGH

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, …

Feb 10, 2025
CVE-2024-13059
7.2 HIGH

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability …

Feb 10, 2025
CVE-2024-57408
7.2 HIGH

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.

Feb 10, 2025
CVE-2024-57407
7.3 HIGH

An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file.

Feb 10, 2025
CVE-2024-54954
8.0 HIGH

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.

Feb 10, 2025
CVE-2025-21693
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU …

Feb 10, 2025
CVE-2025-21692
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index …

Feb 10, 2025
CVE-2025-21687
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space …

Feb 10, 2025
CVE-2024-10334
7.3 HIGH

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability …

Feb 10, 2025
CVE-2025-1193
8.1 HIGH

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and …

Feb 10, 2025
CVE-2024-11621
8.8 HIGH

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle …

Feb 10, 2025
CVE-2024-8684
8.3 HIGH

OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to execute OS commands on the …

Feb 10, 2025
CVE-2024-13440
8.2 HIGH

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due …

Feb 9, 2025
CVE-2025-1117
7.3 HIGH

A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin …

Feb 8, 2025
CVE-2025-1116
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue …

Feb 8, 2025
CVE-2025-25187
7.8 HIGH

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is …

Feb 7, 2025
CVE-2025-24028
7.8 HIGH

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is …

Feb 7, 2025
CVE-2025-24366
7.5 HIGH

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default …

Feb 7, 2025
CVE-2024-57606
7.5 HIGH

SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.

Feb 7, 2025
CVE-2024-57357
8.0 HIGH

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by …

Feb 7, 2025
CVE-2024-55272
7.5 HIGH

An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.

Feb 7, 2025
CVE-2025-1104
7.3 HIGH

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by …

Feb 7, 2025
CVE-2022-26389
7.7 HIGH

An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting …

Feb 7, 2025
CVE-2024-9664
7.2 HIGH

The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of …

Feb 7, 2025
CVE-2024-7419
8.3 HIGH

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom …

Feb 7, 2025
CVE-2024-52884
7.5 HIGH

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access …

Feb 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.