111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden …
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious …
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. …
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit …
Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to …
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download …
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can …
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple …
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like …
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can …
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp …
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by …
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter …
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a …
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart …
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays …
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests …
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the …
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests …
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the …
Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an …
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution …
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in …
Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which allow uploading …
Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution …
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby …
A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade …
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device …
A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may …
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and …
An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.
Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to cause a denial of service via function handle_interface_POST_and_status.
Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to execute arbitrary code via the (1) config, (2) filename, or (3) extratext …
A stored Cross-Site Scripting (XSS) vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 (2025-10-28) in the Account Settings module, where unsanitized user input in Address …
A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of …
A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation …
A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument …
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with …
OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating …
DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit …
DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An …
DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. …
DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context …
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.
Free website and port scanning — find vulnerabilities before attackers do.