4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for …
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The …
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only …
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only …
A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component …
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is …
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the …
A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component …
A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component …
Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server …
A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component …
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log …
IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, …
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin …
A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component …
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of …
An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments …
IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into …
Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using …
Free website and port scanning — find vulnerabilities before attackers do.