4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of …
A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation …
NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might …
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia …
An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to …
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may …
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may …
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to …
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS …
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.3, macOS …
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi …
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This …
The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks …
A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes …
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable …
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the …
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the …
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the …
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file …
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local …
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is …
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem …
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the …
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability …
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using …
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without …
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server …
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. …
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior …
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and …
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the …
A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the …
A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the …
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of …
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file …
A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The …
A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the …
Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full …
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation …
Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent …
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access …
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation …
A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of …
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an …
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a …
Free website and port scanning — find vulnerabilities before attackers do.