CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-54485
2.4 LOW

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker …

Dec 12, 2024
CVE-2024-44290
3.3 LOW

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. …

Dec 12, 2024
CVE-2024-44200
3.3 LOW

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app …

Dec 12, 2024
CVE-2024-12536
3.5 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some …

Dec 12, 2024
CVE-2024-12503
2.4 LOW

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component …

Dec 12, 2024
CVE-2024-12483
3.7 LOW

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the …

Dec 12, 2024
CVE-2023-23472
3.1 LOW

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against …

Dec 11, 2024
CVE-2024-11053
3.4 LOW

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host …

Dec 11, 2024
CVE-2023-37395
2.5 LOW

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

Dec 11, 2024
CVE-2024-52831
3.5 LOW

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged …

Dec 10, 2024
CVE-2024-43755
3.5 LOW

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged …

Dec 10, 2024
CVE-2024-55550
2.7 LOW KEV

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A …

Dec 10, 2024
CVE-2024-53245
3.1 LOW

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ …

Dec 10, 2024
CVE-2024-47577
2.7 LOW

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their …

Dec 10, 2024
CVE-2024-47576
3.3 LOW

SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from …

Dec 10, 2024
CVE-2024-12174
2.7 LOW

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a …

Dec 9, 2024
CVE-2023-28168
3.7 LOW

Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.

Dec 9, 2024
CVE-2023-24375
3.5 LOW

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress …

Dec 9, 2024
CVE-2023-23825
3.1 LOW

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.

Dec 9, 2024
CVE-2023-23814
3.8 LOW

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar …

Dec 9, 2024
CVE-2024-46901
3.1 LOW

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, …

Dec 9, 2024
CVE-2024-12359
3.5 LOW

A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The …

Dec 9, 2024
CVE-2024-12355
3.3 LOW

A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of …

Dec 9, 2024
CVE-2024-12353
3.3 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the …

Dec 9, 2024
CVE-2024-12348
3.5 LOW

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload …

Dec 9, 2024
CVE-2024-12346
3.5 LOW

A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation …

Dec 9, 2024
CVE-2024-6219
3.8 LOW

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not …

Dec 6, 2024
CVE-2024-6156
3.8 LOW

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Dec 6, 2024
CVE-2024-12232
3.5 LOW

A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The …

Dec 5, 2024
CVE-2024-42195
3.1 LOW

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web …

Dec 5, 2024
CVE-2024-54014
3.6 LOW

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier …

Dec 5, 2024
CVE-2024-12183
3.5 LOW

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP …

Dec 4, 2024
CVE-2024-12182
3.5 LOW

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. …

Dec 4, 2024
CVE-2024-12181
3.5 LOW

A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component …

Dec 4, 2024
CVE-2024-12180
3.5 LOW

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument …

Dec 4, 2024
CVE-2024-38829
3.7 LOW

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from …

Dec 4, 2024
CVE-2024-54158
3.5 LOW

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

Dec 4, 2024
CVE-2024-54155
3.7 LOW

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

Dec 4, 2024
CVE-2024-54153
3.1 LOW

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

Dec 4, 2024
CVE-2024-53502
3.8 LOW

Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.

Dec 3, 2024
CVE-2024-53921
2.8 LOW

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via …

Dec 3, 2024
CVE-2024-49417
2.0 LOW

Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required …

Dec 3, 2024
CVE-2024-49414
2.4 LOW

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

Dec 3, 2024
CVE-2024-53564
2.2 LOW

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted …

Dec 2, 2024
CVE-2024-11856
3.7 LOW

A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.

Dec 2, 2024
CVE-2024-12001
3.5 LOW

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component …

Nov 30, 2024
CVE-2024-12000
3.5 LOW

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file …

Nov 30, 2024
CVE-2024-11997
3.5 LOW

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation …

Nov 30, 2024
CVE-2024-11996
3.5 LOW

A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The …

Nov 30, 2024
CVE-2024-11995
3.5 LOW

A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. …

Nov 29, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.