CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-53861
2.2 LOW

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. …

Nov 29, 2024
CVE-2024-53701
3.1 LOW

Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under …

Nov 29, 2024
CVE-2024-11971
3.5 LOW

A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload …

Nov 28, 2024
CVE-2024-49503
3.5 LOW

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the …

Nov 28, 2024
CVE-2024-49502
3.5 LOW

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows …

Nov 28, 2024
CVE-2024-53855
1.9 LOW

Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management …

Nov 27, 2024
CVE-2024-36464
2.7 LOW

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may …

Nov 27, 2024
CVE-2024-42333
2.7 LOW

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c

Nov 27, 2024
CVE-2024-42332
3.7 LOW

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines …

Nov 27, 2024
CVE-2024-42331
3.3 LOW

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error …

Nov 27, 2024
CVE-2024-42329
3.3 LOW

The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various …

Nov 27, 2024
CVE-2024-42328
3.3 LOW

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in …

Nov 27, 2024
CVE-2024-36468
3.0 LOW

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID …

Nov 27, 2024
CVE-2024-11820
3.5 LOW

A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file …

Nov 27, 2024
CVE-2024-11742
3.5 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of …

Nov 26, 2024
CVE-2024-22117
2.2 LOW

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system …

Nov 26, 2024
CVE-2024-8160
3.8 LOW

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation …

Nov 26, 2024
CVE-2024-11678
3.5 LOW

A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. …

Nov 26, 2024
CVE-2024-11677
3.5 LOW

A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php …

Nov 26, 2024
CVE-2024-11676
3.5 LOW

A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file …

Nov 26, 2024
CVE-2024-11675
3.5 LOW

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the …

Nov 26, 2024
CVE-2024-10492
2.7 LOW

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected …

Nov 25, 2024
CVE-2024-11660
3.5 LOW

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation …

Nov 25, 2024
CVE-2024-7056
3.5 LOW

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to …

Nov 25, 2024
CVE-2024-10710
3.5 LOW

The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …

Nov 25, 2024
CVE-2024-9763
3.3 LOW

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9762
3.3 LOW

Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9761
3.3 LOW

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9760
3.3 LOW

Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9759
3.3 LOW

Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9757
3.3 LOW

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9754
3.3 LOW

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9753
3.3 LOW

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9752
3.3 LOW

Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-9749
3.3 LOW

Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of …

Nov 22, 2024
CVE-2024-52814
2.8 LOW

Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions …

Nov 22, 2024
CVE-2024-45719
2.6 LOW

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some …

Nov 22, 2024
CVE-2024-52054
2.7 LOW

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the …

Nov 21, 2024
CVE-2024-51337
3.5 LOW

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found …

Nov 21, 2024
CVE-2024-11588
3.5 LOW

A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The …

Nov 21, 2024
CVE-2024-11587
3.5 LOW

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of …

Nov 21, 2024
CVE-2024-11493
3.5 LOW

A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the …

Nov 20, 2024
CVE-2024-11492
3.5 LOW

A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of …

Nov 20, 2024
CVE-2024-11491
3.5 LOW

A vulnerability was found in 115cms up to 20240807. It has been rated as problematic. Affected by this issue is some unknown functionality of the …

Nov 20, 2024
CVE-2024-11490
3.5 LOW

A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the …

Nov 20, 2024
CVE-2024-11489
3.5 LOW

A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The …

Nov 20, 2024
CVE-2024-11488
3.5 LOW

A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation …

Nov 20, 2024
CVE-2024-10515
3.5 LOW

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored …

Nov 20, 2024
CVE-2024-51671
2.7 LOW

Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from …

Nov 19, 2024
CVE-2024-5030
3.8 LOW

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to …

Nov 18, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.