CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-0657
3.4 LOW

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker …

Nov 17, 2024
CVE-2024-11259
3.5 LOW

A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The …

Nov 15, 2024
CVE-2024-52513
2.6 LOW

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to …

Nov 15, 2024
CVE-2024-52512
3.3 LOW

user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to …

Nov 15, 2024
CVE-2024-52509
3.5 LOW

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as …

Nov 15, 2024
CVE-2024-52507
3.5 LOW

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and …

Nov 15, 2024
CVE-2024-46383
2.4 LOW

Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.

Nov 15, 2024
CVE-2024-52525
1.8 LOW

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The …

Nov 15, 2024
CVE-2024-52521
2.6 LOW

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of …

Nov 15, 2024
CVE-2024-52519
2.7 LOW

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got …

Nov 15, 2024
CVE-2024-52516
3.0 LOW

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own …

Nov 15, 2024
CVE-2024-11247
3.5 LOW

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the …

Nov 15, 2024
CVE-2024-11246
3.5 LOW

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of …

Nov 15, 2024
CVE-2024-11240
3.5 LOW

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of …

Nov 15, 2024
CVE-2024-42188
3.7 LOW

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.

Nov 14, 2024
CVE-2024-9633
3.1 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions …

Nov 14, 2024
CVE-2024-11208
3.7 LOW

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The …

Nov 14, 2024
CVE-2024-10977
3.1 LOW

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to …

Nov 14, 2024
CVE-2024-45099
3.1 LOW

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus …

Nov 14, 2024
CVE-2024-38660
3.8 LOW

Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via …

Nov 13, 2024
CVE-2024-33611
3.4 LOW

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service …

Nov 13, 2024
CVE-2024-32667
3.9 LOW

Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.

Nov 13, 2024
CVE-2024-32485
3.9 LOW

Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.

Nov 13, 2024
CVE-2024-28051
2.2 LOW

Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.

Nov 13, 2024
CVE-2024-28030
2.2 LOW

NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.

Nov 13, 2024
CVE-2024-25565
3.8 LOW

Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.

Nov 13, 2024
CVE-2024-25563
3.4 LOW

Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information …

Nov 13, 2024
CVE-2024-11175
3.5 LOW

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component …

Nov 13, 2024
CVE-2024-11168
3.7 LOW

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 …

Nov 12, 2024
CVE-2024-35274
2.3 LOW

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 …

Nov 12, 2024
CVE-2024-11138
2.7 LOW

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument …

Nov 12, 2024
CVE-2024-51749
3.5 LOW

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if …

Nov 12, 2024
CVE-2024-11130
2.4 LOW

A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the …

Nov 12, 2024
CVE-2024-11126
3.1 LOW

A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. …

Nov 12, 2024
CVE-2024-50560
3.1 LOW

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE …

Nov 12, 2024
CVE-2024-47799
3.5 LOW

Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability …

Nov 12, 2024
CVE-2024-48838
3.3 LOW

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local …

Nov 12, 2024
CVE-2024-11102
3.5 LOW

A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Nov 12, 2024
CVE-2024-10672
2.7 LOW

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() …

Nov 12, 2024
CVE-2024-11097
3.3 LOW

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main …

Nov 12, 2024
CVE-2024-47587
3.5 LOW

Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.

Nov 12, 2024
CVE-2024-11078
3.5 LOW

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file …

Nov 11, 2024
CVE-2024-10917
3.7 LOW

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is …

Nov 11, 2024
CVE-2024-11070
3.5 LOW

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of …

Nov 11, 2024
CVE-2024-34015
3.3 LOW

Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) …

Nov 11, 2024
CVE-2024-43427
3.7 LOW

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the …

Nov 11, 2024
CVE-2020-10368
3.5 LOW

Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack.

Nov 10, 2024
CVE-2024-11050
3.5 LOW

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the …

Nov 10, 2024
CVE-2024-11049
3.7 LOW

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component …

Nov 10, 2024
CVE-2024-42000
2.7 LOW

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows …

Nov 9, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.