CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-30106
3.5 LOW

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive …

Oct 28, 2024
CVE-2024-44265
2.4 LOW

The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura …

Oct 28, 2024
CVE-2024-44251
2.4 LOW

This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view …

Oct 28, 2024
CVE-2024-44222
3.3 LOW

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An …

Oct 28, 2024
CVE-2024-44123
2.3 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with …

Oct 28, 2024
CVE-2024-40853
3.3 LOW

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may …

Oct 28, 2024
CVE-2024-40851
2.4 LOW

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with …

Oct 28, 2024
CVE-2024-40792
3.3 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network …

Oct 28, 2024
CVE-2024-27849
3.3 LOW

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be …

Oct 28, 2024
CVE-2024-49755
3.1 LOW

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim …

Oct 28, 2024
CVE-2024-10214
3.5 LOW

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop …

Oct 28, 2024
CVE-2024-8013
2.2 LOW

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to …

Oct 28, 2024
CVE-2024-23843
2.2 LOW

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects …

Oct 28, 2024
CVE-2024-10433
3.5 LOW

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of …

Oct 28, 2024
CVE-2024-50610
3.6 LOW

GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.

Oct 27, 2024
CVE-2024-10419
3.5 LOW

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality …

Oct 27, 2024
CVE-2024-10414
2.4 LOW

A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The …

Oct 27, 2024
CVE-2024-10412
3.5 LOW

A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file …

Oct 27, 2024
CVE-2024-47483
2.9 LOW

Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker …

Oct 25, 2024
CVE-2024-10348
3.5 LOW

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the …

Oct 24, 2024
CVE-2023-50355
3.6 LOW

HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.

Oct 23, 2024
CVE-2024-10276
3.5 LOW

A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports …

Oct 23, 2024
CVE-2024-43173
3.7 LOW

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

Oct 22, 2024
CVE-2024-50057
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Free IRQ only if it was requested before In polling mode, if …

Oct 21, 2024
CVE-2024-50044
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must …

Oct 21, 2024
CVE-2024-47738
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't use rate mask for offchannel TX either Like the commit ab9177d83c04 ("wifi: …

Oct 21, 2024
CVE-2024-10199
2.4 LOW

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Oct 21, 2024
CVE-2024-10198
2.4 LOW

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Oct 21, 2024
CVE-2024-10197
2.4 LOW

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php …

Oct 21, 2024
CVE-2024-10192
3.5 LOW

A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. …

Oct 20, 2024
CVE-2024-10191
3.5 LOW

A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of …

Oct 20, 2024
CVE-2024-10155
3.5 LOW

A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 …

Oct 19, 2024
CVE-2024-10142
3.5 LOW

A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The …

Oct 19, 2024
CVE-2024-10141
3.7 LOW

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The …

Oct 19, 2024
CVE-2024-10128
2.7 LOW

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality …

Oct 18, 2024
CVE-2024-10122
2.7 LOW

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file …

Oct 18, 2024
CVE-2024-46897
3.8 LOW

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of …

Oct 18, 2024
CVE-2024-38820
3.1 LOW

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not …

Oct 18, 2024
CVE-2023-6728
3.3 LOW

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to …

Oct 17, 2024
CVE-2024-47836
3.5 LOW

Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the …

Oct 16, 2024
CVE-2024-4692
2.4 LOW

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission …

Oct 16, 2024
CVE-2024-4211
2.4 LOW

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission …

Oct 16, 2024
CVE-2024-21257
3.0 LOW

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability …

Oct 15, 2024
CVE-2024-21253
2.3 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows …

Oct 15, 2024
CVE-2024-21251
3.1 LOW

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows …

Oct 15, 2024
CVE-2024-21247
3.8 LOW

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and …

Oct 15, 2024
CVE-2024-21244
2.2 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. …

Oct 15, 2024
CVE-2024-21243
2.2 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. …

Oct 15, 2024
CVE-2024-21242
3.5 LOW

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low …

Oct 15, 2024
CVE-2024-21237
2.2 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and …

Oct 15, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.