CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-21232
2.2 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and …

Oct 15, 2024
CVE-2024-21231
3.1 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and …

Oct 15, 2024
CVE-2024-21217
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are …

Oct 15, 2024
CVE-2024-21211
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are …

Oct 15, 2024
CVE-2024-21210
3.7 LOW

Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to …

Oct 15, 2024
CVE-2024-21209
2.0 LOW

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. …

Oct 15, 2024
CVE-2024-21208
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are …

Oct 15, 2024
CVE-2024-9506
3.7 LOW

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

Oct 15, 2024
CVE-2024-9952
2.4 LOW

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of …

Oct 15, 2024
CVE-2024-30117
2.5 LOW

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

Oct 14, 2024
CVE-2024-48909
2.0 LOW

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that …

Oct 14, 2024
CVE-2024-47826
3.5 LOW

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML …

Oct 14, 2024
CVE-2024-6763
3.7 LOW

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI …

Oct 14, 2024
CVE-2024-6762
3.1 LOW

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

Oct 14, 2024
CVE-2024-9907
3.7 LOW

A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component …

Oct 13, 2024
CVE-2024-9906
3.5 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The …

Oct 13, 2024
CVE-2024-45403
3.7 LOW

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled …

Oct 11, 2024
CVE-2024-25622
3.1 LOW

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the …

Oct 11, 2024
CVE-2024-9856
2.4 LOW

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Oct 11, 2024
CVE-2024-47869
3.7 LOW

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` …

Oct 10, 2024
CVE-2024-9810
3.5 LOW

A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Oct 10, 2024
CVE-2024-9807
2.4 LOW

A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the …

Oct 10, 2024
CVE-2024-9806
3.5 LOW

A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields …

Oct 10, 2024
CVE-2024-9805
3.5 LOW

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file …

Oct 10, 2024
CVE-2024-9803
3.5 LOW

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file …

Oct 10, 2024
CVE-2024-9799
3.5 LOW

A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality …

Oct 10, 2024
CVE-2024-9792
2.4 LOW

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation …

Oct 10, 2024
CVE-2024-9596
3.7 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 …

Oct 10, 2024
CVE-2024-45149
2.7 LOW

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. …

Oct 10, 2024
CVE-2024-45135
2.7 LOW

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. …

Oct 10, 2024
CVE-2024-45134
2.7 LOW

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An …

Oct 10, 2024
CVE-2024-45133
2.7 LOW

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An …

Oct 10, 2024
CVE-2024-45120
3.1 LOW

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security …

Oct 10, 2024
CVE-2024-30118
3.5 LOW

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of …

Oct 9, 2024
CVE-2024-7038
2.7 LOW

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user …

Oct 9, 2024
CVE-2024-47813
2.9 LOW

Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to …

Oct 9, 2024
CVE-2024-39586
2.9 LOW

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading …

Oct 9, 2024
CVE-2023-36325
3.7 LOW

i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 …

Oct 9, 2024
CVE-2024-27457
2.5 LOW

Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure …

Oct 8, 2024
CVE-2024-47780
3.1 LOW

TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the …

Oct 8, 2024
CVE-2024-47951
3.5 LOW

In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings

Oct 8, 2024
CVE-2024-47950
3.5 LOW

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings

Oct 8, 2024
CVE-2024-33506
3.3 LOW

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote …

Oct 8, 2024
CVE-2024-8518
3.3 LOW

CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded …

Oct 8, 2024
CVE-2024-45476
3.3 LOW

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions …

Oct 8, 2024
CVE-2024-34671
3.3 LOW

Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is …

Oct 8, 2024
CVE-2024-9026
3.3 LOW

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through …

Oct 8, 2024
CVE-2024-8925
3.1 LOW

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could …

Oct 8, 2024
CVE-2024-45382
3.3 LOW

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.

Oct 8, 2024
CVE-2024-43697
3.3 LOW

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.

Oct 8, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.