4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) …
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the …
A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" …
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of …
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference …
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed …
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in …
A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a …
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are …
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript …
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument …
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified …
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by …
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS …
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with …
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …
A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of …
A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The …
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the …
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords …
A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF …
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of …
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of …
A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of …
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions …
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 …
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. …
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view …
Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an …
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to …
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a …
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API …
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, …
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets …
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A …
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected …
A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown …
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect jf3-maintenance-mode.This issue affects Maintenance Redirect: from n/a through <= 2.0.1.
A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. …
A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of …
A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation …
A vulnerability classified as problematic has been found in dingfangzu up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected is an unknown function of the file scripts/order.js of the component …
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. …
A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of …
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete …
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password …
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality …
A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the …
A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the …
Free website and port scanning — find vulnerabilities before attackers do.