CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-43696
3.3 LOW

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.

Oct 8, 2024
CVE-2024-47814
3.9 LOW

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) …

Oct 7, 2024
CVE-2024-9554
3.7 LOW

A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the …

Oct 6, 2024
CVE-2024-41511
3.9 LOW

A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" …

Oct 4, 2024
CVE-2024-9513
3.7 LOW

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of …

Oct 4, 2024
CVE-2024-0125
3.3 LOW

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference …

Oct 3, 2024
CVE-2024-0124
3.3 LOW

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed …

Oct 3, 2024
CVE-2024-0123
3.3 LOW

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in …

Oct 3, 2024
CVE-2024-24122
3.3 LOW

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a …

Oct 2, 2024
CVE-2024-47612
3.5 LOW

DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are …

Oct 2, 2024
CVE-2024-47526
3.5 LOW

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript …

Oct 1, 2024
CVE-2024-9411
3.5 LOW

A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument …

Oct 1, 2024
CVE-2024-30132
3.7 LOW

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified …

Oct 1, 2024
CVE-2024-28808
2.7 LOW

An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by …

Sep 30, 2024
CVE-2024-28811
3.3 LOW

An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS …

Sep 30, 2024
CVE-2024-42496
2.4 LOW

Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with …

Sep 30, 2024
CVE-2024-9323
3.5 LOW

A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Sep 29, 2024
CVE-2024-9320
3.5 LOW

A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of …

Sep 29, 2024
CVE-2024-9299
3.5 LOW

A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The …

Sep 28, 2024
CVE-2024-9291
3.5 LOW

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the …

Sep 27, 2024
CVE-2024-45744
3.0 LOW

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords …

Sep 27, 2024
CVE-2024-9283
3.3 LOW

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF …

Sep 27, 2024
CVE-2024-9279
2.4 LOW

A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of …

Sep 27, 2024
CVE-2024-9277
3.5 LOW

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of …

Sep 27, 2024
CVE-2024-9276
3.5 LOW

A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of …

Sep 27, 2024
CVE-2024-8974
2.6 LOW

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions …

Sep 26, 2024
CVE-2024-4099
3.1 LOW

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 …

Sep 26, 2024
CVE-2024-9203
2.5 LOW

A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. …

Sep 26, 2024
CVE-2024-47145
3.1 LOW

Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view …

Sep 26, 2024
CVE-2024-47003
3.1 LOW

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an …

Sep 26, 2024
CVE-2024-45843
3.1 LOW

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to …

Sep 26, 2024
CVE-2023-25189
3.3 LOW

BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a …

Sep 25, 2024
CVE-2024-8350
2.7 LOW

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API …

Sep 25, 2024
CVE-2024-45599
3.8 LOW

Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, …

Sep 25, 2024
CVE-2023-5359
3.7 LOW

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets …

Sep 25, 2024
CVE-2022-43845
3.7 LOW

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A …

Sep 25, 2024
CVE-2024-8263
2.7 LOW

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected …

Sep 23, 2024
CVE-2024-9092
3.5 LOW

A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown …

Sep 23, 2024
CVE-2024-45453
3.7 LOW

Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect jf3-maintenance-mode.This issue affects Maintenance Redirect: from n/a through <= 2.0.1.

Sep 23, 2024
CVE-2024-9089
3.5 LOW

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. …

Sep 23, 2024
CVE-2024-9084
3.5 LOW

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of …

Sep 22, 2024
CVE-2024-9083
2.4 LOW

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation …

Sep 22, 2024
CVE-2024-9077
3.5 LOW

A vulnerability classified as problematic has been found in dingfangzu up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected is an unknown function of the file scripts/order.js of the component …

Sep 22, 2024
CVE-2024-9075
2.6 LOW

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. …

Sep 21, 2024
CVE-2024-9048
3.1 LOW

A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of …

Sep 21, 2024
CVE-2024-8612
3.8 LOW

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete …

Sep 20, 2024
CVE-2024-9040
2.3 LOW

A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password …

Sep 20, 2024
CVE-2024-9033
3.5 LOW

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality …

Sep 20, 2024
CVE-2024-9031
3.5 LOW

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the …

Sep 20, 2024
CVE-2024-9030
3.5 LOW

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the …

Sep 20, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.