CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-9007
3.5 LOW

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the …

Sep 19, 2024
CVE-2024-47058
2.9 LOW

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive …

Sep 18, 2024
CVE-2024-46989
3.7 LOW

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on …

Sep 18, 2024
CVE-2024-46794
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO …

Sep 18, 2024
CVE-2024-46792
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this …

Sep 18, 2024
CVE-2024-8951
3.5 LOW

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. …

Sep 17, 2024
CVE-2024-44180
2.4 LOW

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able …

Sep 17, 2024
CVE-2024-44139
2.4 LOW

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able …

Sep 17, 2024
CVE-2024-40838
3.3 LOW

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may …

Sep 17, 2024
CVE-2024-40830
3.3 LOW

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate …

Sep 17, 2024
CVE-2024-40791
3.3 LOW

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 …

Sep 17, 2024
CVE-2024-6685
3.1 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, …

Sep 16, 2024
CVE-2024-36261
3.5 LOW

Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.

Sep 16, 2024
CVE-2024-28170
3.3 LOW

Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access.

Sep 16, 2024
CVE-2023-25546
2.5 LOW

Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

Sep 16, 2024
CVE-2024-45835
2.5 LOW

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local …

Sep 16, 2024
CVE-2024-39772
3.7 LOW

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

Sep 16, 2024
CVE-2024-46970
3.3 LOW

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

Sep 16, 2024
CVE-2024-8867
3.5 LOW

A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the …

Sep 15, 2024
CVE-2024-8865
3.5 LOW

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file …

Sep 15, 2024
CVE-2024-8863
3.5 LOW

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of …

Sep 14, 2024
CVE-2024-8783
3.5 LOW

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the …

Sep 13, 2024
CVE-2024-36066
3.1 LOW

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of …

Sep 12, 2024
CVE-2024-6446
3.5 LOW

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A …

Sep 12, 2024
CVE-2024-8708
3.5 LOW

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of …

Sep 12, 2024
CVE-2024-8694
3.8 LOW

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the …

Sep 11, 2024
CVE-2024-8693
2.4 LOW

A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component …

Sep 11, 2024
CVE-2024-44575
3.7 LOW

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those …

Sep 11, 2024
CVE-2024-1656
2.6 LOW

Affected versions of Octopus Server had a weak content security policy.

Sep 11, 2024
CVE-2024-36511
3.7 LOW

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 …

Sep 10, 2024
CVE-2024-8443
2.9 LOW

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs …

Sep 10, 2024
CVE-2024-37995
2.7 LOW

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC …

Sep 10, 2024
CVE-2024-42425
3.8 LOW

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker …

Sep 10, 2024
CVE-2024-39582
2.3 LOW

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, …

Sep 10, 2024
CVE-2024-45284
2.4 LOW

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of …

Sep 10, 2024
CVE-2024-41728
2.7 LOW

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects …

Sep 10, 2024
CVE-2024-44114
2.0 LOW

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This …

Sep 10, 2024
CVE-2024-8610
3.5 LOW

A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants …

Sep 9, 2024
CVE-2024-8042
2.4 LOW

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set …

Sep 9, 2024
CVE-2024-8583
3.5 LOW

A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0. It has been classified as problematic. This affects …

Sep 8, 2024
CVE-2024-8582
3.5 LOW

A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the …

Sep 8, 2024
CVE-2024-8572
3.5 LOW

A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. …

Sep 8, 2024
CVE-2024-8571
3.5 LOW

A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. …

Sep 8, 2024
CVE-2024-8563
3.5 LOW

A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The …

Sep 7, 2024
CVE-2024-8562
3.5 LOW

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. …

Sep 7, 2024
CVE-2024-36137
3.3 LOW

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not …

Sep 7, 2024
CVE-2024-8554
3.5 LOW

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. …

Sep 7, 2024
CVE-2024-32771
2.6 LOW

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local …

Sep 6, 2024
CVE-2024-27125
3.5 LOW

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a …

Sep 6, 2024
CVE-2024-6792
3.5 LOW

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.

Sep 6, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.