CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-7644
3.5 LOW

A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php …

Aug 12, 2024
CVE-2024-6692
3.3 LOW

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting …

Aug 12, 2024
CVE-2024-5445
3.8 LOW

Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor …

Aug 12, 2024
CVE-2024-43167
2.8 LOW

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the …

Aug 12, 2024
CVE-2024-22123
2.7 LOW

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, …

Aug 12, 2024
CVE-2024-22122
3.0 LOW

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on …

Aug 12, 2024
CVE-2024-0102
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into …

Aug 8, 2024
CVE-2024-42036
2.5 LOW

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Aug 8, 2024
CVE-2024-42249
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong because the message …

Aug 7, 2024
CVE-2024-42233
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). But …

Aug 7, 2024
CVE-2024-6996
3.1 LOW

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform …

Aug 6, 2024
CVE-2024-7551
2.7 LOW

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default …

Aug 6, 2024
CVE-2024-7542
3.3 LOW

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker …

Aug 6, 2024
CVE-2024-7541
3.3 LOW

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker …

Aug 6, 2024
CVE-2024-7540
3.3 LOW

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker …

Aug 6, 2024
CVE-2024-41811
3.9 LOW

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross …

Aug 5, 2024
CVE-2024-42350
3.0 LOW

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated …

Aug 5, 2024
CVE-2024-41960
3.8 LOW

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. …

Aug 5, 2024
CVE-2024-40096
3.3 LOW

The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.

Aug 5, 2024
CVE-2024-7466
2.4 LOW

A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application …

Aug 5, 2024
CVE-2024-7453
2.4 LOW

A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component …

Aug 4, 2024
CVE-2024-7368
3.5 LOW

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. …

Aug 1, 2024
CVE-2024-41949
3.0 LOW

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token …

Aug 1, 2024
CVE-2024-41948
3.0 LOW

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token …

Aug 1, 2024
CVE-2024-7359
3.5 LOW

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality …

Aug 1, 2024
CVE-2024-23600
2.7 LOW

Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading …

Aug 1, 2024
CVE-2024-41926
2.7 LOW

Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which …

Aug 1, 2024
CVE-2024-39837
3.8 LOW

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared …

Aug 1, 2024
CVE-2024-29977
2.7 LOW

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to …

Aug 1, 2024
CVE-2024-38489
3.1 LOW

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in …

Aug 1, 2024
CVE-2024-7343
3.5 LOW

A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation …

Aug 1, 2024
CVE-2024-7342
3.5 LOW

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation …

Aug 1, 2024
CVE-2022-4003
2.7 LOW

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.

Jul 31, 2024
CVE-2024-37135
3.3 LOW

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user …

Jul 31, 2024
CVE-2024-31203
3.3 LOW

A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) …

Jul 31, 2024
CVE-2024-7310
3.5 LOW

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. …

Jul 31, 2024
CVE-2024-7309
3.5 LOW

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. …

Jul 31, 2024
CVE-2024-7303
3.5 LOW

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of …

Jul 31, 2024
CVE-2024-7300
3.5 LOW

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase …

Jul 31, 2024
CVE-2024-7299
3.5 LOW

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing …

Jul 31, 2024
CVE-2024-7285
3.5 LOW

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. …

Jul 31, 2024
CVE-2024-7284
3.5 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. …

Jul 31, 2024
CVE-2024-41945
3.1 LOW

fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently …

Jul 30, 2024
CVE-2024-5250
3.5 LOW

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations

Jul 30, 2024
CVE-2022-33167
3.7 LOW

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure …

Jul 30, 2024
CVE-2024-7225
3.5 LOW

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy …

Jul 30, 2024
CVE-2024-42155
1.9 LOW

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys …

Jul 30, 2024
CVE-2024-7218
3.5 LOW

A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the …

Jul 30, 2024
CVE-2024-7216
2.6 LOW

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation …

Jul 30, 2024
CVE-2024-40832
3.3 LOW

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone …

Jul 29, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.