CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-40822
2.4 LOW

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and …

Jul 29, 2024
CVE-2024-40798
3.3 LOW

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma …

Jul 29, 2024
CVE-2024-40795
3.3 LOW

This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. …

Jul 29, 2024
CVE-2024-40778
3.3 LOW

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS …

Jul 29, 2024
CVE-2024-27862
2.4 LOW

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac …

Jul 29, 2024
CVE-2023-42957
3.3 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app …

Jul 29, 2024
CVE-2023-42949
3.3 LOW

This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. …

Jul 29, 2024
CVE-2023-42948
3.3 LOW

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating …

Jul 29, 2024
CVE-2023-42925
3.3 LOW

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An …

Jul 29, 2024
CVE-2024-6620
3.5 LOW

Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to …

Jul 29, 2024
CVE-2024-41027
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is …

Jul 29, 2024
CVE-2024-7200
3.5 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the …

Jul 29, 2024
CVE-2024-7170
3.5 LOW

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The …

Jul 28, 2024
CVE-2024-7163
3.5 LOW

A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the …

Jul 28, 2024
CVE-2024-7162
3.5 LOW

A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. …

Jul 28, 2024
CVE-2024-7155
2.5 LOW

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. …

Jul 28, 2024
CVE-2024-4786
2.8 LOW

An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on.

Jul 26, 2024
CVE-2024-27358
3.3 LOW

An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block …

Jul 26, 2024
CVE-2024-41686
3.3 LOW

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do …

Jul 26, 2024
CVE-2024-4811
2.2 LOW

In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.

Jul 25, 2024
CVE-2024-7060
2.6 LOW

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior …

Jul 24, 2024
CVE-2024-0231
2.7 LOW

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to …

Jul 24, 2024
CVE-2024-37533
2.4 LOW

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

Jul 24, 2024
CVE-2024-7068
3.5 LOW

A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation …

Jul 24, 2024
CVE-2024-3454
3.5 LOW

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about …

Jul 24, 2024
CVE-2024-41663
3.5 LOW

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can …

Jul 23, 2024
CVE-2024-41839
3.5 LOW

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged …

Jul 23, 2024
CVE-2024-41829
3.5 LOW

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

Jul 22, 2024
CVE-2024-41828
2.6 LOW

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

Jul 22, 2024
CVE-2024-41826
3.5 LOW

In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page

Jul 22, 2024
CVE-2024-32152
3.1 LOW

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation …

Jul 22, 2024
CVE-2024-6955
3.5 LOW

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort2.php. …

Jul 21, 2024
CVE-2024-6954
3.5 LOW

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Jul 21, 2024
CVE-2024-6942
3.5 LOW

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin …

Jul 21, 2024
CVE-2024-6941
3.5 LOW

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation …

Jul 21, 2024
CVE-2024-6939
3.5 LOW

A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The …

Jul 21, 2024
CVE-2024-6938
3.5 LOW

A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of …

Jul 21, 2024
CVE-2024-6937
2.7 LOW

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the …

Jul 21, 2024
CVE-2024-6936
2.7 LOW

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts …

Jul 21, 2024
CVE-2024-6935
2.4 LOW

A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User …

Jul 21, 2024
CVE-2024-6934
2.4 LOW

A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of …

Jul 21, 2024
CVE-2024-6932
3.5 LOW

A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. …

Jul 20, 2024
CVE-2024-6694
2.7 LOW

The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin …

Jul 20, 2024
CVE-2024-6907
3.5 LOW

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort.php. …

Jul 19, 2024
CVE-2024-30130
3.7 LOW

HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive …

Jul 19, 2024
CVE-2024-38806
3.9 LOW

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not …

Jul 18, 2024
CVE-2024-40640
2.9 LOW

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for …

Jul 17, 2024
CVE-2023-42010
3.1 LOW

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the …

Jul 17, 2024
CVE-2024-38870
3.5 LOW

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to …

Jul 17, 2024
CVE-2024-30471
3.7 LOW

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with …

Jul 17, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.