CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-6807
2.4 LOW

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality …

Jul 17, 2024
CVE-2024-6595
3.0 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from …

Jul 17, 2024
CVE-2024-21174
3.1 LOW

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows …

Jul 16, 2024
CVE-2024-21164
2.5 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability …

Jul 16, 2024
CVE-2024-21151
3.3 LOW

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged …

Jul 16, 2024
CVE-2024-21144
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java …

Jul 16, 2024
CVE-2024-21138
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are …

Jul 16, 2024
CVE-2024-21131
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are …

Jul 16, 2024
CVE-2024-21123
2.3 LOW

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker …

Jul 16, 2024
CVE-2024-40455
2.7 LOW

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.

Jul 16, 2024
CVE-2022-48852
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec …

Jul 16, 2024
CVE-2024-6780
3.3 LOW

Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.

Jul 16, 2024
CVE-2024-40632
3.7 LOW

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, …

Jul 15, 2024
CVE-2024-39919
3.1 LOW

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. …

Jul 15, 2024
CVE-2024-41007
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the …

Jul 15, 2024
CVE-2024-32945
2.6 LOW

Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of …

Jul 15, 2024
CVE-2023-41093
3.1 LOW

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small …

Jul 12, 2024
CVE-2024-5470
3.8 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest …

Jul 11, 2024
CVE-2024-2880
2.7 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from …

Jul 11, 2024
CVE-2024-23194
3.3 LOW

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. …

Jul 11, 2024
CVE-2024-6650
2.4 LOW

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function …

Jul 10, 2024
CVE-2024-39886
3.7 LOW

TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, …

Jul 10, 2024
CVE-2024-36452
3.1 LOW

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when …

Jul 10, 2024
CVE-2024-22018
2.9 LOW

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an …

Jul 10, 2024
CVE-2024-22477
1.8 LOW

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.

Jul 9, 2024
CVE-2024-21832
3.5 LOW

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

Jul 9, 2024
CVE-2024-6501
3.1 LOW

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious …

Jul 9, 2024
CVE-2024-26015
3.4 LOW

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and …

Jul 9, 2024
CVE-2024-37996
3.3 LOW

A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter …

Jul 9, 2024
CVE-2024-37442
3.8 LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This …

Jul 9, 2024
CVE-2024-37253
2.7 LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP …

Jul 9, 2024
CVE-2024-35777
3.5 LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a …

Jul 9, 2024
CVE-2024-34692
3.3 LOW

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which …

Jul 9, 2024
CVE-2024-38372
2.0 LOW

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of …

Jul 8, 2024
CVE-2024-34602
3.3 LOW

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction …

Jul 8, 2024
CVE-2024-6539
3.5 LOW

A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function of the file /guestbook of the …

Jul 7, 2024
CVE-2024-37234
3.5 LOW

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.

Jul 6, 2024
CVE-2024-40594
2.3 LOW

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps.

Jul 6, 2024
CVE-2024-6526
3.5 LOW

A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie …

Jul 5, 2024
CVE-2024-6525
2.7 LOW

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue …

Jul 5, 2024
CVE-2024-6523
3.5 LOW

A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add …

Jul 5, 2024
CVE-2024-6511
3.5 LOW

A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type …

Jul 4, 2024
CVE-2024-32754
3.1 LOW

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware …

Jul 4, 2024
CVE-2024-6434
3.1 LOW

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. …

Jul 4, 2024
CVE-2024-36122
2.4 LOW

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using …

Jul 3, 2024
CVE-2024-29508
3.3 LOW

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

Jul 3, 2024
CVE-2024-6126
3.2 LOW

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which …

Jul 3, 2024
CVE-2024-6470
2.7 LOW

A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=feature_inboxgroup&op=list …

Jul 3, 2024
CVE-2024-6469
2.7 LOW

A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=feature_firewall&op=firewall_list …

Jul 3, 2024
CVE-2024-39807
3.1 LOW

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to …

Jul 3, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.