CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-5307
3.3 LOW

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power …

Jun 6, 2024
CVE-2024-32873
3.5 LOW

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue …

Jun 6, 2024
CVE-2024-2213
3.3 LOW

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user …

Jun 6, 2024
CVE-2024-2032
3.1 LOW

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username …

Jun 6, 2024
CVE-2024-5657
3.7 LOW

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.

Jun 6, 2024
CVE-2023-50804
3.7 LOW

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos …

Jun 5, 2024
CVE-2023-50803
3.7 LOW

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos …

Jun 5, 2024
CVE-2023-52147
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall …

Jun 4, 2024
CVE-2023-49822
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate …

Jun 4, 2024
CVE-2023-49748
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue …

Jun 4, 2024
CVE-2023-49741
3.7 LOW

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and …

Jun 4, 2024
CVE-2023-48335
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide …

Jun 4, 2024
CVE-2023-47818
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS …

Jun 4, 2024
CVE-2023-47769
3.7 LOW

Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.

Jun 4, 2024
CVE-2023-27437
3.7 LOW

Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.

Jun 3, 2024
CVE-2023-24373
3.7 LOW

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: …

Jun 3, 2024
CVE-2024-31684
3.5 LOW

Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a …

Jun 3, 2024
CVE-2024-35196
2.0 LOW

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can …

May 31, 2024
CVE-2024-36119
1.8 LOW

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password …

May 30, 2024
CVE-2024-36118
3.5 LOW

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond …

May 30, 2024
CVE-2024-4330
3.3 LOW

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in …

May 30, 2024
CVE-2024-34715
2.3 LOW

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If …

May 29, 2024
CVE-2024-35311
3.3 LOW

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access …

May 29, 2024
CVE-2024-5437
3.5 LOW

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file …

May 29, 2024
CVE-2024-35239
2.7 LOW

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe …

May 28, 2024
CVE-2024-35403
2.7 LOW

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules

May 28, 2024
CVE-2024-32944
3.3 LOW

Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip …

May 28, 2024
CVE-2024-27314
2.4 LOW

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom …

May 27, 2024
CVE-2024-5385
2.4 LOW

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of …

May 27, 2024
CVE-2024-5383
3.5 LOW

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation …

May 26, 2024
CVE-2024-5380
3.5 LOW

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the …

May 26, 2024
CVE-2024-5379
3.5 LOW

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. …

May 26, 2024
CVE-2024-5376
3.5 LOW

A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file …

May 26, 2024
CVE-2024-5375
3.5 LOW

A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the …

May 26, 2024
CVE-2024-5374
3.5 LOW

A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The …

May 26, 2024
CVE-2024-5373
3.5 LOW

A vulnerability, which was classified as problematic, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file …

May 26, 2024
CVE-2024-5372
3.5 LOW

A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of …

May 26, 2024
CVE-2024-5371
3.5 LOW

A vulnerability classified as problematic has been found in Kashipara College Management System 1.0. This affects an unknown part of the file submit_enroll_student.php. The manipulation …

May 26, 2024
CVE-2024-5370
3.5 LOW

A vulnerability was found in Kashipara College Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of …

May 26, 2024
CVE-2024-5369
3.5 LOW

A vulnerability was found in Kashipara College Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

May 26, 2024
CVE-2024-5368
3.5 LOW

A vulnerability was found in Kashipara College Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file delete_faculty.php. …

May 26, 2024
CVE-2024-5367
3.5 LOW

A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file each_extracurricula_activities.php. The …

May 26, 2024
CVE-2024-36241
3.1 LOW

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post …

May 26, 2024
CVE-2024-35232
3.7 LOW

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in …

May 24, 2024
CVE-2024-5310
2.4 LOW

A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of …

May 24, 2024
CVE-2023-7259
2.4 LOW

** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of …

May 24, 2024
CVE-2023-1111
2.4 LOW

A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New …

May 24, 2024
CVE-2023-1001
3.5 LOW

A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file …

May 24, 2024
CVE-2024-5279
3.5 LOW

A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

May 23, 2024
CVE-2024-32969
2.7 LOW

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, …

May 23, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.