CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-3920
3.5 LOW

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to …

May 23, 2024
CVE-2024-2220
3.5 LOW

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as …

May 23, 2024
CVE-2024-29852
2.7 LOW

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

May 22, 2024
CVE-2021-47440
2.3 LOW

In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out …

May 22, 2024
CVE-2024-34274
3.9 LOW

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used …

May 21, 2024
CVE-2023-52839
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ …

May 21, 2024
CVE-2023-52746
2.5 LOW

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > …

May 21, 2024
CVE-2021-47430
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n Commit 3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks") …

May 21, 2024
CVE-2021-47317
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode …

May 21, 2024
CVE-2024-5137
2.4 LOW

A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php …

May 20, 2024
CVE-2024-5136
2.4 LOW

A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation …

May 20, 2024
CVE-2024-5121
3.5 LOW

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

May 20, 2024
CVE-2024-35935
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling …

May 19, 2024
CVE-2024-5044
3.7 LOW

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The …

May 17, 2024
CVE-2024-32708
3.7 LOW

Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.

May 17, 2024
CVE-2024-4214
2.7 LOW

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: …

May 17, 2024
CVE-2024-30480
3.7 LOW

Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.

May 17, 2024
CVE-2024-22139
3.7 LOW

Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6.

May 17, 2024
CVE-2024-22384
2.8 LOW

Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information …

May 16, 2024
CVE-2023-48727
3.3 LOW

NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.

May 16, 2024
CVE-2023-47282
3.9 LOW

Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation …

May 16, 2024
CVE-2023-47169
3.3 LOW

Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.

May 16, 2024
CVE-2023-45733
2.8 LOW

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.

May 16, 2024
CVE-2023-43745
2.8 LOW

Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access.

May 16, 2024
CVE-2023-38420
3.8 LOW

Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.

May 16, 2024
CVE-2023-22656
3.9 LOW

Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege …

May 16, 2024
CVE-2024-35039
3.8 LOW

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

May 16, 2024
CVE-2024-35300
3.5 LOW

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

May 16, 2024
CVE-2024-4975
3.5 LOW

A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component …

May 16, 2024
CVE-2024-4974
3.5 LOW

A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Affected is an unknown function of the file /register.php. The …

May 16, 2024
CVE-2024-4968
3.5 LOW

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality …

May 16, 2024
CVE-2024-4922
3.5 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. This affects an unknown part. The manipulation of the …

May 16, 2024
CVE-2024-3487
3.5 LOW

Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.

May 15, 2024
CVE-2023-5937
3.8 LOW

On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data …

May 15, 2024
CVE-2024-3823
2.4 LOW

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which …

May 15, 2024
CVE-2024-3629
2.4 LOW

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a …

May 15, 2024
CVE-2024-32021
3.9 LOW

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains …

May 14, 2024
CVE-2024-32020
3.9 LOW

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into …

May 14, 2024
CVE-2024-34713
3.5 LOW

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version …

May 14, 2024
CVE-2024-34355
3.5 LOW

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. …

May 14, 2024
CVE-2024-33583
3.3 LOW

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC …

May 14, 2024
CVE-2024-33007
3.5 LOW

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document …

May 14, 2024
CVE-2024-33000
3.5 LOW

SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a …

May 14, 2024
CVE-2024-32637
3.3 LOW

A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), …

May 14, 2024
CVE-2024-4855
3.6 LOW

Use after free issue in editcap could cause denial of service via crafted capture file

May 14, 2024
CVE-2024-4853
3.6 LOW

Memory handling issue in editcap could cause denial of service via crafted capture file

May 14, 2024
CVE-2024-4797
3.5 LOW

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file …

May 14, 2024
CVE-2024-4738
3.5 LOW

A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of …

May 14, 2024
CVE-2024-4737
3.5 LOW

A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file …

May 14, 2024
CVE-2024-4736
3.5 LOW

A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the …

May 14, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.