CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-38301
3.4 LOW

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View …

Apr 22, 2024
CVE-2018-25101
3.5 LOW

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file …

Apr 22, 2024
CVE-2015-10132
3.5 LOW

A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. …

Apr 21, 2024
CVE-2024-29733
2.7 LOW

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing …

Apr 21, 2024
CVE-2024-31450
2.7 LOW

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL …

Apr 19, 2024
CVE-2023-51796
3.6 LOW

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.

Apr 19, 2024
CVE-2023-51792
3.3 LOW

Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size …

Apr 19, 2024
CVE-2023-37397
3.6 LOW

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM …

Apr 19, 2024
CVE-2023-37396
2.5 LOW

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: …

Apr 19, 2024
CVE-2024-29963
1.9 LOW

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.

Apr 19, 2024
CVE-2024-30107
3.5 LOW

HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.

Apr 18, 2024
CVE-2024-23557
3.5 LOW

HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a …

Apr 18, 2024
CVE-2024-32325
2.4 LOW

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.

Apr 18, 2024
CVE-2024-32466
2.7 LOW

Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, …

Apr 18, 2024
CVE-2024-30257
3.9 LOW

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. …

Apr 18, 2024
CVE-2024-3932
3.1 LOW

A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The …

Apr 18, 2024
CVE-2024-3931
3.5 LOW

A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Apr 18, 2024
CVE-2024-0257
3.3 LOW

RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application.

Apr 17, 2024
CVE-2024-3900
2.9 LOW

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.

Apr 17, 2024
CVE-2024-31040
2.7 LOW

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of …

Apr 17, 2024
CVE-2024-30950
3.5 LOW

A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the …

Apr 17, 2024
CVE-2024-32314
3.8 LOW

Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

Apr 17, 2024
CVE-2024-26911
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot …

Apr 17, 2024
CVE-2024-27086
3.9 LOW

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library …

Apr 16, 2024
CVE-2024-21108
3.3 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows …

Apr 16, 2024
CVE-2024-21105
2.0 LOW

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged …

Apr 16, 2024
CVE-2024-21101
2.2 LOW

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 …

Apr 16, 2024
CVE-2024-21098
3.7 LOW

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle …

Apr 16, 2024
CVE-2024-21094
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are …

Apr 16, 2024
CVE-2024-21085
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java …

Apr 16, 2024
CVE-2024-21068
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are …

Apr 16, 2024
CVE-2024-21012
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are …

Apr 16, 2024
CVE-2024-21011
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are …

Apr 16, 2024
CVE-2024-21005
3.1 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Apr 16, 2024
CVE-2024-21004
2.5 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Apr 16, 2024
CVE-2024-21003
3.1 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Apr 16, 2024
CVE-2024-21002
2.5 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Apr 16, 2024
CVE-2024-21000
3.8 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and …

Apr 16, 2024
CVE-2024-20995
2.4 LOW

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high …

Apr 16, 2024
CVE-2024-20954
3.7 LOW

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle …

Apr 16, 2024
CVE-2024-3302
3.7 LOW

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of …

Apr 16, 2024
CVE-2024-3872
3.1 LOW

Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to …

Apr 16, 2024
CVE-2024-22438
3.5 LOW

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of …

Apr 15, 2024
CVE-2024-3766
2.4 LOW

A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of …

Apr 15, 2024
CVE-2024-3764
2.7 LOW

** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component …

Apr 14, 2024
CVE-2024-3763
2.4 LOW

A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of …

Apr 14, 2024
CVE-2024-3762
2.4 LOW

A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the …

Apr 14, 2024
CVE-2024-3735
3.7 LOW

A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. …

Apr 13, 2024
CVE-2024-3695
3.5 LOW

A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. …

Apr 12, 2024
CVE-2024-3689
3.7 LOW

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the …

Apr 12, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.