CVE Database

4425+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-3415
3.5 LOW

A vulnerability was found in SourceCodester Human Resource Information System 1.0. It has been classified as problematic. Affected is an unknown function of the file …

Apr 6, 2024
CVE-2024-3414
3.5 LOW

A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. …

Apr 6, 2024
CVE-2024-3366
3.5 LOW

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the …

Apr 6, 2024
CVE-2024-3365
3.5 LOW

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file …

Apr 6, 2024
CVE-2024-3364
3.5 LOW

A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. …

Apr 6, 2024
CVE-2024-3358
3.5 LOW

A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. …

Apr 6, 2024
CVE-2024-3357
3.5 LOW

A vulnerability classified as problematic has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file …

Apr 5, 2024
CVE-2024-0080
2.8 LOW

NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. …

Apr 5, 2024
CVE-2024-0076
3.3 LOW

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into …

Apr 5, 2024
CVE-2024-0072
3.3 LOW

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into …

Apr 5, 2024
CVE-2023-31028
2.8 LOW

NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. …

Apr 5, 2024
CVE-2024-31213
3.5 LOW

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after …

Apr 5, 2024
CVE-2024-21848
3.1 LOW

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating …

Apr 5, 2024
CVE-2024-3321
3.5 LOW

A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation …

Apr 5, 2024
CVE-2024-3320
3.5 LOW

A vulnerability was found in SourceCodester eLearning System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation …

Apr 5, 2024
CVE-2024-30252
2.6 LOW

Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious …

Apr 4, 2024
CVE-2024-30266
3.3 LOW

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly …

Apr 4, 2024
CVE-2024-30260
3.9 LOW

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. …

Apr 4, 2024
CVE-2024-30261
2.6 LOW

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests …

Apr 4, 2024
CVE-2024-3270
3.8 LOW

A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to …

Apr 3, 2024
CVE-2024-3181
3.1 LOW

Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the …

Apr 3, 2024
CVE-2024-3180
3.1 LOW

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be …

Apr 3, 2024
CVE-2024-3179
3.1 LOW

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the …

Apr 3, 2024
CVE-2024-3178
3.1 LOW

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the …

Apr 3, 2024
CVE-2024-2753
2.0 LOW

Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information …

Apr 3, 2024
CVE-2024-30329
3.3 LOW

Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User …

Apr 3, 2024
CVE-2024-27345
3.3 LOW

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax …

Apr 3, 2024
CVE-2024-26764
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted …

Apr 3, 2024
CVE-2024-3248
2.9 LOW

In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.

Apr 2, 2024
CVE-2024-3247
2.9 LOW

In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.

Apr 2, 2024
CVE-2024-3202
3.7 LOW

A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component …

Apr 2, 2024
CVE-2024-30364
3.3 LOW

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit …

Apr 2, 2024
CVE-2024-30356
3.3 LOW

Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. …

Apr 2, 2024
CVE-2024-30350
3.3 LOW

Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. …

Apr 2, 2024
CVE-2024-30347
3.3 LOW

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit …

Apr 2, 2024
CVE-2024-30340
3.3 LOW

Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. …

Apr 2, 2024
CVE-2024-30808
2.7 LOW

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by …

Apr 2, 2024
CVE-2024-29948
3.8 LOW

There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable …

Apr 2, 2024
CVE-2024-29947
2.7 LOW

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may …

Apr 2, 2024
CVE-2023-6950
3.0 LOW

An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious …

Apr 2, 2024
CVE-2023-6948
3.0 LOW

A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could …

Apr 2, 2024
CVE-2023-51453
3.0 LOW

A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to …

Apr 2, 2024
CVE-2023-51452
3.0 LOW

A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to …

Apr 2, 2024
CVE-2024-2745
3.3 LOW

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when …

Apr 2, 2024
CVE-2024-29086
3.3 LOW

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.

Apr 2, 2024
CVE-2024-22180
3.3 LOW

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.

Apr 2, 2024
CVE-2024-22177
3.3 LOW

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.

Apr 2, 2024
CVE-2024-21834
3.3 LOW

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

Apr 2, 2024
CVE-2024-3141
2.4 LOW

A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file …

Apr 1, 2024
CVE-2024-3140
3.5 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. …

Apr 1, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.