CVE Database

4425+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-2071
3.5 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of …

Mar 1, 2024
CVE-2024-2070
3.5 LOW

A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. …

Mar 1, 2024
CVE-2024-2068
3.5 LOW

A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file …

Mar 1, 2024
CVE-2024-2066
2.4 LOW

A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. …

Mar 1, 2024
CVE-2024-2065
3.5 LOW

A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality …

Mar 1, 2024
CVE-2024-2063
2.4 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. …

Mar 1, 2024
CVE-2024-22458
3.7 LOW

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover …

Mar 1, 2024
CVE-2024-1952
3.1 LOW

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can …

Feb 29, 2024
CVE-2024-1949
2.6 LOW

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents …

Feb 29, 2024
CVE-2024-23488
3.1 LOW

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of …

Feb 29, 2024
CVE-2024-1722
3.7 LOW

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

Feb 29, 2024
CVE-2024-1192
3.3 LOW

A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure …

Feb 29, 2024
CVE-2024-1191
3.3 LOW

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. …

Feb 29, 2024
CVE-2023-49337
2.4 LOW

Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)

Feb 29, 2024
CVE-2023-47634
3.1 LOW

Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of …

Feb 29, 2024
CVE-2023-37531
3.3 LOW

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into …

Feb 29, 2024
CVE-2023-37530
3.0 LOW

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into …

Feb 29, 2024
CVE-2023-37529
3.0 LOW

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into …

Feb 29, 2024
CVE-2024-26476
3.5 LOW

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.

Feb 28, 2024
CVE-2024-25351
3.8 LOW

SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.

Feb 28, 2024
CVE-2024-1972
3.5 LOW

A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file …

Feb 28, 2024
CVE-2021-47000
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry

Feb 28, 2024
CVE-2021-46971
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though its …

Feb 27, 2024
CVE-2024-1922
3.5 LOW

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the …

Feb 27, 2024
CVE-2024-1919
3.5 LOW

A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component …

Feb 27, 2024
CVE-2021-46934
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), …

Feb 27, 2024
CVE-2024-26149
3.7 LOW

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an …

Feb 26, 2024
CVE-2024-24564
3.7 LOW

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for …

Feb 26, 2024
CVE-2024-22371
2.9 LOW

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects …

Feb 26, 2024
CVE-2024-1886
3.0 LOW

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.

Feb 26, 2024
CVE-2024-1871
3.5 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of …

Feb 26, 2024
CVE-2023-5775
2.2 LOW

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due …

Feb 26, 2024
CVE-2024-1834
3.5 LOW

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file …

Feb 23, 2024
CVE-2024-1822
2.4 LOW

A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation …

Feb 23, 2024
CVE-2023-37540
3.9 LOW

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature …

Feb 23, 2024
CVE-2024-1784
3.9 LOW

A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of …

Feb 23, 2024
CVE-2024-1749
2.4 LOW

A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of …

Feb 22, 2024
CVE-2024-25129
2.7 LOW

The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI …

Feb 22, 2024
CVE-2023-3509
3.7 LOW

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before …

Feb 21, 2024
CVE-2024-1706
3.5 LOW

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This …

Feb 21, 2024
CVE-2024-1703
3.5 LOW

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation …

Feb 21, 2024
CVE-2023-50955
2.4 LOW

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in …

Feb 21, 2024
CVE-2023-42939
3.3 LOW

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be …

Feb 21, 2024
CVE-2024-25196
3.3 LOW

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is …

Feb 20, 2024
CVE-2024-1661
2.5 LOW

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation …

Feb 20, 2024
CVE-2024-25983
3.5 LOW

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise …

Feb 19, 2024
CVE-2024-1633
2.0 LOW

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads …

Feb 19, 2024
CVE-2023-52371
3.5 LOW

Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.

Feb 18, 2024
CVE-2022-42443
2.2 LOW

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow …

Feb 17, 2024
CVE-2024-20925
3.1 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Feb 17, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.