CVE Database

4425+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-20923
3.1 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Feb 17, 2024
CVE-2024-20911
2.6 LOW

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker …

Feb 17, 2024
CVE-2024-20905
2.7 LOW

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. …

Feb 17, 2024
CVE-2024-24758
3.9 LOW

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This …

Feb 16, 2024
CVE-2024-25627
3.5 LOW

Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger …

Feb 16, 2024
CVE-2024-1591
3.3 LOW

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows …

Feb 16, 2024
CVE-2024-23591
2.0 LOW

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access …

Feb 16, 2024
CVE-2024-0037
3.3 LOW

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could …

Feb 16, 2024
CVE-2023-40122
3.3 LOW

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information …

Feb 16, 2024
CVE-2024-25941
3.3 LOW

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside …

Feb 15, 2024
CVE-2024-25619
3.1 LOW

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the …

Feb 14, 2024
CVE-2024-23603
3.8 LOW

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) …

Feb 14, 2024
CVE-2023-42776
3.8 LOW

Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via …

Feb 14, 2024
CVE-2023-41090
1.8 LOW

Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.

Feb 14, 2024
CVE-2023-27307
3.8 LOW

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via …

Feb 14, 2024
CVE-2023-27303
3.8 LOW

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via …

Feb 14, 2024
CVE-2023-27300
3.8 LOW

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via …

Feb 14, 2024
CVE-2023-26596
2.5 LOW

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service …

Feb 14, 2024
CVE-2023-26592
3.8 LOW

Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial …

Feb 14, 2024
CVE-2023-26591
2.0 LOW

Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service …

Feb 14, 2024
CVE-2023-20570
3.3 LOW

Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.

Feb 13, 2024
CVE-2024-23801
3.3 LOW

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a …

Feb 13, 2024
CVE-2024-23800
3.3 LOW

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a …

Feb 13, 2024
CVE-2024-23799
3.3 LOW

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a …

Feb 13, 2024
CVE-2024-22043
3.3 LOW

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer …

Feb 13, 2024
CVE-2024-1454
3.4 LOW

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator …

Feb 12, 2024
CVE-2024-23760
2.7 LOW

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

Feb 12, 2024
CVE-2021-4437
3.5 LOW

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality …

Feb 12, 2024
CVE-2024-22226
3.3 LOW

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain …

Feb 12, 2024
CVE-2024-1433
3.1 LOW

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp …

Feb 11, 2024
CVE-2023-45718
3.9 LOW

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When …

Feb 9, 2024
CVE-2023-45716
1.7 LOW

Sametime is impacted by sensitive information passed in URL.

Feb 9, 2024
CVE-2024-1246
2.0 LOW

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided …

Feb 9, 2024
CVE-2024-1245
2.4 LOW

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently …

Feb 9, 2024
CVE-2024-1247
2.0 LOW

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data …

Feb 9, 2024
CVE-2024-24776
3.1 LOW

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

Feb 9, 2024
CVE-2024-24774
3.4 LOW

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the …

Feb 9, 2024
CVE-2024-23319
3.5 LOW

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection …

Feb 9, 2024
CVE-2024-0628
3.8 LOW

The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed …

Feb 7, 2024
CVE-2024-1269
2.4 LOW

A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The …

Feb 7, 2024
CVE-2024-1267
3.5 LOW

A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of …

Feb 7, 2024
CVE-2024-1266
2.4 LOW

A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php …

Feb 7, 2024
CVE-2024-1265
2.4 LOW

A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the …

Feb 7, 2024
CVE-2024-1258
3.1 LOW

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Feb 6, 2024
CVE-2024-1257
3.5 LOW

A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads …

Feb 6, 2024
CVE-2024-1256
3.5 LOW

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to …

Feb 6, 2024
CVE-2024-1048
3.3 LOW

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv …

Feb 6, 2024
CVE-2024-24940
2.8 LOW

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

Feb 6, 2024
CVE-2024-24939
3.3 LOW

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible

Feb 6, 2024
CVE-2024-20828
2.4 LOW

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.

Feb 6, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.