CVE Database

4425+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-23790
3.5 LOW

Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from …

Jan 29, 2024
CVE-2024-23743
3.3 LOW

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop …

Jan 28, 2024
CVE-2024-0958
3.5 LOW

A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of …

Jan 27, 2024
CVE-2024-0948
2.4 LOW

** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of …

Jan 26, 2024
CVE-2024-0944
3.7 LOW

A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file …

Jan 26, 2024
CVE-2024-0943
3.7 LOW

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file …

Jan 26, 2024
CVE-2024-0942
3.7 LOW

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The …

Jan 26, 2024
CVE-2024-21336
2.5 LOW

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Jan 26, 2024
CVE-2024-21383
3.3 LOW

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Jan 26, 2024
CVE-2024-0891
3.5 LOW

A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of …

Jan 25, 2024
CVE-2024-0886
3.3 LOW

A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component …

Jan 25, 2024
CVE-2023-50785
2.7 LOW

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.

Jan 25, 2024
CVE-2024-22229
3.1 LOW

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability …

Jan 24, 2024
CVE-2024-22308
3.4 LOW

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.

Jan 24, 2024
CVE-2024-23217
3.3 LOW

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS …

Jan 23, 2024
CVE-2024-23211
3.3 LOW

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 …

Jan 23, 2024
CVE-2024-23210
3.3 LOW

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, …

Jan 23, 2024
CVE-2024-0782
3.5 LOW

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. …

Jan 22, 2024
CVE-2024-0781
3.5 LOW

A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The …

Jan 22, 2024
CVE-2024-0776
3.5 LOW

A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component …

Jan 22, 2024
CVE-2024-0773
3.5 LOW

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. …

Jan 22, 2024
CVE-2016-15037
2.4 LOW

A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of …

Jan 21, 2024
CVE-2024-23329
3.7 LOW

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any …

Jan 19, 2024
CVE-2024-22211
3.7 LOW

FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to …

Jan 19, 2024
CVE-2023-5081
3.3 LOW

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

Jan 19, 2024
CVE-2024-0722
3.5 LOW

A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file …

Jan 19, 2024
CVE-2024-0721
3.5 LOW

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label …

Jan 19, 2024
CVE-2024-0720
3.5 LOW

A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report …

Jan 19, 2024
CVE-2024-0718
2.4 LOW

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of …

Jan 19, 2024
CVE-2024-0716
3.1 LOW

A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of …

Jan 19, 2024
CVE-2024-0696
3.5 LOW

A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component …

Jan 18, 2024
CVE-2024-22403
3.0 LOW

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an …

Jan 18, 2024
CVE-2024-22400
3.1 LOW

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server …

Jan 18, 2024
CVE-2024-0652
3.5 LOW

A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality …

Jan 18, 2024
CVE-2024-22410
3.3 LOW

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at …

Jan 17, 2024
CVE-2023-50950
3.7 LOW

IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.

Jan 17, 2024
CVE-2024-20957
2.7 LOW

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. …

Jan 16, 2024
CVE-2024-20955
3.7 LOW

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle …

Jan 16, 2024
CVE-2024-20922
2.5 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java …

Jan 16, 2024
CVE-2024-20920
3.8 LOW

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged …

Jan 16, 2024
CVE-2024-20914
2.3 LOW

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability …

Jan 16, 2024
CVE-2024-20912
2.7 LOW

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with …

Jan 16, 2024
CVE-2024-20910
3.0 LOW

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker …

Jan 16, 2024
CVE-2022-31021
3.3 LOW

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds …

Jan 16, 2024
CVE-2024-0599
3.5 LOW

A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java …

Jan 16, 2024
CVE-2023-37521
2.3 LOW

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker …

Jan 16, 2024
CVE-2023-2252
2.7 LOW

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.

Jan 16, 2024
CVE-2024-0557
2.4 LOW

A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation …

Jan 15, 2024
CVE-2024-0504
3.5 LOW

A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file …

Jan 13, 2024
CVE-2024-0503
3.5 LOW

A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. …

Jan 13, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.