VulDB is a vulnerability database documenting more than 174000 vulnerabilities since 1970. The following list shows the latest vulnerabilities threats and exploits
- CVE-2017-13312 | Google Android 8 MediaCas.java createFromParcel input validation
- CVE-2017-13311 | Google Android 7/8/8.1 ProcessStats.java read permission
- CVE-2017-13310 | Google Android 6.0./6.0.1/7/8/8.1 ViewPager.java createFromParcel permission
- CVE-2024-51764 | HPE SGI CXFS local/cluster improper authorization
- CVE-2024-51765 | HPE Cray System Management Software prior COS-2.5.146/COS 23.11.1/CLE 7.0.UP04.PS19 improper authorization
- CVE-2024-38370 | GLPI up to 10.0.15 API improper authorization
- CVE-2024-9500 | Autodesk Installer 2.10.0.17 DLL privileges management
- CVE-2024-49592 | McAfee Trial Installer 16.0.53 access control
- CVE-2024-49060 | Microsoft Azure Stack HCI 22H2/23H2 hard-coded credentials
- CVE-2024-11217 | Red Hat OpenShift Container Platform 4 OAuth-server Log debug messages revealing unnecessary information
- CVE-2024-45609 | GLPI up to 10.0.16 Reports Page cross site scripting (GHSA-3j2f-3j4v-hppr)
- CVE-2017-13309 | Google Android 8.1 ConscryptEngine.java readEncryptedData information disclosure
- CVE-2024-45611 | GLPI up to 10.0.16 RSS Feed cross site scripting
- CVE-2024-45610 | GLPI up to 10.0.16 Cable Form cross site scripting
- CVE-2024-44758 | NUS-M9 ERP Management Software 3.0.0 /Production/UploadFile unrestricted upload
- CVE-2024-3334 | Digital Guardian Agent up to 8.1.0 on Windows Removable Media sensitive information
- CVE-2024-24458 | Athonet vEPC MME 11.4.0 PLMN Identity denial of service
- CVE-2024-24455 | Athonet vEPC MME 11.4.0 UE Context Release Message denial of service
- CVE-2024-44759 | NUS-M9 ERP Management Software 3.0.0 Interface Request /Doc/DownloadFile information disclosure
- CVE-2024-24457 | Athonet vEPC MME 11.4.0 ProtocolIE_ID denial of service
- CVE-2024-24459 | Athonet vEPC MME 11.4.0 S1Setup Request Message ProtocolIE_ID denial of service
- CVE-2024-24453 | Athonet vEPC MME 11.4.0 NotToBeModifiedBearerModInd ProtocolIE_ID denial of service
- CVE-2024-24452 | Athonet vEPC MME 11.4.0 ProtocolIE_ID denial of service
- CVE-2024-49536 | Adobe Audition up to 23.6.9/24.4.6 out-of-bounds (apsb24-83)
- CVE-2024-10934 | OpenBSD up to 7.4 Errata 020/7.5 Errata 007 NFS Client/NFS Server double free
- CVE-2024-51037 | kalcaddle kodbox up to 1.52.04 Captcha information disclosure
- CVE-2024-24431 | Open5GS 2.7.0 EMM Message ogs_nas_emm_decode denial of service
- CVE-2024-41679 | GLPI up to 10.0.16 Ticket Form sql injection
- CVE-2024-23169 | RSA NetWitness 11.7.2.0 Web Interface cross site scripting
- CVE-2024-51141 | Totolink Bluetooth Wireless Adapter A600UB WifiAutoInstallDriver.exe Local Privilege Escalation
- CVE-2024-43418 | GLPI up to 10.0.16 cross site scripting
- CVE-2024-45608 | GLPI up to 10.0.16 sql injection
- CVE-2024-43417 | GLPI up to 10.0.16 cross site scripting
- CVE-2024-51330 | Ultimaker Cura up to 4.41/5.8.1 Inter-Process Communication stack-based overflow
- CVE-2024-51142 | Chamilo LMS 1.11.26 storageapi.php svkey cross site scripting
- CVE-2024-24426 | OpenAirInterface Magma/OAI EPC Federation NGAP Packet NGAP_FIND_PROTOCOLIE_BY_ID denial of service
- CVE-2024-24446 | OpenAirInterface CN5G AMF up to 2.0.0 InitialContextSetupResponse uninitialized pointer
- CVE-2024-45970 | MZ Automation LibIEC61850 MMS Client stack-based overflow
- CVE-2024-45969 | MZ Automation LibIEC1850 null pointer dereference
- CVE-2024-24425 | Magma/OAI EPC Federation NAS Packet /tasks/amf/amf_as.cpp amf_as_establish_req out-of-bounds
- CVE-2024-45971 | MZ Automation LibIEC61850 MMS Client stack-based overflow
- CVE-2024-50800 | Smart4Web prior 5.020241004 error cross site scripting
- CVE-2024-41678 | GLPI up to 10.0.16 cross site scripting (GHSA-xwmx-mmrf-hqf9)
- CVE-2024-40638 | GLPI up to 10.0.16 sql injection (GHSA-8843-r3m7-gfqx)
- CVE-2024-24449 | OpenAirInterface CN5G AMF up to 2.0.0 NasPdu NasPdu::NasPdu uninitialized pointer
- CVE-2024-24447 | OpenAirInterface oai-cn5g-amf up to 2.0.0 buffer overflow
- CVE-2024-24450 | OpenAirInterface CN5G AMF up to 2.0.0 ngap_handle_pdu_session_resource_setup_response buffer overflow
- CVE-2024-50655 | Emlog Pro up to 2.3.18 Article cross site scripting
- CVE-2024-44625 | Gogs up to 0.13.0 editor.go editFilePost path traversal
- CVE-2024-46383 | Hathway Skyworth Router CM5100-511 4.1.1.24 information disclosure
- CVE-2024-52512 | Nextcloud user_oidc up to 6.0.x redirect (GHSA-784j-x2g5-4g7q)
- CVE-2024-52509 | Nextcloud Mail up to 2.2.9/3.6.1/3.7.1 access control (GHSA-pwpp-fvcr-w862)
- CVE-2024-52508 | Nextcloud Mail up to 1.14.5/1.15.3/2.2.10/3.6.2/3.7.6 information disclosure (GHSA-vmhx-hwph-q6mc)
- CVE-2024-52522 | Rclone up to 1.68.1 permissions (GHSA-hrxh-9w67-g4cv)
- CVE-2024-52507 | Nextcloud Tables up to 0.8.0 authorization (GHSA-rgvc-xr2w-qq45)
- CVE-2024-47759 | GLPI up to 10.0.16 SVG cross site scripting (GHSA-474f-9vpp-xxq5)
- CVE-2024-52511 | Nextcloud Tables up to 0.7.x authorization (GHSA-4qqp-9h2g-7qg7)
- CVE-2024-52510 | Nextcloud Desktop Client up to 3.14.1 certificate validation (GHSA-r4qc-m9mj-452v)
- CVE-2024-46465 | CRYHOD up to 2024.3 on Windows access control
- CVE-2024-52528 | BudgetControl Gateway up to 1.5.1 on Budget Token improper authorization (GHSA-jqx6-gm7f-vp7m)
- CVE-2024-46467 | ZONEPOINT up to 2024.1 on Windows access control
- CVE-2024-46463 | ORIZON up to 2024.3 on Windows access control
- CVE-2024-52514 | Nextcloud Server up to 27.1.8/28.0.4 access control
- CVE-2024-52513 | Nextcloud Server up to 28.0.10/29.0.7/30.0.0 information disclosure
- CVE-2024-52523 | Nextcloud Server up to 28.0.11/29.0.8/30.0.1 information disclosure (GHSA-42w6-r45m-9w9j)
- CVE-2024-52517 | Nextcloud Server up to 28.0.10/29.0.7/30.0.0 information disclosure (GHSA-x9q3-c7f8-3rcg)
- CVE-2024-52516 | Nextcloud Server up to 28.0.8/29.0.4 privileges management (GHSA-35gc-jc6x-29cm)
- CVE-2024-52515 | Nextcloud Server up to 27.1.9/28.0.5/29.0.0 SVG Preview name resolution (GHSA-5m5g-hw8c-2236)
- CVE-2024-52521 | Nextcloud Server up to 28.0.9/29.0.6 Background Job weak hash (GHSA-2q6f-gjgj-7hp4)
- CVE-2024-52520 | Nextcloud Server up to 28.0.9/29.0.6 Pre-flighted HEAD Request resource consumption (GHSA-pxqf-cfxw-mqmj)
- CVE-2024-52519 | Nextcloud Server up to 28.0.9/29.0.6 sensitive information (GHSA-fvpc-8hq6-jgq2)
- CVE-2024-52518 | Nextcloud Server up to 28.0.11/29.0.8/30.0.1 improper authentication (GHSA-vrhf-532w-99rg)
- CVE-2024-46466 | ZONECENTRAL up to 2021.2/2024.3 on Windows Privilege Escalation
- CVE-2024-46462 | ZEDMAIL up to 2024.3 on Windows access control
- CVE-2024-50654 | lilishop up to 4.2.4 access control
- CVE-2021-1466 | Cisco Catalyst SD-WAN Manager up to 20.1.1.1 vDaemon Service denial of service (cisco-sa-sdwan-vdaemon-bo-RuzzEA2)
- CVE-2024-50653 | CRMEB up to 5.4.0 access control
- CVE-2024-39726 | IBM Engineering Insights 7.0.2/7.0.3 xml external entity reference
- CVE-2021-1483 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web UI xml external entity reference (cisco-sa-vman-xml-ext-entity-q6Z7uVUg)
- CVE-2022-20632 | Cisco Enterprise Chat and Email up to 12.6(1)_ET1 Web-based Management Interface cross site scripting (cisco-sa-ece-multivulns-kbK2yVhR)
- CVE-2024-52525 | Nextcloud Server up to 28.0.11/29.0.8/30.0.1 cleartext storage (GHSA-w7v5-mgxm-v6gm)
- CVE-2021-34752 | Cisco Firepower Threat Defense Software 6.2.3/6.4.0.6/6.6.0.1 CLI argument injection (cisco-sa-ftd-cmdinject-FmzsLN8)
- CVE-2021-1482 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web-based Management Interface improper authorization (cisco-sa-vman-auth-bypass-Z3Zze5XC)
- CVE-2021-1481 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 HTTP data query logic injection (cisco-sa-vmanage-cql-inject-c7z9QqyB)
- CVE-2021-1464 | Cisco Catalyst SD-WAN Manager up to 20.1.12 Requests improper authentication (cisco-sa-vman-authorization-b-GUEpSLK)
- CVE-2022-20633 | Cisco Enterprise Chat and Email up to 12.6(1)_ET1 Web-based Management Interface observable response discrepancy (cisco-sa-ece-multivulns-kbK2yVhR)
- CVE-2021-34753 | Cisco Firepower Threat Defense Software Ethernet Industrial Protocol access control (cisco-sa-ftd-enip-bypass-eFsxd8KP)
- CVE-2021-1494 | Cisco Firepower Threat Defense Software HTTP Header Parameter protection mechanism (cisco-sa-http-fp-bp-KfDdcQhc)
- CVE-2021-1484 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web UI argument injection (cisco-sa-vman-cmdinj-nRHKgfHX)
- CVE-2021-34750 | Cisco Firepower Management Center 2021 sensitive information in gui (cisco-sa-fmc-infodisc-Ft2WVmNU)
- CVE-2021-1470 | Cisco Catalyst SD-WAN Manager up to 20.3.1 Web-based Management Interface sql injection (cisco-sa-sdw-sqlinj-HDJUeEAX)
- CVE-2021-34751 | Cisco Firepower Management Center sensitive information in gui (cisco-sa-fmc-infodisc-Ft2WVmNU)
- CVE-2021-1491 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web-based Management Interface link following (cisco-sa-vmanage-info-disclos-gGvm9Mfu)
- CVE-2024-50652 | geeeeeeeek java_shop 1.0 avatar unrestricted upload
- CVE-2024-50651 | geeeeeeeek java_shop 1.0 ID access control
- CVE-2024-50650 | geeeeeeeek python_book 1.0 ID access control
- CVE-2022-20654 | Cisco Webex Meetings up to 40.6.2 Web-based Interface cross site scripting (cisco-sa-webex-xss-FmbPu2pe)
- CVE-2022-20631 | Cisco Enterprise Chat and Email up to 12.6(1)_ET1 Web-based Management Interface cross site scripting (cisco-sa-ece-multivulns-kbK2yVhR)
- CVE-2022-20626 | Cisco Prime Access Registrar up to 9.2.0.0 Web-based Management Interface cross site scripting (cisco-sa-prime-reg-xss-zLOz8PfB)