VulDB is a vulnerability database documenting more than 174000 vulnerabilities since 1970. The following list shows the latest vulnerabilities threats and exploits
- CVE-2024-26922 | Linux Kernel up to 6.9-rc4 amdgpu Privilege Escalation (6fef2d4c00b5)
- CVE-2024-4066 | Tenda AC8 16.03.34.09 /goform/AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow
- CVE-2024-4065 | Tenda AC8 16.03.34.09 /goform/SetRebootTimer formSetRebootTimer rebootTime stack-based overflow
- CVE-2024-4064 | Tenda AC8 16.03.34.09 /goform/execCommand R7WebsSecurityHandler password stack-based overflow
- CVE-2024-4063 | EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628 Davinci Application certificate validation
- CVE-2024-4062 | Hualai Xiaofang iSC5 3.2.2_112 certificate validation
- CVE-2024-3911 | Welotec SMART EMS/VPN Security Suite up to 3.1.3 ui layer (VDE-2024-023)
- CVE-2024-30800 | PX4 Autopilot 1.14 No-Fly Zone access control
- CVE-2023-47731 | IBM QRadar Suite Software/Cloud Pak for Security Web UI cross site scripting (XFDB-272203)
- CVE-2024-3154 | cri-o Pod Annotation command injection
- CVE-2024-3185 | Rapid7 Insight Agent up to 2024-04-03T120000000Z logging.json unknown vulnerability
- CVE-2024-0900 | Elespare Plugin up to 2.1.2 on WordPress Post Creation elespare_create_post authorization
- CVE-2024-4031 | Logitech Mevo Webcamm App up to 0.7.x on Windows unquoted search path
- CVE-2023-48183 | QuickJS build_for_in_iterator null pointer dereference (Issue 192)
- CVE-2023-48184 | QuickJS Garbage Collection quickjs.h JS_FreeValueRT use after free (Issue 198 / 7414e5f)
- CVE-2024-1959 | Social Sharing Plugin Plugin up to 4.4.6.1 on WordPress Shortcode cross site scripting
- CVE-2024-3665 | Rank Math SEO with AI SEO Tools Plugin up to 1.0.216 on WordPress titleWrapper cross site scripting
- CVE-2024-3491 | Schema & Structured Data for WP & AMP Plugin up to 1.29 on WordPress How To/FAQ Block cross site scripting
- CVE-2024-2477 | wpDiscuz Plugin up to 7.6.15 on WordPress Image Alternative Text cross site scripting
- CVE-2024-3732 | GeoDirectory Plugin up to 2.3.48 on WordPress Shortcode gd_single_tabs cross site scripting
- CVE-2024-2493 | Hitachi Ops Center Analyzer up to 11.0.0 missing secure attribute (sec-2024-122)
- CVE-2023-6833 | Hitachi Ops Center Administrator up to 11.0.0 log file (sec-2024-121)
- CVE-2024-29368 | moziloCMS 2.0 POST Request unrestricted upload
- CVE-2024-2760 | Bkav Home v7816 Build 2403161130 IOCTL BkavSDFlt.sys memory leak
- CVE-2024-1241 | Watchdog Antivirus 1.6.415 IOCTL wsdk-driver.sys null pointer dereference
- CVE-2024-27574 | Trainme Academy 1.3.2 informacion/idcurso/tit sql injection
- CVE-2024-32657 | NixOS Hydra up to 23.10 ISO File cross site scripting (GHSA-2p75-6g9f-pqgx)
- CVE-2024-31036 | NanoMQ 0.21.7 Hexstreams read_byte heap-based overflow (Issue 1722)
- CVE-2024-31857 | WPMU Forminator Plugin up to 1.15.3 on WordPress cross site scripting
- CVE-2024-21511 | mysql2 up to 3.9.6 readCodeFor timezone code injection (SNYK-JS-MYSQL2-6670046)
- CVE-2024-28890 | WPMU Forminator Plugin up to 1.28.x on WordPress unrestricted upload
- CVE-2024-32041 | FreeRDP up to 2.11.5/3.4.x out-of-bounds (GHSA-5r4p-mfx2-m44r)
- CVE-2024-32040 | FreeRDP up to 2.11.5/3.4.x NSC Codec integer underflow (GHSA-23c5-cp23-h2h5)
- CVE-2024-32458 | FreeRDP up to 2.11.5/3.4.x out-of-bounds (GHSA-vvr6-h646-mp4p)
- CVE-2024-32394 | Ruijie RG-RSR10-01G-T 3.0 HTTP Request Privilege Escalation
- CVE-2024-32459 | FreeRDP up to 2.11.5/3.4.x out-of-bounds (GHSA-cp4q-p737-rmw9)
- CVE-2024-32460 | FreeRDP up to 2.11.5/3.4.x Legacy GDI out-of-bounds (GHSA-4rr8-gr65-vqrr)
- CVE-2024-32653 | skylot jadx up to 1.4.x Package Name input validation (GHSA-3pp3-hg2q-9gpm)
- CVE-2024-32039 | FreeRDP up to 2.11.5/3.4.x /gfx integer overflow (GHSA-q5h8-7j42-j4r9)
- CVE-2024-31077 | WPMU Forminator Plugin up to 1.29.2 on WordPress sql injection
- CVE-2024-3677 | Ultimate 410 Gone Status Code Plugin up to 1.1.4 on WordPress cross site scripting
- CVE-2024-3715 | Database for Contact Form 7, WPforms, Elementor Forms cross site scripting
- CVE-2024-3664 | Quick Featured Images Plugin up to 13.7.0 on WordPress Thumbnail authorization
- CVE-2024-32238 | H3C ER8300G2-X Management System Page Login Interface access control
- CVE-2024-3985 | Exclusive Addons for Elementor Plugin up to 2.6.9.4 on WordPress Call to Action cross site scripting
- CVE-2024-2750 | Exclusive Addons for Elementor Plugin up to 2.6.9.3 on WordPress Button Widget cross site scripting
- CVE-2024-3338 | Colibri Page Builder Plugin up to 1.0.262 on WordPress cross site scripting
- CVE-2024-3889 | Royal Elementor Addons and Templates Plugin up to 1.3.971 on WordPress Advanced Accordion Title Tags cross site scripting
- CVE-2024-2799 | Royal Elementor Addons and Templates Plugin up to 1.3.971 on WordPress HTML Tag cross site scripting
- CVE-2024-2798 | Royal Elementor Addons and Templates Plugin up to 1.3.971 on WordPress cross site scripting
- CVE-2024-3489 | Exclusive Addons for Elementor Plugin up to 2.6.9.4 on WordPress Countdown Expired Title cross site scripting
- CVE-2024-3337 | Colibri Page Builder Plugin up to 1.0.272 on WordPress Shortcode colibri_breadcrumb_element cross site scripting
- CVE-2024-3340 | Colibri Page Builder Plugin up to 1.0.272 on WordPress Shortcode colibri-gallery-slideshow cross site scripting
- CVE-2024-3546 | Backup & Migration Plugin up to 1.4.8 on WordPress authorization
- CVE-2024-32479 | LibreNMS Service Template Name cross site scripting
- CVE-2024-32656 | antmedia ant-media-server authorization
- CVE-2024-32461 | LibreNMS sql injection
- CVE-2024-32480 | LibreNMS sql injection
- CVE-2024-29376 | Sylius 1.12.13 Address Book Province cross site scripting
- CVE-2024-31545 | Computer Laboratory Management System 1.0 id sql injection
- CVE-2024-32407 | Relate Learning And Teaching System prior 2024.1 Page Sandbox Privilege Escalation
- CVE-2024-32399 | RaidenMAILD Mail Server up to 4.9.4 /webeditor/ path traversal
- CVE-2024-32405 | Relate Learning And Teaching System prior 2024.1 Exam InlineMultiQuestion cross site scripting
- CVE-2024-31666 | flusity CMS 2.33 edit_addon_post.php Privilege Escalation
- CVE-2022-46897 | Insyde InsydeH2O up to 5.5 CapsuleIFWUSmm Driver return value
- CVE-2024-28436 | D-Link DAP-3662 session_login.php reload cross site scripting
- CVE-2023-38292 | TCL 20XE access control
- CVE-2023-38294 | Itel Vision 3 Turbo Android access control
- CVE-2023-38293 | Nokia C100/C200 command injection
- CVE-2023-38290 | Sharp Rouvo V access control
- CVE-2023-38297 | T-Mobile Device command injection
- CVE-2023-38295 | TCL 30Z/10 access control
- CVE-2022-35503 | Open Source MANO up to 12 Virtual Network Function Remote Code Execution
- CVE-2023-38302 | Sharp Rouvo V information disclosure
- CVE-2023-38300 | Orbic Maui RC545L/ORB545L information disclosure
- CVE-2023-38299 | AT&T/Nokia Devices information disclosure
- CVE-2023-38298 | TCL 30Z/A3X/20XE/10L information disclosure
- CVE-2023-38296 | TCL 30Z/A3X information disclosure
- CVE-2023-38301 | Motorola Device information disclosure
- CVE-2023-38291 | TCL/Motorola Device ro.boot.wifimacaddr information disclosure
- CVE-2024-28699 | pdf2json 0.70 ImgOutputDev buffer overflow
- CVE-2022-34560 | PHPFox 4.8.9 History cross site scripting
- CVE-2024-32368 | Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor 3.0 Bluetooth Low Energy denial of service
- CVE-2022-34561 | PHPFox 4.8.9 video description cross site scripting
- CVE-2022-34562 | PHPFox 4.8.9 Status Box cross site scripting
- CVE-2024-27348 | Apache HugeGraph-Server up to 1.2.x RESTful-API Privilege Escalation
- CVE-2024-3293 | rtMedia for BuddyPress and bbPress Plugin up to 4.6.18 on WordPress rtmedia_gallery sql injection
- CVE-2024-22815 | Tormach xsTECH CNC Router 2.9.6 Commands denial of service
- CVE-2024-29661 | DedeCMS 5.7 unrestricted upload
- CVE-2024-4026 | Holded Application up to 4.19.x General/Team ID cross site scripting
- CVE-2024-22811 | Tormach xsTECH CNC Router 2.9.6 Hostmot2 Configuration Cookie denial of service
- CVE-2024-22808 | Tormach xsTECH CNC Router 2.9.6 Name denial of service
- CVE-2024-22809 | Tormach xsTECH CNC Router 2.9.6 Shared Folder information disclosure
- CVE-2024-22813 | Tormach xsTECH CNC Router 2.9.6 IP Address denial of service
- CVE-2024-27349 | Apache HugeGraph-Server up to 1.2.x RESTful-API authentication spoofing
- CVE-2024-27347 | Apache HugeGraph-Hubble up to 1.2.x Hubble Connection Page server-side request forgery
- CVE-2024-32682 | BdThemes Prime Slider Plugin up to 3.13.2 on WordPress authorization
- CVE-2024-32681 | BdThemes Prime Slider Plugin up to 3.13.2 on WordPress authorization
- CVE-2024-32688 | Long Watch Studio MyRewards Plugin up to 5.3.0 on WordPress authorization