VulDB is a vulnerability database documenting more than 174000 vulnerabilities since 1970. The following list shows the latest vulnerabilities threats and exploits
- CVE-2024-45203 | istyle cosme App on iOS/Android Custom URL Scheme improper authorization
- CVE-2024-7688 | AZIndex Plugin up to 0.8.1 on WordPress cross-site request forgery
- CVE-2024-7687 | AZIndex Plugin up to 0.8.1 on WordPress cross-site request forgery
- CVE-2024-7918 | Pocket Widget Plugin up to 0.1.3 on WordPress Setting cross site scripting
- CVE-2024-6910 | EventON Plugin up to 2.2.16 on WordPress Setting cross site scripting
- CVE-2024-5561 | Popup Maker Plugin up to 1.19.0 on WordPress Setting cross site scripting
- CVE-2024-8586 | Uniong WebITR up to 2_1_0_27 URL redirect
- CVE-2024-45625 | WPMU Forminator Plugin up to 1.34.0 URL cross site scripting
- CVE-2024-8584 | Learning Digital Orca HCM up to 10.x access control
- CVE-2024-8585 | Learning Digital Orca HCM up to 10.x File Download path traversal
- CVE-2024-8583 | SourceCodester Online Bank Management System 1.0 Feedback /mfeedback.php cross site scripting
- CVE-2024-8582 | SourceCodester Food Ordering Management System 1.0 /index.php description cross site scripting
- CVE-2024-42342 | Loway QueueMetrics request smuggling
- CVE-2024-42341 | Loway QueueMetrics redirect
- CVE-2024-42343 | Loway QueueMetrics observable response discrepancy
- CVE-2024-8580 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /etc/shadow.sample hard-coded password
- CVE-2024-8579 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /cgi-bin/cstecgi.cgi setWiFiRepeaterCfg password buffer overflow
- CVE-2024-8578 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /cgi-bin/cstecgi.cgi setWiFiMeshName device_name buffer overflow
- CVE-2024-8577 | TOTOLINK AC1200 T8/AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 /cgi-bin/cstecgi.cgi setStaticDhcpRules desc buffer overflow
- CVE-2024-8576 | TOTOLINK AC1200 T8/AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 /cgi-bin/cstecgi.cgi setIpPortFilterRules desc buffer overflow
- CVE-2024-8575 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /cgi-bin/cstecgi.cgi setWiFiScheduleCfg desc buffer overflow
- CVE-2024-8574 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /cgi-bin/cstecgi.cgi setParentalRules slaveIpList os command injection
- CVE-2024-8573 | TOTOLINK AC1200 T8/AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 /cgi-bin/cstecgi.cgi setParentalRules desc buffer overflow
- CVE-2024-36138 | Node.js up to 18.20.3/20.15.0/22.4.0 on Windows Incomplete Fix CVE-2024-27980 child_process.spawn/child_process.spawnSync command injection
- CVE-2024-40680 | IBM MQ Operator 2.0.26/3.2.4 memory allocation (XFDB-297611)
- CVE-2024-40681 | IBM MQ Operator 2.0.26/3.2.4 Queue Manager privileges assignment (XFDB-297611)
- CVE-2024-37068 | IBM Maximo Application Suite 8.10/8.11/9.0 Manage Component risky encryption (XFDB-292799)
- CVE-2024-8572 | Gouniverse GoLang CMS 1.4.0 FrontendHandler.go PageRenderHtmlByAlias alias cross site scripting
- CVE-2024-8571 | erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9 views.py information exposure
- CVE-2024-8570 | itsourcecode Tailoring Management System 1.0 /inccatadd.php title sql injection
- CVE-2024-8569 | code-projects Hospital Management System 1.0 user-login.php username sql injection
- CVE-2024-8568 | Mini-Tmall up to 20240901 tmall/admin/order/1/1 rewardMapper.select orderBy sql injection
- CVE-2024-8567 | itsourcecode Payroll Management System 1.0 ajax.php id sql injection
- CVE-2024-8566 | code-projects Online Shop Store 1.0 /settings.php error cross site scripting
- CVE-2024-1596 | Ninja Forms File Uploads Plugin up to 3.3.16 on WordPress File Upload cross site scripting
- CVE-2024-7620 | Customizer Export Import Plugin up to 0.9.7 on WordPress Setting Import unrestricted upload
- CVE-2024-6849 | Preloader Plus Plugin up to 2.2.1 on WordPress SVG File Upload cross site scripting
- CVE-2024-7112 | Pinpoint Booking System Plugin up to 2.9.9.5.0 on WordPress sql injection
- CVE-2024-6010 | Cost Calculator Builder Pro Plugin up to 3.1.96 on WordPress improper authorization
- CVE-2024-8538 | Big File Uploads Plugin up to 2.1.2 on WordPress information disclosure
- CVE-2024-8443 | libopensc OpenPGP Driver heap-based overflow
- CVE-2024-44839 | RapidCMS 1.3.1 /default/article.php articleid sql injection (Issue 18)
- CVE-2024-45771 | RapidCMS 1.3.1 /resource/runlogin.php password sql injection (Issue 17)
- CVE-2024-44838 | RapidCMS 1.3.1 /resource/runlogin.php username sql injection (Issue 17)
- CVE-2024-8565 | SourceCodesters Clinics Patient Management System 2.0 /print_diseases.php disease/from/to sql injection
- CVE-2024-8564 | SourceCodester PHP CRUD 1.0 /endpoint/update.php tbl_person_id/first_name/middle_name/last_name sql injection
- CVE-2024-8563 | SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name cross site scripting
- CVE-2024-8562 | SourceCodester PHP CRUD 1.0 /endpoint/Add.php first_name/middle_name/last_name cross site scripting
- CVE-2024-8561 | SourceCodester PHP CRUD 1.0 Delete Person /endpoint/delete.php person sql injection
- CVE-2024-8560 | SourceCodester Simple Invoice Generator System 1.0 /save_invoice.php sql injection
- CVE-2024-8559 | SourceCodester Online Food Menu 1.0 delete-menu.php menu sql injection
- CVE-2024-8558 | SourceCodester Food Ordering Management System 1.0 Price place-order.php total improper validation of specified quantity in input
- CVE-2024-8557 | SourceCodester Food Ordering Management System 1.0 cancel-order.php id sql injection
- CVE-2024-44845 | DrayTek Vigor3900 1.5.1.6 filter_string value command injection
- CVE-2024-44844 | DrayTek Vigor3900 1.5.1.6 run_command name command injection
- CVE-2024-8555 | SourceCodester Clinics Patient Management System 2.0 congratulations.php goto_page redirect
- CVE-2024-8554 | SourceCodester Clinics Patient Management System 2.0 /users.php message cross site scripting
- VDB-276772 | Backdoor.Win32.Symmi.qua ksomnbi.dll stack-based overflow
- VDB-276771 | HackTool.Win32.Freezer.br credentials storage
- VDB-276770 | Backdoor.Win32.Optix.02.b TCP Port 5151 hard-coded credentials
- VDB-276769 | Backdoor.Win32.JustJoke.21 TCP Port 28072 improper authentication
- VDB-276768 | Backdoor.Win32.PoisonIvy.ymw PoisonIvy PE File Generator PILib.dll cleartext storage
- CVE-2024-34156 | Google Go encoding-gob recursion
- CVE-2024-7652 | Mozilla Thunderbird ECMA-262 type confusion
- CVE-2024-7652 | Mozilla Firefox ECMA-262 type confusion
- CVE-2024-45034 | Apache Airflow up to 2.10.0 DAG Folder unnecessary privileges
- CVE-2024-45498 | Apache Airflow 2.10.0 DAG Trigger Permission command injection
- CVE-2024-44402 | D-Link DI-8100G 17.12.20A1 msp_info.htm command injection
- CVE-2024-38640 | QNAP Download Station prior 5.8.6.283 cross site scripting (qsa-24-35)
- CVE-2024-32762 | QNAP QuLog Center prior 1.7.0.827/1.8.0.872 cross site scripting (qsa-24-30)
- CVE-2024-27122 | QNAP Notes Station 3 up to 3.9.5 cross site scripting (qsa-24-21)
- CVE-2024-27126 | QNAP Notes Station 3 prior 3.9.6 cross site scripting (qsa-24-21)
- CVE-2024-21897 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 cross site scripting (qsa-24-20)
- CVE-2024-27125 | QNAP Helpdesk up to 3.3.0 cross site scripting (qsa-24-29)
- CVE-2023-50366 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 cross site scripting (qsa-24-20)
- CVE-2024-38642 | QNAP QuMagie up to 2.3.0 certificate validation (qsa-24-34)
- CVE-2022-27592 | QNAP QVR Smart Client prior 2.4.0.0570 unquoted search path (qsa-24-22)
- CVE-2024-38641 | QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 os command injection (qsa-24-33)
- CVE-2024-32771 | QNAP QTS/QuTS hero/QuTScloud excessive authentication (qsa-24-28)
- CVE-2023-39298 | QNAP QTS/QuTS hero/QuTScloud authorization (qsa-24-28)
- CVE-2024-8394 | Mozilla Thunderbird up to 128.1 OTR Chat Session use after free
- CVE-2023-50360 | QNAP Video Station up to 5.8.0 sql injection (qsa-24-24)
- CVE-2023-47563 | QNAP Video Station up to 5.8.1 os command injection (qsa-24-24)
- CVE-2023-45038 | QNAP Music Station up to 5.3.x improper authentication (qsa-24-25)
- CVE-2023-39300 | QNAP QTS/QuTS hero/QuTScloud os command injection (qsa-24-26)
- CVE-2024-44408 | D-Link DIR-823G 1.0.2B05_20181207 Configuration File information disclosure
- CVE-2024-32763 | QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 buffer overflow (qsa-24-33)
- CVE-2024-21906 | QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 os command injection (qsa-24-33)
- CVE-2024-21904 | QNAP QTS/QuTS hero prior 5.1.7.2770 Build 20240520 path traversal (qsa-24-23)
- CVE-2024-21903 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 os command injection (qsa-24-20)
- CVE-2024-21898 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 os command injection (qsa-24-20)
- CVE-2023-51368 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 null pointer dereference (qsa-24-20)
- CVE-2023-51367 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 buffer overflow (qsa-24-20)
- CVE-2023-51366 | QNAP QTS/QuTS hero 5.1.4.2596 Build 20231128 path traversal (qsa-24-20)
- CVE-2023-34979 | QNAP QTS/QuTS hero prior 4.5.4.2790 Build 20240605 os command injection (qsa-24-32)
- CVE-2023-34974 | QNAP QTS/QuTS hero/QuTScloud/QVR/QES os command injection (qsa-24-32)
- CVE-2024-44401 | D-Link DI-8100G 17.12.20A1 upgrade_filter.asp sub47A60C command injection
- CVE-2024-8509 | Red Hat Migration Toolkit for Virtualization improper authorization
- CVE-2024-8517 | SPIP up to 4.1.18/4.2.15/4.3.1 Multipart File Upload reliance on file name or extension of externally-supplied file
- CVE-2024-45294 | hapifhir HL7 FHIR Core Artifacts up to 6.3.22 xml external entity reference