Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (2705 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45241 1 Centralsquare 1 Crywolf 2024-08-26 7.5 High
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
CVE-2024-7954 1 Spip 1 Spip 2024-08-23 9.8 Critical
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
CVE-2024-6781 2 Calibre, Calibre-ebook 2 Calibre, Calibre 2024-08-19 7.5 High
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.
CVE-2024-38653 1 Ivanti 1 Avalanche 2024-08-15 7.5 High
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVE-2024-6782 1 Calibre 1 Calibre 2024-08-08 9.8 Critical
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.