All vulnerabilities
45757 / 45757
Sort
5.3
CVE-2023-23752CVE KEV
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unautho…
2023-01-01KEV
EPSS94.5%
pct 100
9.8
CVE-2017-8917CVE
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary…
2017-01-01Pre-auth
EPSS94.5%
pct 99
9.8
CVE-2018-7600DEB KEV
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote …
2018-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2021-22986CVE KEV
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x…
2021-01-01KEV
EPSS94.5%
pct 99
8.8
CVE-2018-1000861DEB KEV
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and ea…
2018-01-01KEV
EPSS94.5%
pct 99
8.1
CVE-2017-1000353DEB KEV
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauth…
2017-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2018-13379CVE KEV
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet F…
2018-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-3396CVE KEV
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed vers…
2019-01-01KEV
EPSS94.5%
pct 99
7.5
CVE-2019-17558DEB KEV
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Ve…
2019-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-46169DEB KEV
Cacti is an open source platform which provides a robust and extensible operational monitoring …
2022-01-01KEV
EPSS94.5%
pct 99
7.6
CVE-2020-1938DEB KEV
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connectio…
2020-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2024-6670CVE KEV
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unau…
2024-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-2725CVE KEV
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…
2019-01-01KEV
EPSS94.5%
pct 99
10.0
CVE-2021-22205ANC KEV
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab …
2021-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2024-23897DEB KEV
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…
2024-01-01KEV
EPSS94.5%
pct 99
7.5
CVE-2014-0160DEB KEV
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle …
2014-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-22963CVE KEV
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routi…
2022-01-01KEV
EPSS94.5%
pct 99
10.0
CVE-2019-11510CVE KEV
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 bef…
2019-01-01KEV
EPSS94.5%
pct 99
10.0
CVE-2022-22947CVE KEV
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a …
2022-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2021-44529CVE KEV
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unaut…
2021-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-16662CVE
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by s…
2019-01-01Pre-auth
EPSS94.5%
pct 99
9.8
CVE-2019-15107DEB KEV
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a …
2019-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-44877CVE KEV
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows r…
2022-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-1388CVE KEV
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versi…
2022-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2020-14882CVE KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Con…
2020-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-0708MSR KEV
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Termi…
2019-01-01MicrosoftKEV
EPSS94.5%
pct 99
9.8
CVE-2022-30525CVE KEV
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versi…
2022-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2021-22005CVE KEV
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A …
2021-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2022-22954CVE KEV
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability …
2022-01-01KEV
EPSS94.4%
pct 99
8.8
CVE-2019-1003000CVE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/ja…
2019-01-01
EPSS94.4%
pct 99
9.8
CVE-2019-19781CVE KEV
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1,…
2019-01-01KEV
EPSS94.4%
pct 99
7.5
CVE-2023-32315CVE KEV
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administra…
2023-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2021-26084CVE KEV
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exis…
2021-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2022-24112CVE KEV
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction o…
2022-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2022-1040CVE KEV
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker…
2022-01-01KEV
EPSS94.4%
pct 99
7.2
CVE-2020-14883CVE KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Con…
2020-01-01KEV
EPSS94.4%
pct 99
7.5
CVE-2017-10271CVE KEV
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…
2017-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2023-35078CVE KEV
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restr…
2023-01-01KEV
EPSS94.4%
pct 99
7.5
CVE-2021-43798DEB KEV
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-bet…
2021-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2020-14750CVE KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Con…
2020-01-01KEV
EPSS94.4%
pct 99
CVE-2024-6670Critical KEVConfirmedExploit available
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Share link
Anyone with the link can open this vulnerability.
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users e…
CVSS
9.8
Critical
EPSS
0.94
p99
Published
2024-01-01
Updated
2024-09-16
Description
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Tags · CWE
KEVPre-authSQLi
CWE-89
CWE-89
Full CWE description will appear here in the next release.
CAPEC-7
CAPEC-7
Full CAPEC description will appear here in the next release.
CAPEC-66
CAPEC-66
Full CAPEC description will appear here in the next release.
CAPEC-108
CAPEC-108
Full CAPEC description will appear here in the next release.
CAPEC-109
CAPEC-109
Full CAPEC description will appear here in the next release.
CAPEC-110
CAPEC-110
Full CAPEC description will appear here in the next release.
CAPEC-470
CAPEC-470
Full CAPEC description will appear here in the next release.
Affected products
Whatsup_gold < 24.0
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2024-01-01
Published
2024-09-16
Added to KEV
2024-09-16
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.945 · p99
Known exploited (KEV)
Yes
Known exploits — Сканер-ВС
CVE-2024-6670
github-poc · https://github.com/sinsinology/CVE-2024-6670
Affected software
| Product | Vendor | Status |
|---|---|---|
| whatsup_gold | * | Exploited |
Source databases
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Related vulnerabilities