CVEs from 2024
Total
6,633
critical
critical 166
high
high 1,073
medium
medium 2,066
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51092 | critical | 9.1 | 10.0 | 27d ago | LibreNMS has an Authenticated OS Command Injection | |||
| CVE-2024-28000 | critical | 9.8 | 10.0 | 2y ago | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | |||
| CVE-2024-7593 | critical | 9.8 | 10.0 | 2y ago | Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. | |||
| CVE-2024-33559 | critical | 9.3 | 10.0 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | |||
| CVE-2024-27956 | critical | 9.8 | 10.0 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | |||
| CVE-2024-1708 | high | 8.4 | 10.0 | 2y ago | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | |||
| CVE-2024-4367 | high | 8.8 | 9.8 | 2y ago | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thu… | |||
| CVE-2024-6387 | high | 8.1 | 9.1 | 2y ago | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a… | |||
| CVE-2024-47076 | high | — | 9.0 | 2y ago | RHSA-2024:7463: cups-filters security update (Important) | |||
| CVE-2024-47176 | high | — | 9.0 | 2y ago | RHSA-2024:7463: cups-filters security update (Important) | |||
| CVE-2024-21626 | high | — | 9.0 | 2y ago | Important: container-tools:4.0 security update | |||
| CVE-2024-53326 | high | 7.3 | 8.3 | 27d ago | LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution. | |||
| CVE-2024-45257 | high | 7.3 | 8.3 | 27d ago | A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free… | |||
| CVE-2024-2961 | high | 7.3 | 8.3 | 2y ago | RHSA-2024:3269: glibc security update (Important) | |||
| CVE-2024-30167 | medium | 6.3 | 7.3 | 27d ago | /cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter. | |||
| CVE-2024-29510 | medium | — | 6.5 | 2y ago | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. |