CVEs from 2024
Total
6,597
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7593 | critical | 9.8 | 10.0 | 2y ago | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | |||
| CVE-2024-1708 | high | 8.4 | 10.0 | 2y ago | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | |||
| CVE-2024-53197 | high | — | 9.5 | 1y ago | Important: kernel security update | |||
| CVE-2024-53104 | high | — | 9.5 | 1y ago | Important: kernel security update | |||
| CVE-2024-44309 | high | — | 9.5 | 2y ago | Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. | |||
| CVE-2024-9680 | high | — | 9.5 | 2y ago | Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. | |||
| CVE-2024-36971 | high | — | 9.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-38475 | high | — | 9.5 | 2y ago | Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not in… | |||
| CVE-2024-1086 | high | — | 9.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-23222 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact … | |||
| CVE-2024-21182 | high | 7.5 | 9.0 | 2y ago | Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vu… |