CVEs from 2024
Total
6,633
critical
critical 166
high
high 1,073
medium
medium 2,066
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1100 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection. This issue affects DIGIKEN… | |||
| CVE-2024-24882 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | |||
| CVE-2024-4367 | high | 8.8 | 9.8 | 2y ago | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thu… | |||
| CVE-2024-33914 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | |||
| CVE-2024-33553 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | |||
| CVE-2024-33551 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. | |||
| CVE-2024-32430 | critical | 9.8 | 9.8 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14. | |||
| CVE-2024-25935 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |||
| CVE-2024-25912 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-3566 | critical | 9.8 | 9.8 | 2y ago | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |||
| CVE-2024-25096 | critical | 9.8 | 9.8 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | |||
| CVE-2024-30477 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | |||
| CVE-2024-30508 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | |||
| CVE-2024-30502 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. | |||
| CVE-2024-30510 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. | |||
| CVE-2024-30490 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | |||
| CVE-2024-30224 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | |||
| CVE-2024-30223 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||
| CVE-2024-2865 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. This issue affects Quality Manag… | |||
| CVE-2024-1202 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned tha… | |||
| CVE-2024-2702 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a … | |||
| CVE-2024-27957 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. | |||
| CVE-2024-27304 | critical | 9.8 | 9.8 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message si… | |||
| CVE-2024-25927 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n… | |||
| CVE-2024-25910 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-25925 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & D… | |||
| CVE-2024-25913 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-23512 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks… | |||
| CVE-2024-24797 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1… | |||
| CVE-2024-23513 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | |||
| CVE-2024-25100 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4. | |||
| CVE-2024-22309 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. | |||
| CVE-2024-22284 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2. | |||
| CVE-2024-5619 | critical | 9.6 | 9.6 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issu… | |||
| CVE-2024-33913 | critical | 9.6 | 9.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | |||
| CVE-2024-33546 | critical | 9.6 | 9.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||
| CVE-2024-30560 | critical | 9.6 | 9.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. | |||
| CVE-2024-32600 | critical | 9.6 | 9.6 | 2y ago | Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | |||
| CVE-2024-12084 | critical | — | 9.5 | — | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the… | |||
| CVE-2024-3094 | critical | — | 9.5 | — | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a… | |||
| CVE-2024-53197 | high | — | 9.5 | 1y ago | Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate … | |||
| CVE-2024-53104 | high | — | 9.5 | 1y ago | Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege. | |||
| CVE-2024-44309 | high | — | 9.5 | 2y ago | Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. | |||
| CVE-2024-9680 | high | — | 9.5 | 2y ago | Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. | |||
| CVE-2024-36971 | high | — | 9.5 | 2y ago | Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limite… | |||
| CVE-2024-38475 | high | — | 9.5 | 2y ago | Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not in… | |||
| CVE-2024-40624 | critical | — | 9.5 | 2y ago | TorrentPier Deserialization of Untrusted Data vulnerability | |||
| CVE-2024-1086 | high | — | 9.5 | 2y ago | Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation. | |||
| CVE-2024-29944 | critical | — | 9.5 | 2y ago | An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, … | |||
| CVE-2024-2616 | critical | — | 9.5 | 2y ago | RHSA-2024:1484: firefox security update (Critical) | |||
| CVE-2024-23222 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact … | |||
| CVE-2024-46636 | critical | 9.4 | 9.4 | 1mo ago | NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | |||
| CVE-2024-3375 | critical | 9.4 | 9.4 | 2y ago | Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83… | |||
| CVE-2024-52474 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This iss… | |||
| CVE-2024-49246 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This iss… | |||
| CVE-2024-33544 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||
| CVE-2024-32709 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||
| CVE-2024-32128 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a thr… | |||
| CVE-2024-47685 | critical | 9.1 | 9.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending ga… | |||
| CVE-2024-54285 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10. | |||
| CVE-2024-5535 | critical | 9.1 | 9.1 | 2y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-37371 | critical | 9.1 | 9.1 | 2y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-35845 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is… | |||
| CVE-2024-35960 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle int… | |||
| CVE-2024-6387 | high | 8.1 | 9.1 | 2y ago | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a… | |||
| CVE-2024-34416 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | |||
| CVE-2024-27053 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to th… | |||
| CVE-2024-31266 | critical | 9.1 | 9.1 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommer… | |||
| CVE-2024-32954 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||
| CVE-2024-32948 | critical | 9.1 | 9.1 | 2y ago | Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |||
| CVE-2024-31345 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | |||
| CVE-2024-31114 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | |||
| CVE-2024-2890 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | |||
| CVE-2024-47076 | high | — | 9.0 | 2y ago | RHSA-2024:7463: cups-filters security update (Important) | |||
| CVE-2024-47176 | high | — | 9.0 | 2y ago | RHSA-2024:7463: cups-filters security update (Important) | |||
| CVE-2024-3596 | critical | 9.0 | 9.0 | 2y ago | RHSA-2024:8860: krb5 security update (Important) | |||
| CVE-2024-21182 | high | 7.5 | 9.0 | 2y ago | Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vu… | |||
| CVE-2024-22144 | critical | 9.0 | 9.0 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Secu… | |||
| CVE-2024-30227 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |||
| CVE-2024-30226 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | |||
| CVE-2024-21626 | high | — | 9.0 | 2y ago | Important: container-tools:4.0 security update | |||
| CVE-2024-51348 | high | 8.8 | 8.8 | 2mo ago | A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction … | |||
| CVE-2024-12913 | high | 8.8 | 8.8 | 9mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue … | |||
| CVE-2024-11142 | high | 8.8 | 8.8 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According t… | |||
| CVE-2024-12918 | high | 8.8 | 8.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection. This issue affects Health4All: before 10.01.2025. | |||
| CVE-2024-12916 | high | 8.8 | 8.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection. This issue affects Life4All: before 10.01.2025. | |||
| CVE-2024-37469 | high | 8.8 | 8.8 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through <= 2.0.22. | |||
| CVE-2024-49627 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | |||
| CVE-2024-49290 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | |||
| CVE-2024-49219 | high | 8.8 | 8.8 | 2y ago | Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. | |||
| CVE-2024-49226 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through <= 2… | |||
| CVE-2024-5958 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection. This issue affects Pane… | |||
| CVE-2024-8164 | high | 8.8 | 8.8 | 2y ago | A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This mani… | |||
| CVE-2024-34444 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. | |||
| CVE-2024-30103 | high | 8.8 | 8.8 | 2y ago | Microsoft Outlook Remote Code Execution Vulnerability | |||
| CVE-2024-31261 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0. | |||
| CVE-2024-35955 | high | 8.8 | 8.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIV… | |||
| CVE-2024-27955 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | |||
| CVE-2024-31113 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | |||
| CVE-2024-33912 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. |