CVEs from 2024
Total
6,593
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28001 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a thro… | |||
| CVE-2024-27999 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview … | |||
| CVE-2024-29773 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. | |||
| CVE-2024-29758 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-… | |||
| CVE-2024-29794 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through … | |||
| CVE-2024-29791 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoI… | |||
| CVE-2024-29770 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pre… | |||
| CVE-2024-29767 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a… | |||
| CVE-2024-29924 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a… | |||
| CVE-2024-29919 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by … | |||
| CVE-2024-30196 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Butt… | |||
| CVE-2024-30195 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through… | |||
| CVE-2024-29907 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor… | |||
| CVE-2024-25926 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a … | |||
| CVE-2024-24800 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed… | |||
| CVE-2024-24700 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.… | |||
| CVE-2024-22311 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Ap… | |||
| CVE-2024-22300 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers… | |||
| CVE-2024-22299 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This iss… | |||
| CVE-2024-22149 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a t… | |||
| CVE-2024-29091 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Ho… | |||
| CVE-2024-29103 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact F… | |||
| CVE-2024-29126 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections a… | |||
| CVE-2024-29121 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce Licens… | |||
| CVE-2024-29116 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs fo… | |||
| CVE-2024-29110 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database – Tablesome allows Reflected XSS.This issue affects Table … | |||
| CVE-2024-29142 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue aff… | |||
| CVE-2024-29139 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content C… | |||
| CVE-2024-27961 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contac… | |||
| CVE-2024-27197 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. | |||
| CVE-2024-27192 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a thro… | |||
| CVE-2024-25921 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a … | |||
| CVE-2024-56672 | high | 7.0 | 7.0 | 7mo ago | Moderate: kernel security update | |||
| CVE-2024-43882 | high | 7.0 | 7.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is… | |||
| CVE-2024-39503 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race con… | |||
| CVE-2024-26872 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Wri… | |||
| CVE-2024-49903 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits [syzbot reported] ================================================================== BUG: KASAN: slab-… | |||
| CVE-2024-47747 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initi… | |||
| CVE-2024-36899 | high | 7.0 | 7.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27020 | high | 7.0 | 7.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27397 | high | 7.0 | 7.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26974 | high | 7.0 | 7.0 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2024-34027 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_bl… | |||
| CVE-2024-12970 | low | 3.9 | 3.9 | 1y ago | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection. This issue affects Pardu… | |||
| CVE-2024-31265 | low | 3.7 | 3.7 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | |||
| CVE-2024-7083 | low | 3.5 | 3.5 | 2mo ago | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks… | |||
| CVE-2024-47175 | low | — | 3.5 | 2y ago | Low: cups security update | |||
| CVE-2024-6006 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The … | |||
| CVE-2024-6005 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. … | |||
| CVE-2024-6807 | low | 3.4 | 3.4 | 2y ago | A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/cla… | |||
| CVE-2024-50044 | low | 3.3 | 3.3 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must ne… | |||
| CVE-2024-35935 | low | 3.3 | 3.3 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path … | |||
| CVE-2024-28085 | low | 3.3 | 3.3 | 2y ago | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from … | |||
| CVE-2024-42206 | low | 3.1 | 3.1 | 4d ago | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | |||
| CVE-2024-3932 | low | 3.1 | 3.1 | 2y ago | A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. I… | |||
| CVE-2024-47272 | low | 2.7 | 2.7 | 11d ago | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to … | |||
| CVE-2024-47270 | low | 2.7 | 2.7 | 11d ago | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra… | |||
| CVE-2024-47267 | low | 2.7 | 2.7 | 11d ago | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows … | |||
| CVE-2024-10492 | low | 2.7 | 2.7 | 2y ago | Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path | |||
| CVE-2024-30507 | low | 2.7 | 2.7 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | |||
| CVE-2024-7399 | unknown | — | 2.5 | 1mo ago | Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority. | |||
| CVE-2024-56433 | low | — | 2.5 | 7mo ago | Low: shadow-utils security update | |||
| CVE-2024-57727 | unknown | — | 2.5 | 1y ago | SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP r… | |||
| CVE-2024-12356 | unknown | — | 2.5 | 2y ago | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site use… | |||
| CVE-2024-56145 | unknown | — | 2.5 | 2y ago | Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled. | |||
| CVE-2024-54677 | low | — | 2.5 | 2y ago | Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.… | |||
| CVE-2024-55956 | unknown | — | 2.5 | 2y ago | Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitra… | |||
| CVE-2024-35250 | unknown | — | 2.5 | 2y ago | Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. | |||
| CVE-2024-20767 | unknown | — | 2.5 | 2y ago | Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. | |||
| CVE-2024-7592 | low | — | 2.5 | 2y ago | There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie… | |||
| CVE-2024-49138 | unknown | — | 2.5 | 2y ago | Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. | |||
| CVE-2024-51378 | unknown | — | 2.5 | 2y ago | CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property. | |||
| CVE-2024-11680 | unknown | — | 2.5 | 2y ago | ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP re… | |||
| CVE-2024-52800 | low | — | 2.5 | 2y ago | veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability | |||
| CVE-2024-27043 | low | — | 2.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several erro… | |||
| CVE-2024-1212 | unknown | — | 2.5 | 2y ago | Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbi… | |||
| CVE-2024-0012 | unknown | — | 2.5 | 2y ago | Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators. | |||
| CVE-2024-9474 | unknown | — | 2.5 | 2y ago | Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls … | |||
| CVE-2024-29038 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |||
| CVE-2024-26458 | low | — | 2.5 | 2y ago | RHSA-2024:3268: krb5 security update (Low) | |||
| CVE-2024-6126 | low | — | 2.5 | 2y ago | A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. | |||
| CVE-2024-29039 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |||
| CVE-2024-4741 | low | — | 2.5 | 2y ago | Low: openssl security update | |||
| CVE-2024-5742 | low | — | 2.5 | 2y ago | RHSA-2024:6986: nano security update (Low) | |||
| CVE-2024-2314 | low | — | 2.5 | 2y ago | RHSA-2024:8831: bcc security update (Low) | |||
| CVE-2024-2313 | low | — | 2.5 | 2y ago | RHSA-2024:8830: bpftrace security update (Low) | |||
| CVE-2024-6501 | low | — | 2.5 | 2y ago | Low: NetworkManager security update | |||
| CVE-2024-26461 | low | — | 2.5 | 2y ago | RHSA-2024:3268: krb5 security update (Low) | |||
| CVE-2024-4603 | low | — | 2.5 | 2y ago | Low: openssl security update | |||
| CVE-2024-5910 | unknown | — | 2.5 | 2y ago | Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration … | |||
| CVE-2024-51567 | unknown | — | 2.5 | 2y ago | CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root. | |||
| CVE-2024-36387 | low | — | 2.5 | 2y ago | Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. | |||
| CVE-2024-37383 | unknown | — | 2.5 | 2y ago | RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code. | |||
| CVE-2024-47575 | unknown | — | 2.5 | 2y ago | Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted re… | |||
| CVE-2024-28987 | unknown | — | 2.5 | 2y ago | SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. | |||
| CVE-2024-29824 | unknown | — | 2.5 | 2y ago | Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-6670 | unknown | — | 2.5 | 2y ago | Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user. | |||
| CVE-2024-38856 | unknown | — | 2.5 | 2y ago | Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker. | |||
| CVE-2024-38193 | unknown | — | 2.5 | 2y ago | Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. | |||
| CVE-2024-32113 | unknown | — | 2.5 | 2y ago | Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution. |