CVEs from 2024
Total
6,583
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28001 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a thro… | |||
| CVE-2024-27999 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview … | |||
| CVE-2024-29773 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. | |||
| CVE-2024-29758 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-… | |||
| CVE-2024-29794 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through … | |||
| CVE-2024-29791 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoI… | |||
| CVE-2024-29770 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pre… | |||
| CVE-2024-29767 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a… | |||
| CVE-2024-29924 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a… | |||
| CVE-2024-29919 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by … | |||
| CVE-2024-30196 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Butt… | |||
| CVE-2024-30195 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through… | |||
| CVE-2024-29907 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor… | |||
| CVE-2024-25926 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a … | |||
| CVE-2024-24800 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed… | |||
| CVE-2024-24700 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.… | |||
| CVE-2024-22311 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Ap… | |||
| CVE-2024-22300 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers… | |||
| CVE-2024-22299 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This iss… | |||
| CVE-2024-22149 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a t… | |||
| CVE-2024-29091 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Ho… | |||
| CVE-2024-29103 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact F… | |||
| CVE-2024-29126 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections a… | |||
| CVE-2024-29121 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce Licens… | |||
| CVE-2024-29116 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs fo… | |||
| CVE-2024-29110 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database – Tablesome allows Reflected XSS.This issue affects Table … | |||
| CVE-2024-29142 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue aff… | |||
| CVE-2024-29139 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content C… | |||
| CVE-2024-27961 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contac… | |||
| CVE-2024-27197 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. | |||
| CVE-2024-27192 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a thro… | |||
| CVE-2024-25921 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a … | |||
| CVE-2024-56672 | high | 7.0 | 7.0 | 7mo ago | Moderate: kernel security update | |||
| CVE-2024-43882 | high | 7.0 | 7.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is… | |||
| CVE-2024-39503 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race con… | |||
| CVE-2024-26872 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Wri… | |||
| CVE-2024-49903 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits [syzbot reported] ================================================================== BUG: KASAN: slab-… | |||
| CVE-2024-47747 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initi… | |||
| CVE-2024-36899 | high | 7.0 | 7.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27020 | high | 7.0 | 7.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27397 | high | 7.0 | 7.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26974 | high | 7.0 | 7.0 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2024-34027 | high | 7.0 | 7.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_bl… | |||
| CVE-2024-12970 | low | 3.9 | 3.9 | 1y ago | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection. This issue affects Pardu… | |||
| CVE-2024-31265 | low | 3.7 | 3.7 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | |||
| CVE-2024-7083 | low | 3.5 | 3.5 | 2mo ago | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks… | |||
| CVE-2024-47175 | low | — | 3.5 | 2y ago | Low: cups security update | |||
| CVE-2024-6006 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The … | |||
| CVE-2024-6005 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. … | |||
| CVE-2024-6807 | low | 3.4 | 3.4 | 2y ago | A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/cla… | |||
| CVE-2024-50044 | low | 3.3 | 3.3 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must ne… | |||
| CVE-2024-35935 | low | 3.3 | 3.3 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path … | |||
| CVE-2024-28085 | low | 3.3 | 3.3 | 2y ago | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from … | |||
| CVE-2024-42206 | low | 3.1 | 3.1 | 5d ago | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | |||
| CVE-2024-3932 | low | 3.1 | 3.1 | 2y ago | A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. I… | |||
| CVE-2024-47272 | low | 2.7 | 2.7 | 11d ago | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to … | |||
| CVE-2024-47270 | low | 2.7 | 2.7 | 11d ago | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra… | |||
| CVE-2024-47267 | low | 2.7 | 2.7 | 11d ago | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows … | |||
| CVE-2024-10492 | low | 2.7 | 2.7 | 2y ago | Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path | |||
| CVE-2024-30507 | low | 2.7 | 2.7 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | |||
| CVE-2024-56433 | low | — | 2.5 | 7mo ago | Low: shadow-utils security update | |||
| CVE-2024-54677 | low | — | 2.5 | 2y ago | Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.… | |||
| CVE-2024-7592 | low | — | 2.5 | 2y ago | There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie… | |||
| CVE-2024-52800 | low | — | 2.5 | 2y ago | veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability | |||
| CVE-2024-27043 | low | — | 2.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several erro… | |||
| CVE-2024-4603 | low | — | 2.5 | 2y ago | Low: openssl security update | |||
| CVE-2024-6126 | low | — | 2.5 | 2y ago | A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. | |||
| CVE-2024-2313 | low | — | 2.5 | 2y ago | RHSA-2024:8830: bpftrace security update (Low) | |||
| CVE-2024-2314 | low | — | 2.5 | 2y ago | RHSA-2024:8831: bcc security update (Low) | |||
| CVE-2024-5742 | low | — | 2.5 | 2y ago | RHSA-2024:6986: nano security update (Low) | |||
| CVE-2024-4741 | low | — | 2.5 | 2y ago | Low: openssl security update | |||
| CVE-2024-6501 | low | — | 2.5 | 2y ago | Low: NetworkManager security update | |||
| CVE-2024-26461 | low | — | 2.5 | 2y ago | RHSA-2024:3268: krb5 security update (Low) | |||
| CVE-2024-29038 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |||
| CVE-2024-26458 | low | — | 2.5 | 2y ago | RHSA-2024:3268: krb5 security update (Low) | |||
| CVE-2024-29039 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |||
| CVE-2024-36387 | low | — | 2.5 | 2y ago | Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. | |||
| CVE-2024-4032 | low | — | 2.5 | 2y ago | Low: python3 security update | |||
| CVE-2024-4418 | low | — | 2.5 | 2y ago | RHSA-2024:4351: virt:rhel and virt-devel:rhel security and bug fix update (Low) | |||
| CVE-2024-5629 | low | — | 2.5 | 2y ago | RHSA-2025:8419: python36:3.6 security update (Low) | |||
| CVE-2024-35176 | low | — | 2.5 | 2y ago | RHSA-2024:5338: pcs security update (Low) | |||
| CVE-2024-25629 | low | — | 2.5 | 2y ago | RHSA-2024:4249: c-ares security update (Low) | |||
| CVE-2024-3864 | low | — | 2.5 | 2y ago | Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited… | |||
| CVE-2024-2609 | low | — | 2.5 | 2y ago | The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR … | |||
| CVE-2024-3859 | low | — | 2.5 | 2y ago | On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox E… | |||
| CVE-2024-3857 | low | — | 2.5 | 2y ago | The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, … | |||
| CVE-2024-3852 | low | — | 2.5 | 2y ago | GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||
| CVE-2024-3302 | low | — | 2.5 | 2y ago | There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firef… | |||
| CVE-2024-3854 | low | — | 2.5 | 2y ago | In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 11… | |||
| CVE-2024-3861 | low | — | 2.5 | 2y ago | If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 11… | |||
| CVE-2024-2408 | low | — | 2.5 | 3y ago | RHSA-2023:7877: openssl security update (Low) | |||
| CVE-2024-6344 | low | 2.4 | 2.4 | 2y ago | A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of t… |