CVEs from 2024
Total
6,614
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22143 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. | |||
| CVE-2024-22290 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3… | |||
| CVE-2024-22283 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a th… | |||
| CVE-2024-3092 | high | 8.7 | 8.7 | 2y ago | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using t… | |||
| CVE-2024-31277 | high | 8.7 | 8.7 | 2y ago | Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. | |||
| CVE-2024-24842 | high | 8.7 | 8.7 | 2y ago | Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance:… | |||
| CVE-2024-40646 | high | 8.6 | 8.6 | 4d ago | Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.… | |||
| CVE-2024-13174 | high | 8.6 | 8.6 | 9mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection. This issue affects Web Application: through… | |||
| CVE-2024-12367 | high | 8.6 | 8.6 | 9mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 th… | |||
| CVE-2024-9149 | high | 8.6 | 8.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Websi… | |||
| CVE-2024-21549 | high | 8.6 | 8.6 | 2y ago | Browsershot Improper Input Validation vulnerability | |||
| CVE-2024-21544 | high | 8.6 | 8.6 | 2y ago | Browsershot Local File Inclusion | |||
| CVE-2024-21542 | high | 8.6 | 8.6 | 2y ago | Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive f… | |||
| CVE-2024-3370 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection. This issue affects Website Template: be… | |||
| CVE-2024-49315 | high | 8.6 | 8.6 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.This issue affects FREE DOW… | |||
| CVE-2024-49253 | high | 8.6 | 8.6 | 2y ago | Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. | |||
| CVE-2024-34378 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. | |||
| CVE-2024-32562 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through… | |||
| CVE-2024-25911 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-12651 | high | 8.5 | 8.5 | 1y ago | Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0. | |||
| CVE-2024-49333 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affec… | |||
| CVE-2024-49303 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affec… | |||
| CVE-2024-49244 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affect… | |||
| CVE-2024-34412 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | |||
| CVE-2024-32710 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||
| CVE-2024-32137 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4. | |||
| CVE-2024-31355 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||
| CVE-2024-31370 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: fro… | |||
| CVE-2024-31234 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | |||
| CVE-2024-31233 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. | |||
| CVE-2024-27191 | high | 8.5 | 8.5 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Slivery Extender slivery-extender allows Remote Code Inclusion.This issue affects Slivery Extender: from n/a thr… | |||
| CVE-2024-30535 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4. | |||
| CVE-2024-30489 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment… | |||
| CVE-2024-31094 | high | 8.5 | 8.5 | 2y ago | Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | |||
| CVE-2024-30243 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. | |||
| CVE-2024-30242 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a th… | |||
| CVE-2024-30240 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7. | |||
| CVE-2024-30239 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6. | |||
| CVE-2024-53326 | high | 7.3 | 8.3 | 29d ago | LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution. | |||
| CVE-2024-45257 | high | 7.3 | 8.3 | 29d ago | A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free… | |||
| CVE-2024-30151 | high | 8.3 | 8.3 | 1mo ago | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing in… | |||
| CVE-2024-12917 | high | 8.3 | 8.3 | 1y ago | Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse. This iss… | |||
| CVE-2024-3727 | high | 8.3 | 8.3 | 2y ago | A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, … | |||
| CVE-2024-2961 | high | 7.3 | 8.3 | 2y ago | RHSA-2024:3269: glibc security update (Important) | |||
| CVE-2024-56182 | high | 8.2 | 8.2 | 1y ago | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versi… | |||
| CVE-2024-56181 | high | 8.2 | 8.2 | 1y ago | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versio… | |||
| CVE-2024-9334 | high | 8.2 | 8.2 | 1y ago | Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Palli… | |||
| CVE-2024-7837 | high | 8.2 | 8.2 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection. This issue affects ERP: through 22.11.2024. NOTE… | |||
| CVE-2024-28960 | high | 8.2 | 8.2 | 2y ago | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. | |||
| CVE-2024-8642 | high | 8.1 | 8.1 | 2y ago | Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit | |||
| CVE-2024-8163 | high | 8.1 | 8.1 | 2y ago | A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of… | |||
| CVE-2024-33599 | high | 8.1 | 8.1 | 2y ago | RHSA-2024:3344: glibc security update (Important) | |||
| CVE-2024-31240 | high | 8.1 | 8.1 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | |||
| CVE-2024-27289 | high | 8.1 | 8.1 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder fo… | |||
| CVE-2024-22305 | high | 8.1 | 8.1 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop f… | |||
| CVE-2024-47191 | high | — | 8.0 | — | pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling… | |||
| CVE-2024-27355 | high | — | 8.0 | 28d ago | phpseclib guardrails needed on OID length | |||
| CVE-2024-43384 | high | 8.0 | 8.0 | 1mo ago | A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. | |||
| CVE-2024-27354 | high | — | 8.0 | 1mo ago | phpseclib: guardrails needed on isPrime and randomPrime | |||
| CVE-2024-5642 | high | — | 8.0 | 6mo ago | CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-re… | |||
| CVE-2024-52006 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2024-58002 | high | — | 8.0 | 11mo ago | Important: kernel security update | |||
| CVE-2024-50349 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2024-56337 | high | — | 8.0 | 11mo ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 throu… | |||
| CVE-2024-6174 | high | — | 8.0 | 11mo ago | RHSA-2025:11324: cloud-init security update (Important) | |||
| CVE-2024-12718 | high | — | 8.0 | 11mo ago | Important: python3.9 security update | |||
| CVE-2024-28956 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-11235 | high | — | 8.0 | 1y ago | Important: php:8.3 security update | |||
| CVE-2024-31157 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-58007 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-28047 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-39279 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-58069 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-53141 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exis… | |||
| CVE-2024-42322 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1… | |||
| CVE-2024-55549 | high | — | 8.0 | 1y ago | RHSA-2025:3615: libxslt security update (Important) | |||
| CVE-2024-54551 | high | — | 8.0 | 1y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content m… | |||
| CVE-2024-54467 | high | — | 8.0 | 1y ago | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website … | |||
| CVE-2024-44192 | high | — | 8.0 | 1y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may… | |||
| CVE-2024-36293 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-31068 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-28127 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-29214 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-24582 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-56171 | high | — | 8.0 | 1y ago | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be va… | |||
| CVE-2024-50264 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-53113 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-57807 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 … | |||
| CVE-2024-54543 | high | — | 8.0 | 1y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processi… | |||
| CVE-2024-21238 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21239 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21193 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-11053 | high | — | 8.0 | 1y ago | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This fl… | |||
| CVE-2024-7264 | high | — | 8.0 | 1y ago | libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length… | |||
| CVE-2024-21237 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21197 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21198 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21218 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21199 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21241 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) |