CVEs from 2024
Total
6,633
critical
critical 166
high
high 1,073
medium
medium 2,066
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9149 | high | 8.6 | 8.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Websi… | |||
| CVE-2024-21549 | high | 8.6 | 8.6 | 2y ago | Browsershot Improper Input Validation vulnerability | |||
| CVE-2024-21544 | high | 8.6 | 8.6 | 2y ago | Browsershot Local File Inclusion | |||
| CVE-2024-21542 | high | 8.6 | 8.6 | 2y ago | Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive f… | |||
| CVE-2024-3370 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection. This issue affects Website Template: be… | |||
| CVE-2024-49315 | high | 8.6 | 8.6 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.This issue affects FREE DOW… | |||
| CVE-2024-49253 | high | 8.6 | 8.6 | 2y ago | Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. | |||
| CVE-2024-34378 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. | |||
| CVE-2024-32562 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through… | |||
| CVE-2024-25911 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-12651 | high | 8.5 | 8.5 | 1y ago | Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0. | |||
| CVE-2024-49333 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affec… | |||
| CVE-2024-49303 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affec… | |||
| CVE-2024-49244 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affect… | |||
| CVE-2024-34412 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | |||
| CVE-2024-32710 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||
| CVE-2024-32137 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4. | |||
| CVE-2024-31355 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||
| CVE-2024-31370 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: fro… | |||
| CVE-2024-31234 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | |||
| CVE-2024-31233 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. | |||
| CVE-2024-27191 | high | 8.5 | 8.5 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Slivery Extender slivery-extender allows Remote Code Inclusion.This issue affects Slivery Extender: from n/a thr… | |||
| CVE-2024-30535 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4. | |||
| CVE-2024-30489 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment… | |||
| CVE-2024-31094 | high | 8.5 | 8.5 | 2y ago | Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | |||
| CVE-2024-30243 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. | |||
| CVE-2024-30242 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a th… | |||
| CVE-2024-30240 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7. | |||
| CVE-2024-30239 | high | 8.5 | 8.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6. | |||
| CVE-2024-53326 | high | 7.3 | 8.3 | 27d ago | LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution. | |||
| CVE-2024-45257 | high | 7.3 | 8.3 | 27d ago | A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free… | |||
| CVE-2024-30151 | high | 8.3 | 8.3 | 28d ago | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing in… | |||
| CVE-2024-12917 | high | 8.3 | 8.3 | 1y ago | Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse. This iss… | |||
| CVE-2024-3727 | high | 8.3 | 8.3 | 2y ago | A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, … | |||
| CVE-2024-2961 | high | 7.3 | 8.3 | 2y ago | RHSA-2024:3269: glibc security update (Important) | |||
| CVE-2024-56182 | high | 8.2 | 8.2 | 1y ago | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versi… | |||
| CVE-2024-56181 | high | 8.2 | 8.2 | 1y ago | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versio… | |||
| CVE-2024-9334 | high | 8.2 | 8.2 | 1y ago | Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Palli… | |||
| CVE-2024-7837 | high | 8.2 | 8.2 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection. This issue affects ERP: through 22.11.2024. NOTE… | |||
| CVE-2024-8642 | high | 8.1 | 8.1 | 2y ago | Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit | |||
| CVE-2024-8163 | high | 8.1 | 8.1 | 2y ago | A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of… | |||
| CVE-2024-33599 | high | 8.1 | 8.1 | 2y ago | RHSA-2024:3344: glibc security update (Important) | |||
| CVE-2024-31240 | high | 8.1 | 8.1 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | |||
| CVE-2024-27289 | high | 8.1 | 8.1 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder fo… | |||
| CVE-2024-22305 | high | 8.1 | 8.1 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop f… | |||
| CVE-2024-47191 | high | — | 8.0 | — | pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling… | |||
| CVE-2024-27355 | high | — | 8.0 | 26d ago | phpseclib guardrails needed on OID length | |||
| CVE-2024-43384 | high | 8.0 | 8.0 | 28d ago | A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. | |||
| CVE-2024-27354 | high | — | 8.0 | 28d ago | phpseclib: guardrails needed on isPrime and randomPrime | |||
| CVE-2024-5642 | high | — | 8.0 | 6mo ago | CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-re… | |||
| CVE-2024-58002 | high | — | 8.0 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the… | |||
| CVE-2024-52006 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2024-50349 | high | — | 8.0 | 11mo ago | RHSA-2025:11534: git security update (Important) | |||
| CVE-2024-56337 | high | — | 8.0 | 11mo ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 throu… | |||
| CVE-2024-6174 | high | — | 8.0 | 11mo ago | RHSA-2025:11324: cloud-init security update (Important) | |||
| CVE-2024-12718 | high | — | 8.0 | 11mo ago | Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerabi… | |||
| CVE-2024-39279 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-28047 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-31157 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-11235 | high | — | 8.0 | 1y ago | Important: php:8.3 security update | |||
| CVE-2024-58007 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant … | |||
| CVE-2024-53141 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exis… | |||
| CVE-2024-58069 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regma… | |||
| CVE-2024-42322 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1… | |||
| CVE-2024-55549 | high | — | 8.0 | 1y ago | RHSA-2025:3615: libxslt security update (Important) | |||
| CVE-2024-54551 | high | — | 8.0 | 1y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content m… | |||
| CVE-2024-54467 | high | — | 8.0 | 1y ago | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website … | |||
| CVE-2024-44192 | high | — | 8.0 | 1y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may… | |||
| CVE-2024-36293 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-31068 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-28127 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-29214 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-24582 | high | — | 8.0 | 1y ago | RHEA-2025:3114: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2024-56171 | high | — | 8.0 | 1y ago | RHSA-2025:2686: libxml2 security update (Important) | |||
| CVE-2024-53113 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zon… | |||
| CVE-2024-57807 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 … | |||
| CVE-2024-54543 | high | — | 8.0 | 1y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processi… | |||
| CVE-2024-12705 | high | — | 8.0 | 1y ago | Important: bind9.18 security update | |||
| CVE-2024-21201 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21196 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21194 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21197 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21193 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21239 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-7264 | high | — | 8.0 | 1y ago | libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length… | |||
| CVE-2024-21230 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21236 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21218 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-11053 | high | — | 8.0 | 1y ago | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This fl… | |||
| CVE-2024-21247 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21241 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21199 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21203 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21219 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21198 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21213 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21212 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21237 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-11187 | high | — | 8.0 | 1y ago | RHSA-2025:1676: bind9.16 security update (Important) | |||
| CVE-2024-21231 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) |