| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-22002 | CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in th... | | |
| CVE-2024-22004 | Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read | | |
| CVE-2024-22005 | there is a possible Authentication Bypass due to improperly used crypto. This could lead to local es... | | |
| CVE-2024-22006 | OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of th... | | |
| CVE-2024-22007 | In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. ... | | |
| CVE-2024-22008 | In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds... | | |
| CVE-2024-22009 | In init_data of , there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2024-22010 | In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check... | | |
| CVE-2024-22011 | In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to ... | | |
| CVE-2024-22012 | there is a possible out of bounds write due to a missing bounds check. This could lead to local esca... | | |
| CVE-2024-22013 | U-Boot environment is read from unauthenticated partition.... | | |
| CVE-2024-22014 | An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers... | | |
| CVE-2024-22015 | Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an au... | | |
| CVE-2024-22016 | Incorrect Permission Assignment for Critical Resource in Rapid SCADA | M | |
| CVE-2024-22017 | setuid() does not affect libuv's internal io_uring operations if initialized before the call to setu... | | |
| CVE-2024-22018 | A vulnerability has been identified in Node.js, affecting users of the experimental permission model... | | |
| CVE-2024-22019 | A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request ... | | |
| CVE-2024-22020 | A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network... | | |
| CVE-2024-22021 | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (P... | | |
| CVE-2024-22022 | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-... | | |
| CVE-2024-22023 | An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) ... | | |
| CVE-2024-22024 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.... | | |
| CVE-2024-22025 | A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack throug... | | |
| CVE-2024-22026 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local use... | | |
| CVE-2024-22027 | Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a rem... | | |
| CVE-2024-22028 | Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions... | | |
| CVE-2024-22029 | tomcat packaging allows for escalation to root from tomcat user | | |
| CVE-2024-22030 | Rancher agents can be hijacked by taking over the Rancher Server URL | | |
| CVE-2024-22032 | Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec | | |
| CVE-2024-22033 | obs-service-download_url is vulnerable to argument injection | | |
| CVE-2024-22034 | Crafted projects can overwrite special files in the .osc config directory | | |
| CVE-2024-22036 | Rancher Remote Code Execution via Cluster/Node Drivers | | |
| CVE-2024-22037 | Database password leaked by systemd uyuni-server-attestation service | | |
| CVE-2024-22038 | DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge | | |
| CVE-2024-22039 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerber... | S | |
| CVE-2024-22040 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO... | | |
| CVE-2024-22041 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO... | | |
| CVE-2024-22042 | A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in... | | |
| CVE-2024-22043 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (... | | |
| CVE-2024-22044 | A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (A... | | |
| CVE-2024-22045 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The p... | S | |
| CVE-2024-22047 | Audited Log Integrity Errors Due to Race Condition | S | |
| CVE-2024-22048 | govuk_tech_docs XSS Vulnerability | S | |
| CVE-2024-22049 | httparty Multipart/Form-Data Request Tampering Vulnerability | E S | |
| CVE-2024-22050 | Iodine Static File Server Path Traversal Vulnerability | S | |
| CVE-2024-22051 | CommonMarker Integer Overflow Vulnerability | S | |
| CVE-2024-22052 | A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and... | | |
| CVE-2024-22053 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Pol... | | |
| CVE-2024-22054 | A malformed discovery packet sent by a malicious actor with preexisting access to the network could ... | | |
| CVE-2024-22058 | A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed ... | | |
| CVE-2024-22059 | A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authentica... | | |
| CVE-2024-22060 | An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remot... | | |
| CVE-2024-22061 | A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows... | | |
| CVE-2024-22062 | Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI | S | |
| CVE-2024-22063 | ZTE ZENIC ONE R58 product has a CSV injection vulnerability | | |
| CVE-2024-22064 | Configuration error Vulnerability in ZTE ZXUN-ePDG | S | |
| CVE-2024-22065 | ZTE MF258 Pro product has a OS Command injection vulnerability | | |
| CVE-2024-22066 | There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router .... | | |
| CVE-2024-22067 | ZTE NH8091 product has an improper permission control vulnerability | | |
| CVE-2024-22068 | Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router | | |
| CVE-2024-22069 | Permission and Access Control Vulnerability in ZXV10 XT802/ET301 | S | |
| CVE-2024-22074 | Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1... | | |
| CVE-2024-22075 | Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.... | | |
| CVE-2024-22076 | MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary... | | |
| CVE-2024-22077 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite... | | |
| CVE-2024-22078 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege ... | | |
| CVE-2024-22079 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory ... | | |
| CVE-2024-22080 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenti... | | |
| CVE-2024-22081 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenti... | | |
| CVE-2024-22082 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenti... | | |
| CVE-2024-22083 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcode... | | |
| CVE-2024-22084 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext ... | | |
| CVE-2024-22085 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow... | | |
| CVE-2024-22086 | handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a l... | E M | |
| CVE-2024-22087 | route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow ... | E M | |
| CVE-2024-22088 | Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h vi... | E M | |
| CVE-2024-22091 | Excessive resource consumption due to lack to request path size limits | S | |
| CVE-2024-22092 | Bundlemanager has an authentication bypass vulnerability | | |
| CVE-2024-22093 | Appliance mode iControl REST vulnerability | | |
| CVE-2024-22095 | Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Serve... | | |
| CVE-2024-22096 | Relative Path Traversal in Rapid SCADA | M | |
| CVE-2024-22097 | A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Pro... | E | |
| CVE-2024-22098 | AVSession has a use after free vulnerability | | |
| CVE-2024-22099 | NULL pointer deference in rfcomm_check_security in Linux kernel | S | |
| CVE-2024-22100 | MicroDicom DICOM Heap-based Buffer Overflow | S | |
| CVE-2024-22102 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cau... | | |
| CVE-2024-22103 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a... | | |
| CVE-2024-22104 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a... | | |
| CVE-2024-22105 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cau... | | |
| CVE-2024-22106 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate pr... | | |
| CVE-2024-22107 | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAct... | E | |
| CVE-2024-22108 | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /o... | E | |
| CVE-2024-22113 | Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earl... | M | |
| CVE-2024-22114 | System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission | | |
| CVE-2024-22116 | Remote code execution within ping script | | |
| CVE-2024-22117 | Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added | | |
| CVE-2024-22119 | Stored XSS in graph items select form | E S | |
| CVE-2024-22120 | Time Based SQL Injection in Zabbix Server Audit Log | | |
| CVE-2024-22121 | Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe | | |
| CVE-2024-22122 | AT(GSM) Command Injection | | |
| CVE-2024-22123 | Zabbix Arbitrary File Read | | |
| CVE-2024-22124 | Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager | | |
| CVE-2024-22125 | Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) | | |
| CVE-2024-22126 | Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application) | | |
| CVE-2024-22127 | Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in) | | |
| CVE-2024-22128 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML | | |
| CVE-2024-22129 | Cross-Site Scripting (XSS) vulnerability in SAP Companion | | |
| CVE-2024-22130 | Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI | | |
| CVE-2024-22131 | Code Injection vulnerability in SAP ABA (Application Basis) | | |
| CVE-2024-22132 | Code Injection vulnerability in SAP IDES Systems | | |
| CVE-2024-22133 | Improper Access Control in SAP Fiori Front End Server | | |
| CVE-2024-22134 | WordPress Contact Form 7 Extension For Mailchimp Plugin <= 0.5.70 is vulnerable to Server Side Request Forgery (SSRF) | | |
| CVE-2024-22135 | WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload | S | |
| CVE-2024-22136 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-22137 | WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22138 | WordPress Seraphinite Accelerator plugin <= 2.20.47 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2024-22139 | WordPress WordPress Manutenção plugin <= 1.0.6 - Bypass vulnerability | S | |
| CVE-2024-22140 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-22141 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2024-22142 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22143 | WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-22144 | WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability | S | |
| CVE-2024-22145 | WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability | S | |
| CVE-2024-22146 | WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22147 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.7.5 is vulnerable to SQL Injection | S | |
| CVE-2024-22148 | WordPress WP Smart Editor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22149 | WordPress cformsII plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-22150 | WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22151 | WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability | S | |
| CVE-2024-22152 | WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload | S | |
| CVE-2024-22153 | WordPress Stock Locations for WooCommerce Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22154 | WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2024-22155 | WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-22156 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability | S | |
| CVE-2024-22157 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability | S | |
| CVE-2024-22158 | WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22159 | WordPress WOLF Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22160 | WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22161 | WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22162 | WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22163 | WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22164 | Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments | | |
| CVE-2024-22165 | Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation | | |
| CVE-2024-22167 | SanDisk PrivateAccess DLL Hijacking Vulnerability | S | |
| CVE-2024-22168 | Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps | S | |
| CVE-2024-22169 | Misconfiguration in node.js causing a code execution in WD Discovery | S | |
| CVE-2024-22170 | Unchecked buffer in Dynamic DNS client | | |
| CVE-2024-22177 | Audio has an improper preservation of permissions vulnerability | | |
| CVE-2024-22178 | A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Ope... | E | |
| CVE-2024-22179 | Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data | M | |
| CVE-2024-22180 | Camera has a use after free vulnerability | | |
| CVE-2024-22181 | An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specia... | E | |
| CVE-2024-22182 | Commend WS203VICM Argument Injection | S | |
| CVE-2024-22184 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before versi... | S | |
| CVE-2024-22185 | Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a ... | | |
| CVE-2024-22186 | Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking | M | |
| CVE-2024-22187 | A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnos... | E | |
| CVE-2024-22188 | TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execut... | | |
| CVE-2024-22189 | QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack | | |
| CVE-2024-22190 | Untrusted search path under some conditions on Windows allows arbitrary code execution | S | |
| CVE-2024-22191 | Stored cross-site scripting (XSS) in `key_value` field in Avo | E S | |
| CVE-2024-22192 | Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders | | |
| CVE-2024-22193 | vantage6 unencrypted task can be created in encrypted collaboration | S | |
| CVE-2024-22194 | cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code | E S | |
| CVE-2024-22195 | Jinja vulnerable to Cross-Site Scripting (XSS) | | |
| CVE-2024-22196 | Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) | E S | |
| CVE-2024-22197 | Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) | E S | |
| CVE-2024-22198 | Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) | E S | |
| CVE-2024-22199 | Django Template Engine Vulnerable to XSS | S | |
| CVE-2024-22200 | vantage6-UI docker image leaks software version information | S | |
| CVE-2024-22201 | Jetty connection leaking on idle timeout when TCP congested | | |
| CVE-2024-22202 | User Removal Page Allows Spoofing Of User Details | E S | |
| CVE-2024-22203 | Whoogle Search Server Side Request Forgery vulnerability | E S | |
| CVE-2024-22204 | Whoogle Search Limited File Write vulnerability | E S | |
| CVE-2024-22205 | Whoogle Search Server Side Request Forgery vulnerability | E S | |
| CVE-2024-22206 | @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) | S | |
| CVE-2024-22207 | Default swagger-ui configuration exposes all files in the module | S | |
| CVE-2024-22208 | phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes | E S | |
| CVE-2024-22209 | XBlock custom auth does not respect JWT Scopes | E S | |
| CVE-2024-22211 | FreeRDP integer Overflow leading to Heap Overflow | E S | |
| CVE-2024-22212 | Nextcloud global site selector authentication bypass | S | |
| CVE-2024-22213 | Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app | E S | |
| CVE-2024-22216 | In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers... | | |
| CVE-2024-22217 | A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticate... | | |
| CVE-2024-22218 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC version... | | |
| CVE-2024-22219 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC version... | | |
| CVE-2024-22220 | An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank ... | | |
| CVE-2024-22221 | Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker ... | | |
| CVE-2024-22222 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_ud... | | |
| CVE-2024-22223 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cb... | | |
| CVE-2024-22224 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas ut... | | |
| CVE-2024-22225 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_suppor... | | |
| CVE-2024-22226 | Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist ... | | |
| CVE-2024-22227 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc uti... | | |
| CVE-2024-22228 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssu... | | |
| CVE-2024-22229 | Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by a... | | |
| CVE-2024-22230 | Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated ... | | |
| CVE-2024-22231 | Syndic cache directory creation is vulnerable to a directory traversal attack | | |
| CVE-2024-22232 | Specially crafted url can be created which leads to a directory traversal in the salt file server | | |
| CVE-2024-22233 | CVE-2024-22233: Spring Framework server Web DoS Vulnerability | | |
| CVE-2024-22234 | CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated | | |
| CVE-2024-22235 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with a... | | |
| CVE-2024-22236 | In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions... | | |
| CVE-2024-22237 | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user wit... | | |
| CVE-2024-22238 | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with a... | | |
| CVE-2024-22239 | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user wit... | | |
| CVE-2024-22240 | Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin ... | | |
| CVE-2024-22241 | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with a... | | |
| CVE-2024-22243 | CVE-2024-22243: Spring Framework URL Parsing with Host Validation | | |
| CVE-2024-22244 | Harbor Open Redirect URL | | |
| CVE-2024-22245 | Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin | | |
| CVE-2024-22246 | VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading t... | | |
| CVE-2024-22247 | VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A mali... | | |
| CVE-2024-22248 | VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able t... | | |
| CVE-2024-22250 | Session Hijack Vulnerability in Deprecated EAP Browser Plugin | | |
| CVE-2024-22251 | Out-of-bounds read vulnerability | | |
| CVE-2024-22252 | Use-after-free vulnerability | | |
| CVE-2024-22253 | Use-after-free vulnerability | | |
| CVE-2024-22254 | Out-of-bounds write vulnerability | | |
| CVE-2024-22255 | Information disclosure vulnerability | | |
| CVE-2024-22256 | VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can... | S | |
| CVE-2024-22257 | In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to ... | | |
| CVE-2024-22258 | CVE-2024-22258: PKCE Downgrade in Spring Authorization Server | | |
| CVE-2024-22259 | CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report) | | |
| CVE-2024-22260 | VMware Workspace One UEM update addresses an information exposure vulnerability. A malicious actor ... | | |
| CVE-2024-22261 | SQL Injection in Harbor scan log API | | |
| CVE-2024-22262 | CVE-2024-22262: Spring Framework URL Parsing with Host Validation | | |
| CVE-2024-22263 | Arbitrary File Write Vulnerability in Spring Cloud Data Flow | | |
| CVE-2024-22264 | VMware Avi Load Balancer updates address multiple vulnerabilities | | |
| CVE-2024-22266 | VMware Avi Load Balancer updates address multiple vulnerabilities | | |
| CVE-2024-22267 | VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A mal... | | |
| CVE-2024-22268 | VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionali... | | |
| CVE-2024-22269 | VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth devi... | | |
| CVE-2024-22270 | VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File... | | |
| CVE-2024-22271 | Spring Cloud Function Web DOS Vulnerability | | |
| CVE-2024-22272 | VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated t... | | |
| CVE-2024-22273 | The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulner... | | |
| CVE-2024-22274 | The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor ... | | |
| CVE-2024-22275 | The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative... | | |
| CVE-2024-22276 | VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulner... | | |
| CVE-2024-22277 | VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor wit... | | |
| CVE-2024-22278 | Harbor fails to validate the user permissions when updating project configurations | | |
| CVE-2024-22279 | GoRouter Denial of Service Attack | | |
| CVE-2024-22280 | VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280) | | |
| CVE-2024-22281 | Apache Helix Front (UI): Helix front hard-coded secret in the express-session | | |
| CVE-2024-22282 | WordPress SimpleMap Store Locator Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22283 | WordPress Delhivery Logistics Courier Plugin <= 1.0.107 is vulnerable to SQL Injection | | |
| CVE-2024-22284 | WordPress Asgaros Forum Plugin <= 2.7.2 is vulnerable to PHP Object Injection | S | |
| CVE-2024-22285 | WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-22286 | WordPress BA Plus Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22287 | WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-22288 | WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-22289 | WordPress Post views Stats Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22290 | WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-22291 | WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-22292 | WordPress WP To Do Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22293 | WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22294 | WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2024-22295 | WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22296 | WordPress 12 Step Meeting List plugin <= 3.14.28 - Broken Access Control vulnerability | S | |
| CVE-2024-22297 | WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22298 | WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability | S | |
| CVE-2024-22299 | WordPress FV Player plugin <= 7.5.41.7212 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-22300 | WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-22301 | WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Sensitive Data Exposure | | |
| CVE-2024-22302 | WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22303 | WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability | S | |
| CVE-2024-22304 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-22305 | WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2024-22306 | WordPress Mang Board WP Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-22307 | WordPress WP-Lister Lite for eBay Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22308 | WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection | S | |
| CVE-2024-22309 | WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection | S | |
| CVE-2024-22310 | WordPress Formzu WP Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-22311 | WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-22312 | IBM Storage Defender - Resiliency Service information disclosure | S | |
| CVE-2024-22313 | IBM Storage Defender - Resiliency Service information disclosure | S | |
| CVE-2024-22314 | IBM Storage Defender - Resiliency Service information disclosure | | |
| CVE-2024-22315 | IBM Fusion improper communication restriction | | |
| CVE-2024-22316 | IBM Sterling File Gateway improper access control | | |
| CVE-2024-22317 | IBM App Connect Enterprise denial of service | S | |
| CVE-2024-22318 | IBM i Access Client Solutions information disclosure | | |
| CVE-2024-22319 | IBM Operational Decision Manager JDNI injection | S | |
| CVE-2024-22320 | IBM Operational Decision Manager code execution | S | |
| CVE-2024-22326 | IBM System Storage improper authentication | | |
| CVE-2024-22328 | IBM Maximo Application Suite information disclosure | | |
| CVE-2024-22329 | IBM WebSphere Application Server server-side request forgery | | |
| CVE-2024-22331 | IBM UrbanCode Deploy information disclosure | | |
| CVE-2024-22332 | IBM Integration Bus for z/OS denial of service | | |
| CVE-2024-22333 | IBM Maximo Application Suite information disclosure | | |
| CVE-2024-22334 | IBM UrbanCode Deploy improper privilege control | | |
| CVE-2024-22335 | IBM QRadar Suite information disclosure | | |
| CVE-2024-22336 | IBM QRadar Suite information disclosure | | |
| CVE-2024-22337 | IBM QRadar Suite information disclosure | | |
| CVE-2024-22338 | IBM Security Verify Access OIDC Provider information disclosure | | |
| CVE-2024-22339 | IBM UrbanCode Deploy information disclosure | | |
| CVE-2024-22340 | IBM Common Cryptographic Architecture information disclosure | | |
| CVE-2024-22341 | IBM Watson Query on Cloud Pak for Data information disclosure | | |
| CVE-2024-22343 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2024-22344 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2024-22345 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2024-22346 | IBM i privilege escalation | S | |
| CVE-2024-22347 | IBM UrbanCode Velocity information disclosure | | |
| CVE-2024-22348 | IBM UrbanCode Velocity cross-origin resource sharing | | |
| CVE-2024-22349 | IBM UrbanCode Velocity information disclosure | | |
| CVE-2024-22351 | IBM InfoSphere Information Server session fixation | | |
| CVE-2024-22352 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2024-22353 | IBM WebSphere Application Server Liberty denial of service | | |
| CVE-2024-22354 | IBM WebSphere Application Server XML external entity injection | | |
| CVE-2024-22355 | IBM QRadar Suite information dislosure | | |
| CVE-2024-22356 | IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure | S | |
| CVE-2024-22357 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2024-22358 | IBM UrbanCode Deploy session fixation | | |
| CVE-2024-22359 | IBM UrbanCode Deploy cross-site scripting | | |
| CVE-2024-22360 | IBM Db2 for Linux, UNIX and Windows denial of service | | |
| CVE-2024-22361 | IBM Semeru Runtime information disclosure | | |
| CVE-2024-22362 | Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability... | | |
| CVE-2024-22363 | SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS... | | |
| CVE-2024-22365 | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login ... | E S | |
| CVE-2024-22366 | Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows ... | | |
| CVE-2024-22368 | The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition dur... | E M | |
| CVE-2024-22369 | Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository | | |
| CVE-2024-22370 | In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible... | | |
| CVE-2024-22371 | Apache Camel issue on ExchangeCreatedEvent | | |
| CVE-2024-22372 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker... | | |
| CVE-2024-22373 | An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionalit... | | |
| CVE-2024-22374 | Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated us... | | |
| CVE-2024-22376 | Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver ... | | |
| CVE-2024-22377 | PingFederate Runtime Node Path Traversal | M | |
| CVE-2024-22378 | Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software install... | | |
| CVE-2024-22379 | Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an auth... | | |
| CVE-2024-22380 | Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture an... | | |
| CVE-2024-22382 | Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP F... | | |
| CVE-2024-22383 | Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in H... | | |
| CVE-2024-22384 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 p... | | |
| CVE-2024-22385 | File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter | | |
| CVE-2024-22386 | Race condition vulnerability in Linux kernel drm/exynos exynos_drm_crtc_atomic_disable | S | |
| CVE-2024-22387 | External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnos... | | |
| CVE-2024-22388 | Insecure Default Initialization of Resource in HID Global | M | |
| CVE-2024-22389 | BIG-IP iControl REST API Vulnerability | | |
| CVE-2024-22390 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow... | | |
| CVE-2024-22391 | A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathie... | | |
| CVE-2024-22393 | Apache Answer: Pixel Flood Attack by uploading the large pixel file | | |
| CVE-2024-22394 | An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, w... | | |
| CVE-2024-22395 | Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office porta... | | |
| CVE-2024-22396 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in ... | | |
| CVE-2024-22397 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS ... | | |
| CVE-2024-22398 | An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Son... | | |
| CVE-2024-22399 | Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server | | |
| CVE-2024-22400 | Open redirect in user_saml via RelayState parameter in Nextcloud User Saml | S | |
| CVE-2024-22401 | All users can reset the allowed apps list for Nextcloud Guest App users | S | |
| CVE-2024-22402 | Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist | S | |
| CVE-2024-22403 | OAuth2 authorization codes are valid indefinetly in Nextcloud server | S | |
| CVE-2024-22404 | Permissions bypass in Nextcloud with the files zip app | S | |
| CVE-2024-22405 | XADMaster may not apply quarantine attribute correctly to extracted files | | |
| CVE-2024-22406 | Blind SQL-injection in DAL aggregations in Shopware | | |
| CVE-2024-22407 | Broken Access Control order API in Shopware | | |
| CVE-2024-22408 | Server-Side Request Forgery (SSRF) in Shopware Flow Builder | | |
| CVE-2024-22409 | Default Privileges allow for high level operations for low privileged users in datahub | E S | |
| CVE-2024-22410 | Binary Planting Attack on Windows Platforms in Creditcoin | | |
| CVE-2024-22411 | Cross site scripting in Action messages on Avo | E S | |
| CVE-2024-22412 | ClickHouse's Role-based Access Control is bypassed when query caching is enabled. | | |
| CVE-2024-22413 | Rejected reason: Further research determined the issue is not a vulnerability. The Creditcoin blockc... | R | |
| CVE-2024-22414 | User profile page vulnerable to Cross Site Scripting (XSS) in flaskBlog | E | |
| CVE-2024-22415 | Unsecured endpoints in the jupyter-lsp server extension | S | |
| CVE-2024-22416 | Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation | E S | |
| CVE-2024-22417 | Whoogle Search Cross-site Scripting vulnerability | E S | |
| CVE-2024-22418 | Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice | E S | |
| CVE-2024-22419 | concat built-in can corrupt memory in vyper | E S | |
| CVE-2024-22420 | Stored cross site scripting in Markdown Preview in JupyterLab | S | |
| CVE-2024-22421 | Potential authentication and CSRF tokens leak in JupyterLab | S | |
| CVE-2024-22422 | Unauthenticated Denial of Service (DOS) attack in AnythingLLM | E S | |
| CVE-2024-22423 | yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows | | |
| CVE-2024-22424 | Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd | E S | |
| CVE-2024-22425 | Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulne... | | |
| CVE-2024-22426 | Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability... | | |
| CVE-2024-22428 | Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vul... | | |
| CVE-2024-22429 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user ... | | |
| CVE-2024-22430 | Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vuln... | | |
| CVE-2024-22432 | Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config fil... | | |
| CVE-2024-22433 | Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text ... | S | |
| CVE-2024-22435 | HPE NonStop Web ViewPoint Enterprise software, Unauthorized access | | |
| CVE-2024-22436 | A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial... | | |
| CVE-2024-22437 | HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege | | |
| CVE-2024-22438 | HPE OfficeConnect 1820 Network switches, Cross-Site Request Forgery (CSRF) | | |
| CVE-2024-22439 | Certain HPE FlexNetwork and FlexFabric Switches, Remote Authentication Bypass | | |
| CVE-2024-22440 | HPE Compute Scale-up Server 3200 Server, Disclosure of Sensitive Information | | |
| CVE-2024-22441 | HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.... | | |
| CVE-2024-22442 | The vulnerability could be remotely exploited to bypass authentication.... | | |
| CVE-2024-22443 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow... | | |
| CVE-2024-22444 | A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could a... | | |
| CVE-2024-22445 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection v... | S | |
| CVE-2024-22448 | Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with a... | | |
| CVE-2024-22449 | Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critic... | | |
| CVE-2024-22450 | Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path elemen... | | |
| CVE-2024-22452 | Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulne... | | |
| CVE-2024-22453 | Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privile... | | |
| CVE-2024-22454 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery ... | S | |
| CVE-2024-22455 | Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through... | | |
| CVE-2024-22457 | Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to... | S | |
| CVE-2024-22458 | Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unau... | S | |
| CVE-2024-22459 | Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, c... | | |
| CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerabili... | | |
| CVE-2024-22461 | Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low p... | | |
| CVE-2024-22463 | Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algori... | | |
| CVE-2024-22464 | Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an ... | | |
| CVE-2024-22472 | Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow | | |
| CVE-2024-22473 | Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices | | |
| CVE-2024-22475 | Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based... | | |
| CVE-2024-22476 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow... | | |
| CVE-2024-22477 | PingFederate OIDC Policy Management Editor Cross-Site Scripting | | |
| CVE-2024-22490 | Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via... | E | |
| CVE-2024-22491 | A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary... | E | |
| CVE-2024-22492 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, whic... | E | |
| CVE-2024-22493 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, whic... | E | |
| CVE-2024-22494 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which... | E | |
| CVE-2024-22496 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code v... | E | |
| CVE-2024-22497 | Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allow... | E | |
| CVE-2024-22513 | djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A us... | | |
| CVE-2024-22514 | An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by ... | | |
| CVE-2024-22515 | Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to uplo... | | |
| CVE-2024-22519 | An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transm... | E | |
| CVE-2024-22520 | An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via... | E | |
| CVE-2024-22523 | Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers... | E | |
| CVE-2024-22524 | dnspod-sr 0dfbd37 is vulnerable to buffer overflow.... | E | |
| CVE-2024-22525 | dnspod-sr 0dfbd37 contains a SEGV.... | E | |
| CVE-2024-22526 | Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial ... | | |
| CVE-2024-22529 | TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (h... | E | |
| CVE-2024-22532 | Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a... | E | |
| CVE-2024-22533 | Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerabil... | E | |
| CVE-2024-22543 | An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to ... | E | |
| CVE-2024-22544 | An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attac... | E | |
| CVE-2024-22545 | An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to ... | E | |
| CVE-2024-22546 | TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authen... | E | |
| CVE-2024-22547 | WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2024-22548 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name s... | E | |
| CVE-2024-22549 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings... | E | |
| CVE-2024-22550 | An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 all... | E | |
| CVE-2024-22551 | WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via ... | E | |
| CVE-2024-22559 | LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field... | E | |
| CVE-2024-22562 | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyv... | E | |
| CVE-2024-22563 | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch... | | |
| CVE-2024-22567 | File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST ... | E | |
| CVE-2024-22568 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.... | E | |
| CVE-2024-22569 | Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitr... | E | |
| CVE-2024-22570 | A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of Green... | | |
| CVE-2024-22588 | Kwik commit 745fd4e2 does not discard unused encryption keys.... | | |
| CVE-2024-22590 | The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vuln... | | |
| CVE-2024-22591 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.... | E | |
| CVE-2024-22592 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update... | E | |
| CVE-2024-22593 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_s... | E | |
| CVE-2024-22601 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_s... | | |
| CVE-2024-22603 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link... | E | |
| CVE-2024-22611 | OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \contr... | E | |
| CVE-2024-22625 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_Syste... | E | |
| CVE-2024-22626 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_Syste... | E | |
| CVE-2024-22627 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_Syste... | E | |
| CVE-2024-22628 | Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?pag... | E | |
| CVE-2024-22632 | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a rem... | | |
| CVE-2024-22633 | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a rem... | | |
| CVE-2024-22635 | WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability vi... | E | |
| CVE-2024-22636 | PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Stat... | E | |
| CVE-2024-22637 | Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2024-22638 | liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the compon... | E | |
| CVE-2024-22639 | iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via ... | E | |
| CVE-2024-22640 | TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an un... | E | |
| CVE-2024-22641 | TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if pars... | E | |
| CVE-2024-22643 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attacker... | E | |
| CVE-2024-22646 | An email address enumeration vulnerability exists in the password reset function of SEO Panel versio... | E | |
| CVE-2024-22647 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authe... | E | |
| CVE-2024-22648 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0... | E | |
| CVE-2024-22651 | There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link D... | E | |
| CVE-2024-22660 | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg... | E | |
| CVE-2024-22662 | TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules... | E | |
| CVE-2024-22663 | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg... | E | |
| CVE-2024-22667 | Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf... | E S | |
| CVE-2024-22682 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-22699 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_grou... | E | |
| CVE-2024-22705 | An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb... | S | |
| CVE-2024-22714 | Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the ... | E | |
| CVE-2024-22715 | Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the comp... | E | |
| CVE-2024-22717 | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code ... | E | |
| CVE-2024-22718 | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code ... | E | |
| CVE-2024-22719 | SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via t... | E | |
| CVE-2024-22720 | Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.... | E | |
| CVE-2024-22721 | Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate s... | E | |
| CVE-2024-22722 | Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbi... | E | |
| CVE-2024-22723 | Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter i... | E | |
| CVE-2024-22724 | An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions ... | | |
| CVE-2024-22725 | Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability.... | S | |
| CVE-2024-22727 | Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a fi... | | |
| CVE-2024-22729 | NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the... | E | |
| CVE-2024-22733 | TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the... | E | |
| CVE-2024-22734 | An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912,... | | |
| CVE-2024-22749 | GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_desc... | E S | |
| CVE-2024-22751 | D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 funct... | E | |
| CVE-2024-22752 | Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated ... | | |
| CVE-2024-22768 | Hitron Systems DVR HVR-4781 Improper Input Validation Vulnerability | | |
| CVE-2024-22769 | Hitron Systems DVR HVR-8781 Improper Input Validation Vulnerability | | |
| CVE-2024-22770 | Hitron Systems DVR HVR-16781 Improper Input Validation Vulnerability | | |
| CVE-2024-22771 | Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability | | |
| CVE-2024-22772 | Hitron Systems DVR LGUVR-8H Improper Input Validation Vulnerability | | |
| CVE-2024-22773 | Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expo... | E | |
| CVE-2024-22774 | An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to e... | | |
| CVE-2024-22776 | Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper... | | |
| CVE-2024-22778 | HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.... | E | |
| CVE-2024-22779 | Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attac... | E S | |
| CVE-2024-22780 | Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbi... | | |
| CVE-2024-22795 | Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attack... | E | |
| CVE-2024-22807 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a criti... | | |
| CVE-2024-22808 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denia... | | |
| CVE-2024-22809 | Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers ... | | |
| CVE-2024-22811 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denia... | | |
| CVE-2024-22813 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the... | | |
| CVE-2024-22815 | An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all... | | |
| CVE-2024-22817 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_... | E | |
| CVE-2024-22818 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword... | E | |
| CVE-2024-22819 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templ... | E | |
| CVE-2024-22824 | An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restric... | E | |
| CVE-2024-22830 | Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform prop... | | |
| CVE-2024-22836 | An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipu... | | |
| CVE-2024-22851 | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain se... | | |
| CVE-2024-22852 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function g... | E | |
| CVE-2024-22853 | D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, w... | E | |
| CVE-2024-22854 | DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.2... | E | |
| CVE-2024-22855 | A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allo... | E | |
| CVE-2024-22856 | A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal ... | | |
| CVE-2024-22857 | Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLE... | | |
| CVE-2024-22859 | Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers t... | S | |
| CVE-2024-22860 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary c... | S | |
| CVE-2024-22861 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service ... | S | |
| CVE-2024-22862 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary c... | S | |
| CVE-2024-22871 | An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (... | E | |
| CVE-2024-22873 | Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF... | E | |
| CVE-2024-22876 | StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in ... | | |
| CVE-2024-22877 | StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting ... | | |
| CVE-2024-22880 | Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to... | E | |
| CVE-2024-22889 | Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all file... | | |
| CVE-2024-22891 | Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markd... | E | |
| CVE-2024-22892 | OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.... | | |
| CVE-2024-22893 | OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-depe... | | |
| CVE-2024-22894 | An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.... | E | |
| CVE-2024-22895 | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.... | E M | |
| CVE-2024-22899 | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE... | E | |
| CVE-2024-22900 | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE... | E | |
| CVE-2024-22901 | Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.... | E | |
| CVE-2024-22902 | Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.... | E | |
| CVE-2024-22903 | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE... | E | |
| CVE-2024-22905 | Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary ... | | |
| CVE-2024-22910 | Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to exe... | | |
| CVE-2024-22911 | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression... | E | |
| CVE-2024-22912 | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.fle... | E | |
| CVE-2024-22913 | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It ... | E | |
| CVE-2024-22914 | A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It all... | E | |
| CVE-2024-22915 | A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. ... | E | |
| CVE-2024-22916 | In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is ... | E | |
| CVE-2024-22917 | SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote at... | | |
| CVE-2024-22919 | swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function pars... | E | |
| CVE-2024-22920 | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in s... | E | |
| CVE-2024-22922 | An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate ... | E | |
| CVE-2024-22923 | SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code ... | | |
| CVE-2024-22927 | Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote at... | E | |
| CVE-2024-22936 | Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Sy... | E | |
| CVE-2024-22938 | Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary c... | E | |
| CVE-2024-22939 | Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitra... | E | |
| CVE-2024-22942 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-22949 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotati... | | |
| CVE-2024-22955 | swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function par... | E | |
| CVE-2024-22956 | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function remove... | E | |
| CVE-2024-22957 | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_d... | E | |
| CVE-2024-22983 | SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote ... | E | |
| CVE-2024-22984 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2024-22988 | An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/ba... | |