| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-23031 | Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote at... | E | |
| CVE-2024-23032 | Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to r... | E | |
| CVE-2024-23033 | Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker... | E | |
| CVE-2024-23034 | Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacke... | E | |
| CVE-2024-23049 | An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the l... | E | |
| CVE-2024-23052 | An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute ar... | E | |
| CVE-2024-23054 | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remo... | E | |
| CVE-2024-23055 | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code ex... | E | |
| CVE-2024-23057 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-23058 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-23059 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-23060 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-23061 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2024-23076 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleX... | | |
| CVE-2024-23077 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/... | | |
| CVE-2024-23078 | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.a... | | |
| CVE-2024-23079 | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.a... | | |
| CVE-2024-23080 | Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.f... | | |
| CVE-2024-23081 | ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.thre... | | |
| CVE-2024-23082 | ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threete... | | |
| CVE-2024-23083 | Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.for... | | |
| CVE-2024-23084 | Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.ap... | | |
| CVE-2024-23085 | Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.inter... | | |
| CVE-2024-23086 | Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.Do... | | |
| CVE-2024-23091 | Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obta... | E | |
| CVE-2024-23094 | Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | | |
| CVE-2024-23105 | A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7... | S | |
| CVE-2024-23106 | An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2... | S | |
| CVE-2024-23107 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb ve... | S | |
| CVE-2024-23108 | An improper neutralization of special elements used in an os command ('os command injection') in For... | E S | |
| CVE-2024-23109 | An improper neutralization of special elements used in an os command ('os command injection') in For... | S | |
| CVE-2024-23110 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, ... | S | |
| CVE-2024-23111 | An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerabilit... | S | |
| CVE-2024-23112 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0... | S | |
| CVE-2024-23113 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0... | KEV S | |
| CVE-2024-23114 | Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository | | |
| CVE-2024-23115 | Centreon updateGroups SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23116 | Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23117 | Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23118 | Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23119 | Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23120 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23121 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23122 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23123 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23124 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23125 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23126 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23127 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23128 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23129 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23130 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23131 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23132 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23133 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23134 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23135 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23136 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23137 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23138 | Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software | | |
| CVE-2024-23139 | ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software | | |
| CVE-2024-23140 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23141 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23142 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23143 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23144 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23145 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23146 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23147 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23148 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23149 | Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software | | |
| CVE-2024-23150 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23151 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23152 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23153 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23154 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23155 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23156 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23157 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23158 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23159 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | | |
| CVE-2024-23168 | Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious co... | | |
| CVE-2024-23169 | The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox... | | |
| CVE-2024-23170 | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side ... | | |
| CVE-2024-23171 | An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through ... | E S | |
| CVE-2024-23172 | An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.... | E S | |
| CVE-2024-23173 | An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x be... | E S | |
| CVE-2024-23174 | An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39... | E S | |
| CVE-2024-23177 | An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur vi... | E S | |
| CVE-2024-23178 | An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i... | E S | |
| CVE-2024-23179 | An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:Gl... | E S | |
| CVE-2024-23180 | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, ... | | |
| CVE-2024-23181 | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3... | | |
| CVE-2024-23182 | Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ve... | | |
| CVE-2024-23183 | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3... | | |
| CVE-2024-23184 | Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive... | | |
| CVE-2024-23185 | Very large headers can cause resource exhaustion when parsing message. The message-parser normally r... | | |
| CVE-2024-23186 | E-Mail containing malicious display-name information could trigger client-side script execution when... | | |
| CVE-2024-23187 | Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script cod... | | |
| CVE-2024-23188 | Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the ... | | |
| CVE-2024-23189 | Embedded content references at tasks could be used to temporarily execute script code in the context... | | |
| CVE-2024-23190 | Upsell shop information of an account can be manipulated to execute script code in the context of th... | | |
| CVE-2024-23191 | Upsell advertisement information of an account can be manipulated to execute script code in the cont... | | |
| CVE-2024-23192 | RSS feeds that contain malicious data- attributes could be abused to inject script code to a users b... | | |
| CVE-2024-23193 | E-Mails exported as PDF were stored in a cache that did not consider specific session information fo... | | |
| CVE-2024-23194 | Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint cou... | | |
| CVE-2024-23196 | Race condition vulnerability in Linux kernel sound/hda snd_hdac_regmap_sync | S | |
| CVE-2024-23198 | Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer... | | |
| CVE-2024-23201 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Montere... | | |
| CVE-2024-23203 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3... | | |
| CVE-2024-23204 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3... | | |
| CVE-2024-23205 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-23206 | An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3... | | |
| CVE-2024-23207 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in wa... | | |
| CVE-2024-23208 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, wat... | | |
| CVE-2024-23209 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Pro... | | |
| CVE-2024-23210 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-23211 | A privacy issue was addressed with improved handling of user preferences. This issue is fixed in wat... | | |
| CVE-2024-23212 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.... | | |
| CVE-2024-23213 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.... | | |
| CVE-2024-23214 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2024-23215 | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonom... | | |
| CVE-2024-23216 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14... | | |
| CVE-2024-23217 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2024-23218 | A timing side-channel issue was addressed with improvements to constant-time computation in cryptogr... | | |
| CVE-2024-23219 | The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.... | | |
| CVE-2024-23220 | The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 1... | | |
| CVE-2024-23222 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadO... | KEV | |
| CVE-2024-23223 | A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 1... | | |
| CVE-2024-23224 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventur... | | |
| CVE-2024-23225 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 ... | KEV | |
| CVE-2024-23226 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, vis... | | |
| CVE-2024-23227 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-23228 | This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPad... | | |
| CVE-2024-23229 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-23230 | This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macO... | | |
| CVE-2024-23231 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-23232 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2024-23233 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlement... | | |
| CVE-2024-23234 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2024-23235 | A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4,... | | |
| CVE-2024-23236 | A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An... | | |
| CVE-2024-23237 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An a... | | |
| CVE-2024-23238 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma... | | |
| CVE-2024-23239 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 1... | | |
| CVE-2024-23240 | The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake... | | |
| CVE-2024-23241 | This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17... | | |
| CVE-2024-23242 | A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS S... | | |
| CVE-2024-23243 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-23244 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, ma... | | |
| CVE-2024-23245 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2024-23246 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, ... | | |
| CVE-2024-23247 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, mac... | | |
| CVE-2024-23248 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Pro... | | |
| CVE-2024-23249 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Pro... | | |
| CVE-2024-23250 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, i... | | |
| CVE-2024-23251 | An authentication issue was addressed with improved state management. This issue is fixed in macOS S... | | |
| CVE-2024-23252 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-23253 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2024-23254 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14... | | |
| CVE-2024-23255 | An authentication issue was addressed with improved state management. This issue is fixed in macOS S... | | |
| CVE-2024-23256 | A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPad... | | |
| CVE-2024-23257 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4,... | | |
| CVE-2024-23258 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS ... | | |
| CVE-2024-23259 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, i... | | |
| CVE-2024-23260 | This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14... | | |
| CVE-2024-23261 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12... | | |
| CVE-2024-23262 | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iO... | | |
| CVE-2024-23263 | A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma... | | |
| CVE-2024-23264 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mont... | | |
| CVE-2024-23265 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS ... | | |
| CVE-2024-23266 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monter... | | |
| CVE-2024-23267 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monter... | | |
| CVE-2024-23268 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma... | | |
| CVE-2024-23269 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res... | | |
| CVE-2024-23270 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4,... | | |
| CVE-2024-23271 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, S... | | |
| CVE-2024-23272 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Mo... | | |
| CVE-2024-23273 | This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS ... | | |
| CVE-2024-23274 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma... | | |
| CVE-2024-23275 | A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4,... | | |
| CVE-2024-23276 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Mo... | | |
| CVE-2024-23277 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and... | | |
| CVE-2024-23278 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Son... | | |
| CVE-2024-23279 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-23280 | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS... | | |
| CVE-2024-23281 | This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. A... | | |
| CVE-2024-23282 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5... | | |
| CVE-2024-23283 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-23284 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS ... | | |
| CVE-2024-23285 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.... | | |
| CVE-2024-23286 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2024-23287 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO... | | |
| CVE-2024-23288 | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4... | | |
| CVE-2024-23289 | A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 ... | | |
| CVE-2024-23290 | A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 a... | | |
| CVE-2024-23291 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-23292 | This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iO... | | |
| CVE-2024-23293 | This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17... | | |
| CVE-2024-23294 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. ... | | |
| CVE-2024-23295 | A permissions issue was addressed to help ensure Personas are always protected This issue is fixed i... | | |
| CVE-2024-23296 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 an... | KEV | |
| CVE-2024-23297 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS ... | | |
| CVE-2024-23298 | A logic issue was addressed with improved state management.... | | |
| CVE-2024-23299 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventur... | | |
| CVE-2024-23300 | A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageB... | | |
| CVE-2024-23301 | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. T... | E S | |
| CVE-2024-23302 | Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.... | | |
| CVE-2024-23304 | Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial... | | |
| CVE-2024-23305 | An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Bi... | E | |
| CVE-2024-23306 | BIG-IP Next CNF & SPK vulnerability | | |
| CVE-2024-23307 | Integer overflow in raid5_cache_count in Linux kernel | S | |
| CVE-2024-23308 | BIG-IP Advanced WAF and ASM vulnerability | | |
| CVE-2024-23309 | The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its... | E | |
| CVE-2024-23310 | A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project li... | E | |
| CVE-2024-23312 | Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before ver... | | |
| CVE-2024-23313 | An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Projec... | E | |
| CVE-2024-23314 | BIG-IP HTTP/2 vulnerability | | |
| CVE-2024-23315 | A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read f... | E | |
| CVE-2024-23316 | PingAccess HTTP Request Desynchronization Weakness | | |
| CVE-2024-23317 | External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an ... | | |
| CVE-2024-23319 | CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) | S | |
| CVE-2024-23320 | Apache DolphinScheduler: Arbitrary js execution as root for authenticated users | S | |
| CVE-2024-23321 | Apache RocketMQ: Unauthorized Exposure of Sensitive Data | | |
| CVE-2024-23322 | Envoy crashes when idle and request per try timeout occur within the backoff interval | S | |
| CVE-2024-23323 | Excessive CPU usage when URI template matcher is configured using regex in Envoy | S | |
| CVE-2024-23324 | Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata | S | |
| CVE-2024-23325 | Envoy crashes when using an address type that isn’t supported by the OS | S | |
| CVE-2024-23326 | Envoy incorrectly accepts HTTP 200 response for entering upgrade mode | | |
| CVE-2024-23327 | Crash in proxy protocol when command type of LOCAL in Envoy | S | |
| CVE-2024-23328 | The Dataease datasource exists deserialization and arbitrary file read vulnerability | E S | |
| CVE-2024-23329 | changedetection.io API endpoint is not secured with API token | E S | |
| CVE-2024-23330 | Tuta loads images from external resources | E | |
| CVE-2024-23331 | Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | E S | |
| CVE-2024-23332 | Client configured with permissive trust policies susceptible to rollback attack in Notary Project | S | |
| CVE-2024-23333 | LAM vulnerable to Authenticated Remote Code Execution | | |
| CVE-2024-23334 | aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal | E S | |
| CVE-2024-23335 | Backups directory .htaccess deletion in. MyBB | | |
| CVE-2024-23336 | Incomplete disallowed remote addresses list in MyBB | | |
| CVE-2024-23337 | jq has signed integer overflow in jv.c:jvp_array_write | E | |
| CVE-2024-23338 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: ... | R | |
| CVE-2024-23339 | hoolock does not block Prototype pollution with object-path related utilities | S | |
| CVE-2024-23340 | @hono/node-server can't handle "double dots" in URL | E S | |
| CVE-2024-23341 | TuiTse-TsuSin html injection vulnerability in `tuitse_html` function | S | |
| CVE-2024-23342 | python-ecdsa vulnerable to Minerva attack on P-256 | E | |
| CVE-2024-23344 | Tuleap's content of artifacts might be readable by unauthorized users | S | |
| CVE-2024-23345 | Nautobot has XSS potential in rendered Markdown fields | S | |
| CVE-2024-23346 | pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string | E S | |
| CVE-2024-23347 | Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of ... | | |
| CVE-2024-23348 | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, ... | | |
| CVE-2024-23349 | Apache Answer: XSS vulnerability when submitting summary | | |
| CVE-2024-23350 | Reachable Assertion in Multi Mode Call Processor | | |
| CVE-2024-23351 | Improper Access Control in Graphics Linux | S | |
| CVE-2024-23352 | Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor | | |
| CVE-2024-23353 | Buffer Over-read in Multi Mode Call Processor | | |
| CVE-2024-23354 | Use After Free in Graphics Linux | S | |
| CVE-2024-23355 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Automotive | | |
| CVE-2024-23356 | Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS | | |
| CVE-2024-23357 | NULL Pointer Dereference in HLOS | | |
| CVE-2024-23358 | Buffer Over-read in Multi Mode Call Processor | | |
| CVE-2024-23359 | Buffer Over-read in Multi Mode Call Processor | | |
| CVE-2024-23360 | Improper Access Control in Graphics Windows | | |
| CVE-2024-23362 | Improper Input Validation in Trusted Execution Environment | | |
| CVE-2024-23363 | Buffer Over-read in WLAN Firmware | | |
| CVE-2024-23364 | Buffer Over-read in WLAN Firmware | | |
| CVE-2024-23365 | Use After Free in SCE-Mink | | |
| CVE-2024-23366 | Buffer Over-read in Automotive Autonomy | | |
| CVE-2024-23368 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Qualcomm IPC | S | |
| CVE-2024-23369 | Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS | | |
| CVE-2024-23370 | Use After Free in Automotive Multimedia | | |
| CVE-2024-23372 | Integer Overflow or Wraparound in Graphics | S | |
| CVE-2024-23373 | Use After Free in Graphics | S | |
| CVE-2024-23374 | Stack-based Buffer Overflow in Power Management IC | | |
| CVE-2024-23375 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in RIL | | |
| CVE-2024-23376 | Use After Free in ComputerVision | | |
| CVE-2024-23377 | Use of Out-of-range Pointer Offset in ComputerVision | S | |
| CVE-2024-23378 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio | | |
| CVE-2024-23379 | Double Free in DSP Services | | |
| CVE-2024-23380 | Use After Free in Graphics | S | |
| CVE-2024-23381 | Use After Free in Graphics Linux | | |
| CVE-2024-23382 | Use After Free in Graphics Linux | | |
| CVE-2024-23383 | Use After Free in Graphics Linux | S | |
| CVE-2024-23384 | Use After Free in Graphics Linux | S | |
| CVE-2024-23385 | Reachable Assertion in Modem | S | |
| CVE-2024-23386 | Improper Input Validation in Video | S | |
| CVE-2024-23387 | FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exp... | | |
| CVE-2024-23388 | Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to ... | | |
| CVE-2024-23389 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23390 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23391 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23392 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23393 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23394 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23395 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23396 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23397 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23398 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23399 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23400 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23401 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23402 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23403 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23404 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23405 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23406 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23407 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23408 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23409 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23410 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23411 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23412 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23413 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23414 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23415 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23416 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23417 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23418 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23419 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23420 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23421 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23422 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23423 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23424 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23425 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23426 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23427 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23428 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23429 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23430 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23431 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23432 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23433 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23434 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23435 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23436 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23437 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23438 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2024-23439 | Vba32 Antivirus v3.36.0 - Arbitrary Memory Read | | |
| CVE-2024-23440 | Vba32 Antivirus v3.36.0 - Arbitrary Memory Read | | |
| CVE-2024-23441 | Vba32 Antivirus v3.36.0 - Denial of Service (DoS) | E | |
| CVE-2024-23442 | Kibana open redirect issue | | |
| CVE-2024-23443 | A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of K... | | |
| CVE-2024-23444 | Elasticsearch elasticsearch-certutil csr fails to encrypt private key | | |
| CVE-2024-23445 | Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions | | |
| CVE-2024-23446 | Kibana Broken Access Control issue | | |
| CVE-2024-23447 | Elastic Network Drive Connector Improper Access Control | | |
| CVE-2024-23448 | APM Server Insertion of Sensitive Information into Log File | | |
| CVE-2024-23449 | Elasticsearch Uncaught Exception | | |
| CVE-2024-23450 | Elasticsearch Uncontrolled Resource Consumption vulnerability | | |
| CVE-2024-23451 | Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model | | |
| CVE-2024-23452 | Apache bRPC: HTTP request smuggling vulnerability | S | |
| CVE-2024-23453 | Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a loc... | | |
| CVE-2024-23454 | Apache Hadoop: Temporary File Local Information Disclosure | | |
| CVE-2024-23456 | Signature validation issue leads to Anti-Tampering bypass | | |
| CVE-2024-23457 | Anti-tampering can be disabled with uninstall password enforced | | |
| CVE-2024-23458 | Local Privilege Escalation on Zscaler Client Connector on Windows | | |
| CVE-2024-23459 | Multiple Arbitrary Creates/Overwrites by link following | | |
| CVE-2024-23460 | Incorrect signature validation of package | | |
| CVE-2024-23461 | ZCC macOS Upgrade ZIP Bomb DoS | | |
| CVE-2024-23462 | ZCC Mac validinstaller file integrity check missing | | |
| CVE-2024-23463 | Anti-Tampering bypass via Repair App functionality | | |
| CVE-2024-23464 | Zscaler bypass with administrative privileges on Windows | | |
| CVE-2024-23465 | SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability | S | |
| CVE-2024-23466 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-23467 | SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-23468 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability | S | |
| CVE-2024-23469 | SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability | S | |
| CVE-2024-23470 | SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability | S | |
| CVE-2024-23471 | SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-23472 | SolarWinds Access Rights Manager Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability | S | |
| CVE-2024-23473 | SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability | S | |
| CVE-2024-23474 | SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability | S | |
| CVE-2024-23475 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability | S | |
| CVE-2024-23476 | SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-23477 | SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-23478 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution | S | |
| CVE-2024-23479 | SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-23480 | Insecure MacOS code sign check fallback | | |
| CVE-2024-23482 | ZScalerService Local Privilege Escalation | | |
| CVE-2024-23483 | Local Privilege Escalation via lack of input validation | | |
| CVE-2024-23485 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation... | | |
| CVE-2024-23486 | Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a netw... | | |
| CVE-2024-23487 | Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server ... | | |
| CVE-2024-23488 | Files of archived channels accessible with the “Allow users to view archived channels” option disabled | S | |
| CVE-2024-23489 | Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an auth... | | |
| CVE-2024-23491 | Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may ... | | |
| CVE-2024-23492 | Commend WS203VICM Weak Encoding for Password | S | |
| CVE-2024-23493 | Team associated AD/LDAP Groups Leaked due to missing authorization | S | |
| CVE-2024-23494 | Delta Electronics DIAEnergie SQL injection | S | |
| CVE-2024-23495 | Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1... | | |
| CVE-2024-23496 | A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality o... | E | |
| CVE-2024-23497 | Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and A... | | |
| CVE-2024-23499 | Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controll... | | |
| CVE-2024-23500 | WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-23501 | WordPress Ebook Store Plugin <= 5.788 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-23502 | WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-23503 | WordPress Ninja Tables plugin <= 5.0.6 - Broken Access Control vulnerability | S | |
| CVE-2024-23504 | WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability | S | |
| CVE-2024-23505 | WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-23506 | WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2024-23507 | WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to SQL Injection | S | |
| CVE-2024-23508 | WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-23510 | WordPress Don't Muck My Markup plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-23512 | WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection | S | |
| CVE-2024-23513 | WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection | S | |
| CVE-2024-23514 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-23515 | WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-23516 | WordPress CC BMI Calculator Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-23517 | WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-23518 | WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability | S | |
| CVE-2024-23519 | WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2024-23520 | WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability | S | |
| CVE-2024-23521 | WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability | S | |
| CVE-2024-23522 | WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability | S | |
| CVE-2024-23523 | WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability | S | |
| CVE-2024-23524 | WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability | S | |
| CVE-2024-23525 | The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to us... | E | |
| CVE-2024-23526 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23527 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23528 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23529 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23530 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23531 | An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 al... | | |
| CVE-2024-23532 | An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23533 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3... | | |
| CVE-2024-23534 | An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a... | | |
| CVE-2024-23535 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-23537 | Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role. | | |
| CVE-2024-23538 | Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. | | |
| CVE-2024-23539 | Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. | | |
| CVE-2024-23540 | HCL BigFix Inventory is vulnerable to path traversal | | |
| CVE-2024-23550 | HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure | | |
| CVE-2024-23551 | HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint | | |
| CVE-2024-23553 | A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform | | |
| CVE-2024-23554 | HCL BigFix Platform is susceptible to Cross-Site Request Forgery | | |
| CVE-2024-23556 | HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation | | |
| CVE-2024-23557 | HCL Connections is vulnerable to a user enumeration vulnerability | | |
| CVE-2024-23558 | HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout | | |
| CVE-2024-23559 | HCL DevOps Deploy / Launch is generating an obsolete HTTP header | | |
| CVE-2024-23560 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type | | |
| CVE-2024-23561 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability | | |
| CVE-2024-23562 | HCL Domino is susceptible to an information disclosure vulnerability | | |
| CVE-2024-23563 | HCL Connections Docs is vulnerable to a sensitive information disclosure | | |
| CVE-2024-23576 | HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability | | |
| CVE-2024-23579 | HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions | | |
| CVE-2024-23580 | HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs) | | |
| CVE-2024-23583 | HCL BigFix Platform is susceptible to insufficiently protected credentials | | |
| CVE-2024-23584 | HCL BigFix Asset Discovery is affected by a security vulnerability | | |
| CVE-2024-23586 | An insufficient session timeout vulnerability affects HCL Nomad server on Domino | | |
| CVE-2024-23588 | A denial of service vulnerability affects HCL Nomad server on Domino | | |
| CVE-2024-23590 | Apache Kylin: Session fixation in web interface | | |
| CVE-2024-23591 | ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manu... | S | |
| CVE-2024-23592 | An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint rea... | S | |
| CVE-2024-23593 | A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded... | S | |
| CVE-2024-23594 | A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the ... | S | |
| CVE-2024-23595 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-23597 | Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRo... | | |
| CVE-2024-23599 | Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privil... | | |
| CVE-2024-23600 | PingIDM Query Filter Vulnerability | | |
| CVE-2024-23601 | A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E ... | | |
| CVE-2024-23603 | BIG-IP Advanced WAF and ASM Configuration utility vulnerability | | |
| CVE-2024-23604 | Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthe... | | |
| CVE-2024-23605 | A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of l... | E | |
| CVE-2024-23606 | An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Proj... | E | |
| CVE-2024-23607 | F5OS QKView utility vulnerability | | |
| CVE-2024-23608 | Out of Bounds Write Due to Missing Bounds Check in LabVIEW | S | |
| CVE-2024-23609 | Improper Error Handling Issue in LabVIEW | | |
| CVE-2024-23610 | Out of Bounds Write Due to Missing Bounds Check in LabVIEW | S | |
| CVE-2024-23611 | Out of Bounds Write Due to Missing Bounds Check in LabVIEW | | |
| CVE-2024-23612 | Improper Error Handling Issue in LabVIEW | | |
| CVE-2024-23613 | Symantec Deployment Solution Remote Code Execution | | |
| CVE-2024-23614 | Symantec Messaging Gateway Buffer Overflow | | |
| CVE-2024-23615 | Symantec Messaging Gateway Buffer Overflow | | |
| CVE-2024-23616 | Symantec Server Management Suite Buffer Overflow | | |
| CVE-2024-23617 | Symantec Data Loss Prevention Buffer Overflow | | |
| CVE-2024-23618 | Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability | | |
| CVE-2024-23619 | IBM Merge Healthcare eFilm Workstation Hardcoded Credentials | | |
| CVE-2024-23620 | IBM Merge Healthcare eFilm Workstation SYSTEM Privilege Escalation | | |
| CVE-2024-23621 | IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow | | |
| CVE-2024-23622 | IBM Merge Healthcare eFilm Workstation License Server CopySLS_Request3 Buffer Overflow | | |
| CVE-2024-23624 | D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability | | |
| CVE-2024-23625 | D-Link DAP-1650 SUBSCRIBE Callback Command Injection Vulnerability | | |
| CVE-2024-23626 | Motorola MR2600 SaveSysLogParams Command Injection Vulnerability | | |
| CVE-2024-23627 | Motorola MR2600 SaveStaticRouteIPv4Params Command Injection Vulnerability | | |
| CVE-2024-23628 | Motorola MR2600 SaveStaticRouteIPv6Params Command Injection Vulnerability | | |
| CVE-2024-23629 | Motorola MR2600 Authentication Bypass Vulnerability | | |
| CVE-2024-23630 | Motorola MR2600 Arbitrary Firmware Upload Vulnerability | | |
| CVE-2024-23633 | Label Studio XSS Vulnerability on Data Import | | |
| CVE-2024-23634 | GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API | E S | |
| CVE-2024-23635 | AntiSamy malicious input can provoke XSS when preserving comments | M | |
| CVE-2024-23636 | SOFARPC Remote Command Execution(RCE) Vulnerbility | S | |
| CVE-2024-23637 | OctoPrint Unverified Password Change via Access Control Settings | S | |
| CVE-2024-23638 | SQUID-2023:11 Denial of Service in Cache Manager | E S | |
| CVE-2024-23639 | micronaut-core management endpoints vulnerable to drive-by localhost attack | | |
| CVE-2024-23640 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher | | |
| CVE-2024-23641 | Sending a GET or HEAD request with a body crashes SvelteKit | E S | |
| CVE-2024-23642 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer | S | |
| CVE-2024-23643 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form | S | |
| CVE-2024-23644 | trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting | S | |
| CVE-2024-23645 | GLPI reflected XSS in reports pages | S | |
| CVE-2024-23646 | Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip | E S | |
| CVE-2024-23647 | PKCE downgrade attack in Authentik | S | |
| CVE-2024-23648 | Pimcore Admin Classic Bundle host header injection in the password reset | E S | |
| CVE-2024-23649 | Any authenticated user may obtain private message details from other users on the same instance | S | |
| CVE-2024-23650 | BuildKit possible panic when incorrect parameters sent from frontend | S | |
| CVE-2024-23651 | BuildKit possible race condition with accessing subpaths from cache mounts | S | |
| CVE-2024-23652 | BuildKit possible host system access from mount stub cleaner | S | |
| CVE-2024-23653 | BuildKit interactive containers API does not validate entitlements check | S | |
| CVE-2024-23654 | discourse-ai admin-initiated SSRF when interacting with AI services | S | |
| CVE-2024-23655 | Attacker can prevent users from accessing received emails | E | |
| CVE-2024-23656 | Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers | E S | |
| CVE-2024-23657 | Path Traversal: '../filedir' in Nuxt Devtools | E | |
| CVE-2024-23658 | In camera driver, there is a possible use after free due to a logic error. This could lead to local ... | | |
| CVE-2024-23659 | SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is relat... | S | |
| CVE-2024-23660 | The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0... | E | |
| CVE-2024-23662 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version a... | S | |
| CVE-2024-23663 | An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.... | S | |
| CVE-2024-23664 | A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, ... | S | |
| CVE-2024-23665 | Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, versi... | S | |
| CVE-2024-23666 | A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least versi... | S | |
| CVE-2024-23667 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.... | S | |
| CVE-2024-23668 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.... | S | |
| CVE-2024-23669 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.... | S | |
| CVE-2024-23670 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.... | S | |
| CVE-2024-23671 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSa... | S | |
| CVE-2024-23672 | Apache Tomcat: WebSocket DoS with incomplete closing handshake | | |
| CVE-2024-23673 | Apache Sling Servlets Resolver: Malicious code execution via path traversal | | |
| CVE-2024-23674 | The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allow... | | |
| CVE-2024-23675 | Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion | | |
| CVE-2024-23676 | Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command | | |
| CVE-2024-23677 | Server Response Disclosure in RapidDiag Salesforce.com Log File | | |
| CVE-2024-23678 | Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition | | |
| CVE-2024-23679 | Enonic XP Session Fixation Vulnerability | S | |
| CVE-2024-23680 | AWS Encryption SDK for Java Improper Verification of Cryptographic Signature | S | |
| CVE-2024-23681 | Artemis Java Test Sandbox Libary Load Escape | E | |
| CVE-2024-23682 | Artemis Java Test Sandbox Class Loading Escape | E | |
| CVE-2024-23683 | Artemis Java Test Sandbox InvocationTargetException Subclass Escape | E S | |
| CVE-2024-23684 | upokecenter CBOR Denial of Service | M | |
| CVE-2024-23685 | FOLIO mod-remote-storage Hard Coded Credentials | S | |
| CVE-2024-23686 | DependencyCheck Debug Mode Logging of NVD API Key | | |
| CVE-2024-23687 | FOLIO mod-data-export-spring Hard-Coded Credentials | S | |
| CVE-2024-23688 | Consensys Discovery Nonce Reuse | | |
| CVE-2024-23689 | ClickHouse Client Certificate Password Exposure | E S | |
| CVE-2024-23690 | EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection | | |
| CVE-2024-23692 | Rejetto HTTP File Server 2.3m Unauthenticated RCE | KEV E S | |
| CVE-2024-23695 | In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow.... | | |
| CVE-2024-23696 | In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after... | | |
| CVE-2024-23697 | In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use aft... | | |
| CVE-2024-23698 | In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a mi... | | |
| CVE-2024-23704 | In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONF... | S | |
| CVE-2024-23705 | In multiple locations, there is a possible failure to persist or enforce user restrictions due to im... | S | |
| CVE-2024-23706 | In multiple locations, there is a possible bypass of health data permissions due to an improper inpu... | S | |
| CVE-2024-23707 | In multiple locations, there is a possible permissions bypass due to improper input validation. This... | S | |
| CVE-2024-23708 | In multiple functions of NotificationManagerService.java, there is a possible way to not show a toas... | S | |
| CVE-2024-23709 | In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This c... | S | |
| CVE-2024-23710 | In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execu... | S | |
| CVE-2024-23711 | In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due ... | | |
| CVE-2024-23712 | In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /dat... | S | |
| CVE-2024-23713 | In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to pers... | S | |
| CVE-2024-23715 | In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the ... | | |
| CVE-2024-23716 | In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race conditi... | | |
| CVE-2024-23717 | In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke ... | S | |
| CVE-2024-23721 | A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. Whe... | | |
| CVE-2024-23722 | In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payl... | E S | |
| CVE-2024-23724 | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor ca... | E S | |
| CVE-2024-23725 | Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in p... | S | |
| CVE-2024-23726 | Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized rem... | | |
| CVE-2024-23727 | The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allow... | | |
| CVE-2024-23729 | The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote ... | E | |
| CVE-2024-23730 | The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to ... | S | |
| CVE-2024-23731 | The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related t... | S | |
| CVE-2024-23732 | The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) vi... | S | |
| CVE-2024-23733 | The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods... | | |
| CVE-2024-23734 | Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in... | | |
| CVE-2024-23735 | Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the Us... | | |
| CVE-2024-23736 | Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence al... | | |
| CVE-2024-23737 | Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows a... | | |
| CVE-2024-23738 | An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary ... | E | |
| CVE-2024-23739 | An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitra... | E | |
| CVE-2024-23740 | An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary cod... | | |
| CVE-2024-23741 | An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary co... | | |
| CVE-2024-23742 | An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary c... | | |
| CVE-2024-23743 | Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspe... | E | |
| CVE-2024-23744 | An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a ... | E S | |
| CVE-2024-23745 | In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be... | E | |
| CVE-2024-23746 | Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that... | E | |
| CVE-2024-23747 | The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct... | E | |
| CVE-2024-23749 | KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, oc... | E | |
| CVE-2024-23750 | MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_scrip... | E | |
| CVE-2024-23751 | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQ... | E | |
| CVE-2024-23752 | GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attacke... | E | |
| CVE-2024-23755 | ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electro... | | |
| CVE-2024-23756 | The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allo... | E | |
| CVE-2024-23758 | An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via t... | | |
| CVE-2024-23759 | Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code v... | E | |
| CVE-2024-23760 | Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive in... | E | |
| CVE-2024-23761 | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted ... | E | |
| CVE-2024-23762 | Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers... | E | |
| CVE-2024-23763 | SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands... | E | |
| CVE-2024-23764 | Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Securit... | | |
| CVE-2024-23765 | An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentif... | | |
| CVE-2024-23766 | An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interf... | | |
| CVE-2024-23767 | An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allow... | E | |
| CVE-2024-23768 | Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain f... | | |
| CVE-2024-23769 | Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) al... | | |
| CVE-2024-23770 | darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes ... | S | |
| CVE-2024-23771 | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes... | S | |
| CVE-2024-23772 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file cre... | | |
| CVE-2024-23773 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file del... | | |
| CVE-2024-23774 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows s... | | |
| CVE-2024-23775 | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers ... | | |
| CVE-2024-23782 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7... | | |
| CVE-2024-23783 | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /J... | | |
| CVE-2024-23784 | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-... | | |
| CVE-2024-23785 | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1... | | |
| CVE-2024-23786 | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-R... | | |
| CVE-2024-23787 | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ve... | | |
| CVE-2024-23788 | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB... | | |
| CVE-2024-23789 | Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a ... | | |
| CVE-2024-23790 | Missing file type check in avatar picture upload | S | |
| CVE-2024-23791 | Unnecessary data is written to log if issues during indexing occurs | S | |
| CVE-2024-23792 | Insufficient access control | S | |
| CVE-2024-23793 | Upload of files outside application directory | S | |
| CVE-2024-23794 | Agents are able to lock the ticket without the "Owner" permission | S | |
| CVE-2024-23795 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012)... | S | |
| CVE-2024-23796 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012)... | S | |
| CVE-2024-23797 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012)... | S | |
| CVE-2024-23798 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012)... | S | |
| CVE-2024-23799 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix ... | S | |
| CVE-2024-23800 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix ... | S | |
| CVE-2024-23801 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix ... | S | |
| CVE-2024-23802 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012)... | S | |
| CVE-2024-23803 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix ... | | |
| CVE-2024-23804 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012)... | | |
| CVE-2024-23805 | F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability | | |
| CVE-2024-23806 | HID Global Reader Configuration Cards Improper Authorization | M | |
| CVE-2024-23807 | Apache Xerces C++: Use-after-free on external DTD scan | E S | |
| CVE-2024-23808 | Arkcompiler ets frontend has an out-of-bounds read vulnerability | | |
| CVE-2024-23809 | A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Bios... | E | |
| CVE-2024-23810 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application... | | |
| CVE-2024-23811 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application... | | |
| CVE-2024-23812 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application... | | |
| CVE-2024-23813 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints... | | |
| CVE-2024-23814 | The integrated ICMP service of the network stack of affected devices can be forced to exhaust its a... | | |
| CVE-2024-23815 | A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to D... | | |
| CVE-2024-23816 | A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (A... | | |
| CVE-2024-23817 | Dolibarr Application Home Page HTML injection vulnerability | E | |
| CVE-2024-23818 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format | S | |
| CVE-2024-23819 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page | S | |
| CVE-2024-23820 | OpenFGA DoS | S | |
| CVE-2024-23821 | GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) | | |
| CVE-2024-23822 | Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22) | E S | |
| CVE-2024-23823 | CORS settings overly permissive in vantage6 | | |
| CVE-2024-23824 | mailcow ipixel flood attack leads to Denial of Service in admin page | E S | |
| CVE-2024-23825 | TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts | E S | |
| CVE-2024-23826 | Uploading an image with a specific filename causes a server-side DoS | E S | |
| CVE-2024-23827 | Nginx-UI arbitrary file write through the Import Certificate feature | | |
| CVE-2024-23828 | Nginx-UI authenticated RCE through injecting into the application config via CRLF | | |
| CVE-2024-23829 | aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators | E S | |
| CVE-2024-23830 | MantisBT Host Header Injection vulnerability | E S | |
| CVE-2024-23831 | Privilege escalation through CSRF attack on 'setup.pl' | S | |
| CVE-2024-23832 | Mastodon Remote user impersonation and takeover | S | |
| CVE-2024-23833 | OpenRefine JDBC Attack Vulnerability | E S | |
| CVE-2024-23834 | Discourse improperly sanitized user input leads to XSS | S | |
| CVE-2024-23835 | Suricata's pgsql: memory exhaustion use on record parsing | S | |
| CVE-2024-23836 | crafted traffic can cause denial of service | S | |
| CVE-2024-23837 | LibHTP unbounded folded header handling leads to denial service | E S | |
| CVE-2024-23838 | TrueLayer.Client SSRF when fetching payment or payment provider | S | |
| CVE-2024-23839 | Suricata http: heap use after free with http.request_header and http.response_header keywords | S | |
| CVE-2024-23840 | `goreleaser release --debug` shows secrets | E S | |
| CVE-2024-23841 | XSS in @apollo/experimental-nextjs-app-support | S | |
| CVE-2024-23842 | Hitron Systems DVR LGUVR-16H Improper Input Validation Vulnerability | | |
| CVE-2024-23843 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i... | | |
| CVE-2024-23847 | Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exp... | | |
| CVE-2024-23848 | In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers... | | |
| CVE-2024-23849 | In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-... | | |
| CVE-2024-23850 | In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an asser... | | |
| CVE-2024-23851 | copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more ... | | |
| CVE-2024-23854 | Rejected reason: This CVE ID was unused by the CNA.... | R | |
| CVE-2024-23855 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23856 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23857 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23858 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23859 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23860 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23861 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23862 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23863 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23864 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23865 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23866 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23867 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23868 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23869 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23870 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23871 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23872 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23873 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23874 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23875 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23876 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23877 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23878 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23879 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23880 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23881 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23882 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23883 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23884 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23885 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23886 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23887 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23888 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23889 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23890 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23891 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23892 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23893 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23894 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23895 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23896 | Cross-Site Scripting (XSS) vulnerability in Cups Easy | | |
| CVE-2024-23897 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command par... | KEV E | |
| CVE-2024-23898 | Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not ... | | |
| CVE-2024-23899 | Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command... | | |
| CVE-2024-23900 | Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis nam... | | |
| CVE-2024-23901 | Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projec... | | |
| CVE-2024-23902 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_... | | |
| CVE-2024-23903 | Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time compari... | | |
| CVE-2024-23904 | Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that r... | | |
| CVE-2024-23905 | Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Secu... | | |
| CVE-2024-23906 | Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Cont... | | |
| CVE-2024-23907 | Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4... | | |
| CVE-2024-23908 | Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before vers... | | |
| CVE-2024-23909 | Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an a... | | |
| CVE-2024-23910 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repe... | | |
| CVE-2024-23911 | Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP... | | |
| CVE-2024-23912 | Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_File() funct... | S | |
| CVE-2024-23913 | Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When depr... | S | |
| CVE-2024-23914 | Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. W... | S | |
| CVE-2024-23915 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-23916 | NULL Pointer Dereference in libfluid_msg library | M | |
| CVE-2024-23917 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible... | | |
| CVE-2024-23918 | Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when u... | | |
| CVE-2024-23919 | Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to p... | | |
| CVE-2024-23920 | ChargePoint Home Flex Improper Access Control | S | |
| CVE-2024-23921 | ChargePoint Home Flex Command Injection | S | |
| CVE-2024-23922 | Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability | S | |
| CVE-2024-23923 | Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-23924 | Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23928 | Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation | M | |
| CVE-2024-23929 | Pioneer DMH-WT7600NEX Telematics Directory Traversal | M | |
| CVE-2024-23930 | Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions | M | |
| CVE-2024-23933 | Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23934 | Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23935 | Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23937 | Silicon Labs Gecko OS Debug Interface Format String | S | |
| CVE-2024-23938 | Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23940 | Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, ver... | E | |
| CVE-2024-23941 | Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and pr... | | |
| CVE-2024-23942 | MB connect line: Configuration File on the client workstation is not encrypted | | |
| CVE-2024-23943 | MB connect line: Cloud API access due to a lack of authentication for a critical function | | |
| CVE-2024-23944 | Apache ZooKeeper: Information disclosure in persistent watcher handling | | |
| CVE-2024-23945 | Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails | S | |
| CVE-2024-23946 | Apache OFBiz: Path traversal or file inclusion | S | |
| CVE-2024-23947 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libig... | M | |
| CVE-2024-23948 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libig... | M | |
| CVE-2024-23949 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libig... | | |
| CVE-2024-23950 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libig... | | |
| CVE-2024-23951 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libig... | | |
| CVE-2024-23952 | Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) | | |
| CVE-2024-23953 | Apache Hive: Timing Attack Against Signature in LLAP util | S | |
| CVE-2024-23957 | Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23958 | Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability | | |
| CVE-2024-23959 | Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23960 | Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability | | |
| CVE-2024-23961 | Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability | | |
| CVE-2024-23962 | Alpine Halo9 Missing Authentication | M | |
| CVE-2024-23963 | Alpine Halo9 Stack-based Buffer Overflow | M | |
| CVE-2024-23967 | Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-23968 | ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow | S | |
| CVE-2024-23969 | ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write | S | |
| CVE-2024-23970 | ChargePoint Home Flex Improper Certificate Validation | M | |
| CVE-2024-23971 | ChargePoint Home Flex OCPP bswitch Command Injection | S | |
| CVE-2024-23972 | Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2024-23973 | Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow | S | |
| CVE-2024-23974 | Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated us... | | |
| CVE-2024-23975 | Delta Electronics DIAEnergie SQL injection | S | |
| CVE-2024-23976 | BIG-IP Appliance mode iAppsLX vulnerability | | |
| CVE-2024-23978 | Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing i... | | |
| CVE-2024-23979 | BIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerability | | |
| CVE-2024-23980 | Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50F... | | |
| CVE-2024-23981 | Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Ada... | | |
| CVE-2024-23982 | BIG-IP PEM vulnerability | | |
| CVE-2024-23983 | Access rules for PingAccess may be circumvented with URL-encoded characters | | |
| CVE-2024-23984 | Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to... | | |
| CVE-2024-23985 | EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RN... | E | |
| CVE-2024-23995 | Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute... | | |
| CVE-2024-23997 | Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.... | E | |
| CVE-2024-23998 | goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/... | E |