| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-28000 | WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability | E S | |
| CVE-2024-28001 | WordPress Favicon Rotator plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-28002 | WordPress Cornerstone plugin <= 0.8.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-28003 | WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability | S | |
| CVE-2024-28004 | WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability | S | |
| CVE-2024-28005 | Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX... | | |
| CVE-2024-28006 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG12... | | |
| CVE-2024-28007 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG12... | | |
| CVE-2024-28008 | Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG... | | |
| CVE-2024-28009 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG12... | | |
| CVE-2024-28010 | Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG18... | | |
| CVE-2024-28011 | Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200H... | | |
| CVE-2024-28012 | Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG12... | | |
| CVE-2024-28013 | Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1... | | |
| CVE-2024-28014 | Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, ... | | |
| CVE-2024-28015 | Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation A... | | |
| CVE-2024-28016 | Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG120... | | |
| CVE-2024-28020 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. ... | | |
| CVE-2024-28021 | A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s c... | | |
| CVE-2024-28022 | A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to ... | | |
| CVE-2024-28023 | A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure... | | |
| CVE-2024-28024 | A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext ... | | |
| CVE-2024-28025 | Three OS command injection vulnerabilities exist in the web interface I/O configuration functionalit... | E | |
| CVE-2024-28026 | Three OS command injection vulnerabilities exist in the web interface I/O configuration functionalit... | E | |
| CVE-2024-28027 | Three OS command injection vulnerabilities exist in the web interface I/O configuration functionalit... | E | |
| CVE-2024-28028 | Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow ... | | |
| CVE-2024-28029 | Client-Side Enforcement of Server-Side Security in Delta Electronics DIAEnergie | S | |
| CVE-2024-28030 | NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authentica... | | |
| CVE-2024-28033 | OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unau... | | |
| CVE-2024-28034 | Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be ... | | |
| CVE-2024-28036 | Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially ... | | |
| CVE-2024-28038 | The web interface of the affected devices processes a cookie value improperly, leading to a stack bu... | | |
| CVE-2024-28039 | Improper restriction of XML external entity references vulnerability exists in FitNesse all releases... | | |
| CVE-2024-28040 | Delta Electronics DIAEnergie SQL injection | S | |
| CVE-2024-28041 | HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execu... | | |
| CVE-2024-28042 | SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component | S | |
| CVE-2024-28044 | Liteos-A has an integer overflow vulnerability | | |
| CVE-2024-28045 | Delta Electronics DIAEnergie Cross-site scripting | S | |
| CVE-2024-28046 | Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authentica... | | |
| CVE-2024-28047 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user ... | | |
| CVE-2024-28048 | OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticat... | | |
| CVE-2024-28049 | Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer... | | |
| CVE-2024-28050 | Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.... | | |
| CVE-2024-28051 | Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated us... | | |
| CVE-2024-28052 | The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gatew... | E | |
| CVE-2024-28053 | Resource Exhaustion via the Invitation Feature | S | |
| CVE-2024-28054 | Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Inte... | | |
| CVE-2024-28056 | Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles asso... | E S | |
| CVE-2024-28058 | In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a sp... | | |
| CVE-2024-28060 | An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger ... | | |
| CVE-2024-28061 | An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to a... | | |
| CVE-2024-28063 | Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflec... | | |
| CVE-2024-28064 | Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId dir... | | |
| CVE-2024-28065 | In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information su... | | |
| CVE-2024-28066 | In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).... | E | |
| CVE-2024-28067 | A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade... | | |
| CVE-2024-28068 | A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems wit... | | |
| CVE-2024-28069 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 cou... | | |
| CVE-2024-28070 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 cou... | | |
| CVE-2024-28072 | Arbitrary File Overwrite Vulnerability | S | |
| CVE-2024-28073 | SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2024-28074 | SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability | S | |
| CVE-2024-28075 | SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution | S | |
| CVE-2024-28076 | SolarWinds Platform Arbitrary Open Redirection Vulnerability | S | |
| CVE-2024-28077 | A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect device... | | |
| CVE-2024-28084 | p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (... | | |
| CVE-2024-28085 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequence... | E S | |
| CVE-2024-28087 | In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. ... | | |
| CVE-2024-28088 | LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final... | E S | |
| CVE-2024-28089 | Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (... | | |
| CVE-2024-28090 | Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacke... | | |
| CVE-2024-28091 | Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacke... | | |
| CVE-2024-28092 | UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi pr... | | |
| CVE-2024-28093 | The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has defa... | | |
| CVE-2024-28094 | Blind SQL Injection in Chat functionality in Schoolbox | | |
| CVE-2024-28095 | Stored Cross-site Scripting in News functionality in Schoolbox | | |
| CVE-2024-28096 | Stored Cross-site Scripting in Class functionality in Schoolbox | | |
| CVE-2024-28097 | Stored Cross-site Scripting in Calendar functionality in Schoolbox | | |
| CVE-2024-28098 | Apache Pulsar: Improper Authorization For Topic-Level Policy Management | | |
| CVE-2024-28099 | VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecur... | | |
| CVE-2024-28100 | Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw | | |
| CVE-2024-28101 | Apollo Router's Compressed Payloads do not respect HTTP Payload Limits | | |
| CVE-2024-28102 | JWCrypto vulnerable to JWT bomb Attack in `deserialize` function | | |
| CVE-2024-28103 | Action Pack is missing security headers on non-HTML responses | S | |
| CVE-2024-28105 | phpMyFAQ's File Upload Bypass at Category Image Leads to RCE | E S | |
| CVE-2024-28106 | phpMyFAQ Stored XSS at FAQ News Content | E S | |
| CVE-2024-28107 | phpMyFAQ SQL injections at insertentry & saveentry | E S | |
| CVE-2024-28108 | phpMyFAQ Stored HTML Injection at contentLink | E S | |
| CVE-2024-28109 | Potential XSLT injection vulnerability when using policy files | | |
| CVE-2024-28110 | Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials | | |
| CVE-2024-28111 | CSV Injection in exported history CSV files | | |
| CVE-2024-28112 | Cross site scripting on router page in Peering Manager | | |
| CVE-2024-28113 | Open redirection using the return_url parameter in Peering Manager | E S | |
| CVE-2024-28114 | Remote Code Execution using Server Side Template Injection in Peering Manager | E S | |
| CVE-2024-28115 | Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled | | |
| CVE-2024-28116 | Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass | E S | |
| CVE-2024-28117 | Grav vulnerable to Server Side Template Injection (SSTI) | E S | |
| CVE-2024-28118 | Grav vulnerable to Server Side Template Injection (SSTI) | E S | |
| CVE-2024-28119 | Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler | E S | |
| CVE-2024-28120 | API key leak in codeium-chrome | E | |
| CVE-2024-28121 | Reflex arbitrary method call in stimulus_reflex | | |
| CVE-2024-28122 | JWX vulnerable to a denial of service attack using compressed JWE message | | |
| CVE-2024-28123 | Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters | S | |
| CVE-2024-28125 | FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note:... | | |
| CVE-2024-28126 | Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be exe... | | |
| CVE-2024-28127 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user ... | | |
| CVE-2024-28128 | Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a ... | | |
| CVE-2024-28130 | An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage func... | E | |
| CVE-2024-28131 | EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extract... | | |
| CVE-2024-28132 | BIG-IP NEXT CNF vulnerability | | |
| CVE-2024-28133 | PHOENIX CONTACT: Privilege escalation in CHARX Series | | |
| CVE-2024-28134 | PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series | | |
| CVE-2024-28135 | PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series | | |
| CVE-2024-28136 | PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service | | |
| CVE-2024-28137 | PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series | | |
| CVE-2024-28138 | OS Command Injection | S | |
| CVE-2024-28139 | Privilege escalation through sudo misconfiguration | S | |
| CVE-2024-28140 | Violation of Least Privilege Principle | S | |
| CVE-2024-28141 | Cross-Site Request-Forgery | S | |
| CVE-2024-28142 | Stored cross site scripting | S | |
| CVE-2024-28143 | Insecure Password Change Function | S | |
| CVE-2024-28144 | Broken Access Control | S | |
| CVE-2024-28145 | Unauthenticated SQL Injection | S | |
| CVE-2024-28146 | Hardcoded credentials | S | |
| CVE-2024-28147 | Unrestricted Upload of Files in edu-sharing | S | |
| CVE-2024-28148 | Apache Superset: Incorrect datasource authorization on explore REST API | | |
| CVE-2024-28149 | Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, a... | | |
| CVE-2024-28150 | Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index pa... | | |
| CVE-2024-28151 | Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories... | | |
| CVE-2024-28152 | In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_23... | | |
| CVE-2024-28153 | Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from ... | | |
| CVE-2024-28154 | Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of ... | | |
| CVE-2024-28155 | Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpo... | | |
| CVE-2024-28156 | Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor ... | | |
| CVE-2024-28157 | Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting ... | | |
| CVE-2024-28158 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plug... | | |
| CVE-2024-28159 | A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier al... | | |
| CVE-2024-28160 | Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, re... | | |
| CVE-2024-28161 | In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS cer... | | |
| CVE-2024-28162 | In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to... | | |
| CVE-2024-28163 | Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages) | | |
| CVE-2024-28164 | Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures) | | |
| CVE-2024-28165 | Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2024-28166 | Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2024-28167 | Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data) | | |
| CVE-2024-28168 | Apache XML Graphics FOP: XML External Entity (XXE) Processing | | |
| CVE-2024-28169 | Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) befor... | | |
| CVE-2024-28170 | Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to... | | |
| CVE-2024-28171 | Delta Electronics DIAEnergie Path traversal | S | |
| CVE-2024-28172 | Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022... | | |
| CVE-2024-28173 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type c... | | |
| CVE-2024-28174 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plug... | | |
| CVE-2024-28175 | Cross-site scripting on application summary component in argo-cd | S | |
| CVE-2024-28176 | jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext | | |
| CVE-2024-28179 | Jupyter Server Proxy's Websocket Proxying does not require authentication | S | |
| CVE-2024-28180 | Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | | |
| CVE-2024-28181 | Arbitrary method invocation turbo_boost-commands | | |
| CVE-2024-28182 | Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage | | |
| CVE-2024-28183 | Anti Rollback bypass with physical access and TOCTOU attack | | |
| CVE-2024-28184 | WeasyPrint allows the attachment of arbitrary files and URLs to a PDF | | |
| CVE-2024-28185 | Judge0 vulnerable to Sandbox Escape via Symbolic Link | | |
| CVE-2024-28186 | SMTP Mail Credentials Disclosed in Error Log in freescout | E S | |
| CVE-2024-28187 | OS Command Injection Vulnerability in SOY CMS | S | |
| CVE-2024-28188 | jupyter-scheduler's endpoint is missing authentication | | |
| CVE-2024-28189 | Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link | | |
| CVE-2024-28190 | Contao core bundle vulnerable to cross site scripting in the file manager | S | |
| CVE-2024-28191 | Contao may have unencoded insert tags in the frontend | S | |
| CVE-2024-28192 | NoSQL Injection Leading to Authentication Bypass in your_spotify | E | |
| CVE-2024-28193 | Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify | E | |
| CVE-2024-28194 | Authentication Bypass Because of Hardcoded JWT Secret in your_spotify | E | |
| CVE-2024-28195 | Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify | E S | |
| CVE-2024-28196 | Clickjacking in your_spotify | E | |
| CVE-2024-28197 | Account Takeover via Session Fixation in Zitadel [Bypassing MFA] | M | |
| CVE-2024-28198 | XML external entity (XXE) injection in OpenOLAT | S | |
| CVE-2024-28199 | Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex | S | |
| CVE-2024-28200 | N-central Authentication Bypass | S | |
| CVE-2024-28211 | nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the c... | | |
| CVE-2024-28212 | nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute ar... | | |
| CVE-2024-28213 | nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which cou... | | |
| CVE-2024-28214 | nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of ... | | |
| CVE-2024-28215 | nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of ac... | | |
| CVE-2024-28216 | nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of ac... | | |
| CVE-2024-28219 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of... | | |
| CVE-2024-28222 | In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequatel... | | |
| CVE-2024-28224 | Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to... | | |
| CVE-2024-28226 | Fs has an improper input validation vulnerability | | |
| CVE-2024-28228 | In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDe... | | |
| CVE-2024-28229 | In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues ... | | |
| CVE-2024-28230 | In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible wit... | | |
| CVE-2024-28231 | Manipulated DATA Submessage causes a heap-buffer-overflow error | E S | |
| CVE-2024-28232 | Username Enumeration in CasaOS via bypass of CVE-2024-24766 | | |
| CVE-2024-28233 | XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing | | |
| CVE-2024-28234 | Contao has insufficient BBCode sanitizer | S | |
| CVE-2024-28235 | Contao possible cookie sharing with external domains while checking protected pages for broken links | S | |
| CVE-2024-28236 | Insecure Variable Substitution in Vela | S | |
| CVE-2024-28237 | OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings | E S | |
| CVE-2024-28238 | Session Token in URL in directus | | |
| CVE-2024-28239 | URL Redirection to Untrusted Site in OAuth2/OpenID in directus | E S | |
| CVE-2024-28240 | GLPI-Agent's MSI package installation permits local users to change Agent configuration | S | |
| CVE-2024-28241 | GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder | S | |
| CVE-2024-28242 | Disclosure of the existence of secret categories with custom backgrounds in Discourse | S | |
| CVE-2024-28243 | KaTeX's maxExpand bypassed by \edef | | |
| CVE-2024-28244 | KaTeX's maxExpand bypassed by Unicode sub/superscripts | | |
| CVE-2024-28245 | KaTeX's \includegraphics does not escape filename | | |
| CVE-2024-28246 | KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols | | |
| CVE-2024-28247 | Pihole Authenticated Arbitrary File Read with root privileges | | |
| CVE-2024-28248 | Cilium intermittent HTTP policy bypass | | |
| CVE-2024-28249 | Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies | | |
| CVE-2024-28250 | Cilium has possible unencrypted traffic between nodes when using WireGuard and L7 policies | | |
| CVE-2024-28251 | Cross-site websocket hijacking in Querybook | | |
| CVE-2024-28252 | CoreWCF NetFraming based services can leave connections open when they should be closed | | |
| CVE-2024-28253 | SpEL Injection in `PUT /api/v1/policies` in OpenMetadata | | |
| CVE-2024-28254 | SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/ | | |
| CVE-2024-28255 | Authentication Bypass in OpenMetadata | | |
| CVE-2024-28265 | IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\L... | E | |
| CVE-2024-28269 | ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload i... | | |
| CVE-2024-28270 | An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via cr... | | |
| CVE-2024-28275 | Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive inform... | | |
| CVE-2024-28276 | Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?... | | |
| CVE-2024-28277 | In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= ... | | |
| CVE-2024-28279 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.... | | |
| CVE-2024-28283 | There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router... | E | |
| CVE-2024-28285 | A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp C... | | |
| CVE-2024-28286 | In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handle... | E | |
| CVE-2024-28287 | A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attac... | | |
| CVE-2024-28288 | Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resultin... | | |
| CVE-2024-28294 | Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter.... | E | |
| CVE-2024-28297 | SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitra... | | |
| CVE-2024-28298 | SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbi... | E | |
| CVE-2024-28303 | Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability vi... | | |
| CVE-2024-28318 | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerabilit... | | |
| CVE-2024-28319 | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerabilit... | | |
| CVE-2024-28320 | Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows atta... | E | |
| CVE-2024-28322 | SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event... | E | |
| CVE-2024-28323 | The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management Syste... | E | |
| CVE-2024-28325 | Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain ... | | |
| CVE-2024-28326 | Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain r... | | |
| CVE-2024-28327 | Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obta... | | |
| CVE-2024-28328 | CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrar... | | |
| CVE-2024-28335 | Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via... | | |
| CVE-2024-28338 | A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator a... | E | |
| CVE-2024-28339 | An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28... | E | |
| CVE-2024-28340 | An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5... | E | |
| CVE-2024-28344 | An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redir... | E | |
| CVE-2024-28345 | An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to acce... | E | |
| CVE-2024-28353 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2... | E | |
| CVE-2024-28354 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2... | E | |
| CVE-2024-28383 | Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in th... | E | |
| CVE-2024-28386 | An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitra... | | |
| CVE-2024-28387 | An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via... | | |
| CVE-2024-28388 | SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, ... | | |
| CVE-2024-28389 | SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gai... | | |
| CVE-2024-28390 | An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remot... | | |
| CVE-2024-28391 | SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and befor... | S | |
| CVE-2024-28392 | SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to ... | | |
| CVE-2024-28393 | SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate pri... | | |
| CVE-2024-28394 | An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execut... | | |
| CVE-2024-28395 | SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to... | | |
| CVE-2024-28396 | An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbi... | | |
| CVE-2024-28397 | An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute ... | | |
| CVE-2024-28401 | TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2024-28402 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2024-28403 | TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN... | E | |
| CVE-2024-28404 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2024-28405 | SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before ch... | E | |
| CVE-2024-28417 | Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.... | E | |
| CVE-2024-28418 | Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php... | E | |
| CVE-2024-28421 | SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the C... | | |
| CVE-2024-28423 | Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsa... | | |
| CVE-2024-28424 | zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function ... | | |
| CVE-2024-28425 | greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj fun... | | |
| CVE-2024-28429 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28430 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28431 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28432 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28434 | The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.... | | |
| CVE-2024-28435 | The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.... | | |
| CVE-2024-28436 | Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DA... | | |
| CVE-2024-28441 | File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrar... | E | |
| CVE-2024-28442 | Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attack... | E | |
| CVE-2024-28446 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overfl... | E | |
| CVE-2024-28447 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overfl... | E | |
| CVE-2024-28456 | Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a r... | E | |
| CVE-2024-28458 | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the ap... | E | |
| CVE-2024-28515 | Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to e... | | |
| CVE-2024-28519 | A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivir... | | |
| CVE-2024-28520 | File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent manage... | | |
| CVE-2024-28521 | SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local at... | E | |
| CVE-2024-28535 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddr... | E | |
| CVE-2024-28537 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSet... | E | |
| CVE-2024-28545 | Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of f... | E | |
| CVE-2024-28547 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFir... | E | |
| CVE-2024-28550 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDl... | E | |
| CVE-2024-28551 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_settin... | E | |
| CVE-2024-28553 | Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat fu... | E | |
| CVE-2024-28556 | SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attacke... | E | |
| CVE-2024-28557 | SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attacke... | E | |
| CVE-2024-28558 | SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote at... | E | |
| CVE-2024-28559 | SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privi... | E | |
| CVE-2024-28560 | SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privi... | E | |
| CVE-2024-28562 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28563 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28564 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28565 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28566 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28567 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28568 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28569 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28570 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28571 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28572 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28573 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28574 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28575 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28576 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28577 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local atta... | E | |
| CVE-2024-28578 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28579 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c... | E | |
| CVE-2024-28580 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28581 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28582 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28583 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to e... | E | |
| CVE-2024-28584 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local atta... | E | |
| CVE-2024-28589 | An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local ... | | |
| CVE-2024-28593 | The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or... | | |
| CVE-2024-28595 | SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL... | E | |
| CVE-2024-28607 | The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0... | | |
| CVE-2024-28613 | SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate... | | |
| CVE-2024-28623 | RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the componen... | E | |
| CVE-2024-28627 | An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the r... | | |
| CVE-2024-28635 | Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows att... | E | |
| CVE-2024-28639 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B202... | E | |
| CVE-2024-28640 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B202... | | |
| CVE-2024-28662 | A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing saniti... | S | |
| CVE-2024-28665 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28666 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28667 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28668 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28669 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/f... | E | |
| CVE-2024-28670 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/f... | E | |
| CVE-2024-28671 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/s... | E | |
| CVE-2024-28672 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/m... | E | |
| CVE-2024-28673 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/m... | E | |
| CVE-2024-28675 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/d... | E | |
| CVE-2024-28676 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_... | E | |
| CVE-2024-28677 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/a... | E | |
| CVE-2024-28678 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28679 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collecti... | E | |
| CVE-2024-28680 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/d... | E | |
| CVE-2024-28681 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/p... | E | |
| CVE-2024-28682 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/s... | E | |
| CVE-2024-28683 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.... | E | |
| CVE-2024-28684 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the com... | E | |
| CVE-2024-28698 | Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to ex... | | |
| CVE-2024-28699 | A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code ... | | |
| CVE-2024-28709 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to ex... | S | |
| CVE-2024-28710 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to exe... | S | |
| CVE-2024-28713 | An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted fil... | | |
| CVE-2024-28714 | SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute ar... | E | |
| CVE-2024-28715 | Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute ... | | |
| CVE-2024-28716 | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the g... | | |
| CVE-2024-28717 | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the g... | | |
| CVE-2024-28718 | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via... | E S | |
| CVE-2024-28722 | Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attac... | | |
| CVE-2024-28725 | Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ad... | E | |
| CVE-2024-28726 | An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a... | | |
| CVE-2024-28728 | Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE... | | |
| CVE-2024-28729 | An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a... | | |
| CVE-2024-28730 | Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE... | | |
| CVE-2024-28731 | Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR ... | | |
| CVE-2024-28732 | An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attac... | E | |
| CVE-2024-28734 | Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attac... | | |
| CVE-2024-28735 | Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorizat... | E | |
| CVE-2024-28736 | An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code v... | | |
| CVE-2024-28739 | An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a craft... | E | |
| CVE-2024-28740 | Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute ... | E | |
| CVE-2024-28741 | Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to exe... | | |
| CVE-2024-28744 | The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and... | | |
| CVE-2024-28745 | Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 1... | | |
| CVE-2024-28746 | Apache Airflow: Ignored Airflow Permissions | S | |
| CVE-2024-28747 | ifm: Use of Hard-coded Credentials | | |
| CVE-2024-28748 | ifm: Reading function in Smart PLC allows command injections | | |
| CVE-2024-28749 | ifm: Writing file function in Smart PLC allows command injections | | |
| CVE-2024-28750 | ifm: Deleting function in Smart PLC allows command injections | | |
| CVE-2024-28751 | ifm: Hardcoded telnet credentials in Smart PLC | | |
| CVE-2024-28752 | Apache CXF SSRF Vulnerability using the Aegis databinding | | |
| CVE-2024-28753 | RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a ... | E | |
| CVE-2024-28754 | RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of ser... | E | |
| CVE-2024-28755 | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedt... | | |
| CVE-2024-28756 | The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue... | E | |
| CVE-2024-28757 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ... | E S | |
| CVE-2024-28759 | A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.... | | |
| CVE-2024-28760 | IBM App Connect Enterprise denial of service | S | |
| CVE-2024-28761 | IBM App Connect Enterprise HTML injection | S | |
| CVE-2024-28762 | IBM Db2 denial of service | | |
| CVE-2024-28764 | IBM WebSphere Automation CSV injection | | |
| CVE-2024-28766 | IBM Security Directory Integrator information disclosure | | |
| CVE-2024-28767 | IBM Security Directory Integrator command execution | | |
| CVE-2024-28770 | IBM Security Directory Integrator information disclosure | | |
| CVE-2024-28771 | IBM Security Directory Integrator information disclosure | | |
| CVE-2024-28772 | IBM Security Directory Integrator cross-site scripting | | |
| CVE-2024-28775 | IBM WebSphere Automation cross-site scripting | | |
| CVE-2024-28776 | IBM Cognos Controller cross-site scripting | S | |
| CVE-2024-28777 | IBM Cognos Controller code execution | S | |
| CVE-2024-28778 | IBM Cognos Controller information disclosure | | |
| CVE-2024-28780 | IBM Cognos Controller information disclosure | | |
| CVE-2024-28781 | IBM UrbanCode Deploy cross-site scripting | | |
| CVE-2024-28782 | IBM QRadar Suite Software information disclosure | | |
| CVE-2024-28784 | IBM QRadar cross-site scripting | | |
| CVE-2024-28786 | IBM QRadar SIEM information disclosure | | |
| CVE-2024-28787 | IBM Security Verify Access information disclosure | | |
| CVE-2024-28793 | IBM Engineering Workflow Management cross-site scripting | | |
| CVE-2024-28794 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2024-28795 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2024-28796 | IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerabi... | | |
| CVE-2024-28797 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2024-28798 | IBM InfoSphere Information Server cross-site scripting | | |
| CVE-2024-28799 | IBM QRadar Suite Software information disclosure | | |
| CVE-2024-28803 | Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauth... | E | |
| CVE-2024-28804 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can ... | | |
| CVE-2024-28805 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.... | | |
| CVE-2024-28806 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can u... | | |
| CVE-2024-28807 | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in ... | | |
| CVE-2024-28808 | An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allo... | | |
| CVE-2024-28809 | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in fir... | | |
| CVE-2024-28810 | An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files ... | | |
| CVE-2024-28811 | An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged a... | | |
| CVE-2024-28812 | An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management ... | | |
| CVE-2024-28813 | An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT m... | | |
| CVE-2024-28815 | A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 throu... | | |
| CVE-2024-28816 | Student Information Chatbot a0196ab allows SQL injection via the username to the login function in i... | | |
| CVE-2024-28818 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exyno... | | |
| CVE-2024-28820 | Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Thr... | | |
| CVE-2024-28823 | Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 buc... | | |
| CVE-2024-28824 | Privilege escalation in mk_informix plugin | | |
| CVE-2024-28825 | Brute-force protection ineffective for some login methods | | |
| CVE-2024-28826 | Unrestricted upload and download paths in check_sftp | | |
| CVE-2024-28827 | Privilege escalation in Windows agent | | |
| CVE-2024-28828 | 1-Click compromize via CSRF | | |
| CVE-2024-28829 | Privilege escalation in mk_informix plugin | | |
| CVE-2024-28830 | Automation user secrets written to audit log | | |
| CVE-2024-28831 | XSS in confirmation pop-up | | |
| CVE-2024-28832 | XSS in Crash Report Page | | |
| CVE-2024-28833 | Missing brute-force protection for two factor authentication | | |
| CVE-2024-28834 | Gnutls: vulnerable to minerva side-channel information leak | M | |
| CVE-2024-28835 | Gnutls: potential crash during chain building/verification | M | |
| CVE-2024-28836 | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the serv... | | |
| CVE-2024-28847 | SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata | | |
| CVE-2024-28848 | SpEL Injection in `GET /api/v1/policies/validation/condition/ | | |
| CVE-2024-28849 | Proxy-Authorization header kept across hosts in follow-redirects | | |
| CVE-2024-28850 | WP Crontrol possible RCE when combined with a pre-condition | | |
| CVE-2024-28851 | Elevation of privilege in Snowflake Hive MetaStore Connector Helper script | S | |
| CVE-2024-28852 | Ampache has multiple reflective XSS vulnerabilities | E | |
| CVE-2024-28853 | Ampache Stored XSS | | |
| CVE-2024-28854 | Slow loris vulnerability with default configuration in tls-listener | E S | |
| CVE-2024-28855 | ZITADEL vulnerable to improper HTML sanitization | | |
| CVE-2024-28859 | Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency | | |
| CVE-2024-28860 | Insecure IPsec transport encryption in Cilium | | |
| CVE-2024-28861 | Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder | | |
| CVE-2024-28862 | ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. | | |
| CVE-2024-28863 | node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation | | |
| CVE-2024-28864 | [TagAwareCipher] - Decryption Failure (Regex Match) | | |
| CVE-2024-28865 | django-wiki denial of service via regular expression | | |
| CVE-2024-28866 | GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up | S | |
| CVE-2024-28867 | Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics | | |
| CVE-2024-28868 | Umbraco possible user enumeration vulnerability | S | |
| CVE-2024-28869 | Possible denial of service vulnerability with Content-length header in Traefik | | |
| CVE-2024-28870 | Suricata uses excessive resource use in malformed ssh traffic parsing | | |
| CVE-2024-28871 | Excessive CPU used on malformed traffic | S | |
| CVE-2024-28872 | Incorrect TLS certificate validation can lead to escalated privileges | S | |
| CVE-2024-28875 | A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attacker... | | |
| CVE-2024-28876 | Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an ... | | |
| CVE-2024-28877 | MicroDicom DICOM Viewer Stack-based Buffer Overflow | S | |
| CVE-2024-28878 | IOSIX IO-1020 Micro ELD Download of Code Without Integrity Check | S | |
| CVE-2024-28880 | Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who ca... | | |
| CVE-2024-28881 | Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 ... | | |
| CVE-2024-28882 | OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenti... | | |
| CVE-2024-28883 | BIG-IP APM browser network access VPN client vulnerability | | |
| CVE-2024-28885 | Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may al... | | |
| CVE-2024-28886 | OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the produc... | | |
| CVE-2024-28887 | Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authentic... | | |
| CVE-2024-28888 | A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox fiel... | E | |
| CVE-2024-28889 | BIG-IP SSL vulnerability | | |
| CVE-2024-28890 | Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability... | | |
| CVE-2024-28891 | Delta Electronics DIAEnergie SQL injection | S | |
| CVE-2024-28892 | An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially craf... | | |
| CVE-2024-28893 | Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when ... | | |
| CVE-2024-28894 | Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 hea... | | |
| CVE-2024-28895 | 'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 ... | | |
| CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | S | |
| CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28916 | Xbox Gaming Services Elevation of Privilege Vulnerability | | |
| CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | | |
| CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | | |
| CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-28947 | Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmwa... | | |
| CVE-2024-28948 | Advantech ADAM-5630 Cross-Site Request Forgery | S | |
| CVE-2024-28949 | DoS via a large number of User Preferences | S | |
| CVE-2024-28950 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before ve... | | |
| CVE-2024-28951 | Arkcompiler runtime has a use after free vulnerability | | |
| CVE-2024-28952 | Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may all... | | |
| CVE-2024-28953 | Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user ... | | |
| CVE-2024-28954 | Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticate... | | |
| CVE-2024-28955 | Affected devices create coredump files when crashed, storing them with world-readable permission. An... | | |
| CVE-2024-28956 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution... | | |
| CVE-2024-28957 | Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If thi... | | |
| CVE-2024-28960 | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mb... | | |
| CVE-2024-28961 | Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vu... | | |
| CVE-2024-28962 | Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Expo... | | |
| CVE-2024-28963 | Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulner... | | |
| CVE-2024-28964 | Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerabi... | | |
| CVE-2024-28965 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG ... | | |
| CVE-2024-28966 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG ... | | |
| CVE-2024-28967 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG ... | | |
| CVE-2024-28968 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG ... | | |
| CVE-2024-28969 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG ... | | |
| CVE-2024-28970 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user... | | |
| CVE-2024-28971 | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vul... | | |
| CVE-2024-28972 | Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerabil... | | |
| CVE-2024-28973 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Sto... | | |
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerab... | | |
| CVE-2024-28976 | Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API mod... | | |
| CVE-2024-28977 | Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in log... | | |
| CVE-2024-28978 | Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability... | | |
| CVE-2024-28979 | Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input D... | | |
| CVE-2024-28980 | Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algo... | | |
| CVE-2024-28981 | Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials | | |
| CVE-2024-28982 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference | | |
| CVE-2024-28983 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | | |
| CVE-2024-28984 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | | |
| CVE-2024-28986 | SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability | KEV S | |
| CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | KEV S | |
| CVE-2024-28989 | SolarWinds Web Help Desk Cryptographic Key Management Vulnerability | S | |
| CVE-2024-28990 | SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability | S | |
| CVE-2024-28991 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution | S | |
| CVE-2024-28992 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability | S | |
| CVE-2024-28993 | SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability | S | |
| CVE-2024-28995 | SolarWinds Serv-U L Directory Transversal Vulnerability | KEV S | |
| CVE-2024-28996 | SolarWinds Platform SWQL Injection Vulnerability | S | |
| CVE-2024-28999 | SolarWinds Platform Race Condition Vulnerability | S |