| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-39000 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function par... | | |
| CVE-2024-39001 | ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _Module... | E | |
| CVE-2024-39002 | rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.c... | | |
| CVE-2024-39003 | amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue... | | |
| CVE-2024-39008 | robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function object... | | |
| CVE-2024-39010 | chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attem... | E | |
| CVE-2024-39011 | Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or c... | E | |
| CVE-2024-39012 | ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObje... | E | |
| CVE-2024-39013 | 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vu... | | |
| CVE-2024-39014 | ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. T... | | |
| CVE-2024-39015 | cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. Thi... | | |
| CVE-2024-39016 | che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign... | | |
| CVE-2024-39017 | agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternal... | | |
| CVE-2024-39018 | harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the func... | | |
| CVE-2024-39019 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-39020 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-39021 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39022 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-39023 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/i... | E | |
| CVE-2024-39025 | Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access... | | |
| CVE-2024-39027 | SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL... | E | |
| CVE-2024-39028 | An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via... | E | |
| CVE-2024-39031 | In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their cale... | | |
| CVE-2024-39033 | In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproper... | | |
| CVE-2024-39036 | SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.... | E | |
| CVE-2024-39063 | Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only... | | |
| CVE-2024-39069 | An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrar... | | |
| CVE-2024-39071 | Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.... | | |
| CVE-2024-39072 | AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manag... | | |
| CVE-2024-39081 | An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via ... | E | |
| CVE-2024-39090 | The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross... | E | |
| CVE-2024-39091 | An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5... | M | |
| CVE-2024-39094 | Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, ... | E | |
| CVE-2024-39097 | There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in logi... | | |
| CVE-2024-39118 | Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring ... | E S | |
| CVE-2024-39119 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?m... | E | |
| CVE-2024-39123 | In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site... | | |
| CVE-2024-39124 | In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.... | | |
| CVE-2024-39125 | Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.... | | |
| CVE-2024-39126 | Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.... | | |
| CVE-2024-39129 | Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of se... | | |
| CVE-2024-39130 | A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of... | | |
| CVE-2024-39132 | A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial... | | |
| CVE-2024-39133 | Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service... | | |
| CVE-2024-39134 | A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of serv... | | |
| CVE-2024-39143 | A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-pr... | E S | |
| CVE-2024-39150 | vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.... | | |
| CVE-2024-39152 | Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-6655. Reason: This record is a re... | R | |
| CVE-2024-39153 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39154 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39155 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39156 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39157 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39158 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-39162 | pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are ... | | |
| CVE-2024-39163 | binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the F... | | |
| CVE-2024-39165 | QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to e... | | |
| CVE-2024-39171 | Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, whi... | E | |
| CVE-2024-39173 | calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability vi... | | |
| CVE-2024-39174 | A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows att... | | |
| CVE-2024-39178 | MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via th... | | |
| CVE-2024-39181 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow ... | | |
| CVE-2024-39182 | An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive d... | | |
| CVE-2024-39202 | D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnera... | E | |
| CVE-2024-39203 | A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.... | E | |
| CVE-2024-39205 | An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute a... | | |
| CVE-2024-39206 | An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain networ... | | |
| CVE-2024-39207 | lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.... | | |
| CVE-2024-39208 | luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.... | | |
| CVE-2024-39209 | luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score p... | | |
| CVE-2024-39210 | Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerabil... | | |
| CVE-2024-39211 | Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, becau... | | |
| CVE-2024-39219 | An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administr... | | |
| CVE-2024-39220 | BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, A... | | |
| CVE-2024-39223 | An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communicat... | | |
| CVE-2024-39225 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT... | E | |
| CVE-2024-39226 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT... | E | |
| CVE-2024-39227 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT... | E | |
| CVE-2024-39228 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT... | E | |
| CVE-2024-39229 | An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.1... | E | |
| CVE-2024-39236 | Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/co... | | |
| CVE-2024-39241 | Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via ... | | |
| CVE-2024-39242 | A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary we... | | |
| CVE-2024-39243 | An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request ... | | |
| CVE-2024-39248 | A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web... | E | |
| CVE-2024-39249 | Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while par... | | |
| CVE-2024-39250 | EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via ... | | |
| CVE-2024-39251 | An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0... | | |
| CVE-2024-39271 | Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless... | | |
| CVE-2024-39272 | A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Ent... | | |
| CVE-2024-39273 | A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V503... | | |
| CVE-2024-39274 | Malicious remote can add users to arbitrary teams and channels | S | |
| CVE-2024-39275 | Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information | S | |
| CVE-2024-39276 | ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() | S | |
| CVE-2024-39277 | dma-mapping: benchmark: handle NUMA_NO_NODE correctly | S | |
| CVE-2024-39278 | Hughes Network Systems Insufficiently Protected Credentials | S | |
| CVE-2024-39279 | Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a ... | | |
| CVE-2024-39280 | An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlin... | | |
| CVE-2024-39281 | Unbounded allocation in ctl(4) CAM Target Layer | | |
| CVE-2024-39282 | net: wwan: t7xx: Fix FSM command timeout issue | | |
| CVE-2024-39283 | Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.0... | | |
| CVE-2024-39284 | Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authe... | | |
| CVE-2024-39285 | Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privilege... | | |
| CVE-2024-39286 | Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series... | | |
| CVE-2024-39287 | Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor | S | |
| CVE-2024-39288 | A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlin... | | |
| CVE-2024-39290 | Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adj... | | |
| CVE-2024-39291 | drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() | S | |
| CVE-2024-39292 | um: Add winch to winch_handlers before registering winch IRQ | S | |
| CVE-2024-39293 | Revert "xsk: Support redirect to any socket bound to the same umem" | | |
| CVE-2024-39294 | A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 ... | | |
| CVE-2024-39296 | bonding: fix oops during rmmod | | |
| CVE-2024-39298 | mm/memory-failure: fix handling of dissolved but not taken off from buddy pages | | |
| CVE-2024-39299 | A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC... | | |
| CVE-2024-39300 | Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. ... | | |
| CVE-2024-39301 | net/9p: fix uninit-value in p9_client_rpc() | S | |
| CVE-2024-39302 | Some bbb-record-core files installed with wrong file permission | | |
| CVE-2024-39303 | Weblate vulnerabler to improper sanitization of project backups | S | |
| CVE-2024-39304 | ChurchCRM SQL Injection Vulnerability | E S | |
| CVE-2024-39305 | Envoy Proxy use after free when route hash policy is configured with cookie attributes | | |
| CVE-2024-39306 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-39304. Reason: ... | R | |
| CVE-2024-39307 | Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita | | |
| CVE-2024-39308 | RailsAdmin Cross-site Scripting vulnerability in the list view | S | |
| CVE-2024-39309 | ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability | | |
| CVE-2024-39310 | WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability | | |
| CVE-2024-39311 | Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction | E | |
| CVE-2024-39312 | Botan has an Authorization Error due to Name Constraint Decoding Bug | | |
| CVE-2024-39313 | toy-blog Improper Input Validation vulnerability | S | |
| CVE-2024-39314 | toy-blog administrative token leaked through the command line parameter | | |
| CVE-2024-39315 | Pomerium exposed OAuth2 access and ID tokens in user info endpoint response | S | |
| CVE-2024-39316 | Rack ReDoS Vulnerability in HTTP Accept Headers Parsing | | |
| CVE-2024-39317 | Wagtail regular expression denial-of-service via search query parsing | S | |
| CVE-2024-39318 | Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget | | |
| CVE-2024-39319 | aimeos/ai-controller-frontend has IDOR vulnerability in account profile page | S | |
| CVE-2024-39320 | Discourse allows iframe injection though default site setting | S | |
| CVE-2024-39321 | Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes | | |
| CVE-2024-39322 | aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records | S | |
| CVE-2024-39323 | aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account | | |
| CVE-2024-39324 | aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services | S | |
| CVE-2024-39325 | aimeos/ai-controller-frontend doesn't reset payment status in basket | S | |
| CVE-2024-39326 | SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill | | |
| CVE-2024-39327 | Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility ... | | |
| CVE-2024-39328 | Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin)... | | |
| CVE-2024-39329 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.ba... | | |
| CVE-2024-39330 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the dja... | | |
| CVE-2024-39331 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it... | S | |
| CVE-2024-39332 | Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traver... | | |
| CVE-2024-39334 | MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepa... | | |
| CVE-2024-39337 | Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.... | | |
| CVE-2024-39338 | axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed ... | E | |
| CVE-2024-39339 | A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in... | | |
| CVE-2024-39340 | The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of secon... | | |
| CVE-2024-39341 | Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.... | | |
| CVE-2024-39342 | Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6... | | |
| CVE-2024-39343 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, ... | | |
| CVE-2024-39344 | An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__Doc... | | |
| CVE-2024-39345 | AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a h... | | |
| CVE-2024-39347 | Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SR... | | |
| CVE-2024-39348 | Download of code without integrity check vulnerability in AirPrint functionality in Synology Router ... | | |
| CVE-2024-39349 | A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is ... | | |
| CVE-2024-39350 | A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This... | | |
| CVE-2024-39351 | A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Com... | | |
| CVE-2024-39352 | A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. Th... | | |
| CVE-2024-39353 | RemoteClusterFrame payloads are audit logged in full | S | |
| CVE-2024-39354 | Delta Electronics DIAScreen Stack-based Buffer Overflow | S | |
| CVE-2024-39355 | Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an a... | | |
| CVE-2024-39356 | NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windo... | | |
| CVE-2024-39357 | A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wa... | | |
| CVE-2024-39358 | A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33... | | |
| CVE-2024-39359 | A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of ... | | |
| CVE-2024-39360 | An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC... | | |
| CVE-2024-39361 | Creating posts with user-defined IDs permitted in CreatePost API | S | |
| CVE-2024-39362 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-39363 | A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functional... | | |
| CVE-2024-39364 | Advantech ADAM-5630 Missing Authentication for Critical Function | S | |
| CVE-2024-39365 | Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler sof... | | |
| CVE-2024-39367 | An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionali... | | |
| CVE-2024-39368 | Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R... | | |
| CVE-2024-39370 | An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlin... | | |
| CVE-2024-39371 | io_uring: check for non-NULL file pointer in io_file_can_poll() | S | |
| CVE-2024-39372 | Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allo... | | |
| CVE-2024-39373 | Improper Neutralization of Special Elements used in a Command in TELSAT marKoni FM Transmitter | S | |
| CVE-2024-39374 | Use of Hard-coded Credentials in TELSAT marKoni FM Transmitter | S | |
| CVE-2024-39375 | Use of Client-Side Authentication in TELSAT marKoni FM Transmitter | S | |
| CVE-2024-39376 | Improper Access Control In TELSAT MarKoni FM Transmitter | S | |
| CVE-2024-39377 | Media Encoder | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-39378 | Audition | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-39379 | Acrobat for Edge | Out-of-bounds Read (CWE-125) | S | |
| CVE-2024-39380 | After Effects | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-39381 | After Effects | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-39382 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-39383 | PoC sample of unknown vulnerability detected by EXPMON system | | |
| CVE-2024-39384 | Premiere Pro | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-39385 | Premiere Pro | Use After Free (CWE-416) | | |
| CVE-2024-39386 | ZDI-CAN-24057: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-39387 | ZDI-CAN-24047: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-39388 | ZDI-CAN-24055: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-39389 | Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-39390 | Adobe Indesign 2024 DOC File Parsing Memory Corruption | | |
| CVE-2024-39391 | Adobe Indesign XLS File Parsing Out Of Bound Write Remote Code execution vulnerability | | |
| CVE-2024-39392 | Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-39393 | Adobe Indesign 2024 PCT File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-39394 | Adobe Indesign 2024 PDF File Parsing Out Of Bound Write Remote Code Execution Vulnerability | | |
| CVE-2024-39395 | Adobe Indesign 2024 DOC File Parsing Null Pointer Dereference | | |
| CVE-2024-39396 | Adobe Indesign 2024 PCX File Parsing Out Of Bound Read | | |
| CVE-2024-39397 | Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434) | | |
| CVE-2024-39398 | OTP 2FA can be bruteforced | | |
| CVE-2024-39399 | [Paris] Path Traversal lead to local file read | | |
| CVE-2024-39400 | DOM XSS through integrations can impact other admins | | |
| CVE-2024-39401 | Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | | |
| CVE-2024-39402 | Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | | |
| CVE-2024-39403 | Stored XSS through Webhook module public key configuration | | |
| CVE-2024-39404 | A user without Shop Policy Parameters section privilege can alter the shop policy parameters section | | |
| CVE-2024-39405 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2024-39406 | Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | | |
| CVE-2024-39407 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2024-39408 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | | |
| CVE-2024-39409 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | | |
| CVE-2024-39410 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | | |
| CVE-2024-39411 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2024-39412 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2024-39413 | An unauthorized user can export the Invoiced Sales Report | | |
| CVE-2024-39414 | Being able to import/export tax rates without proper privileges | | |
| CVE-2024-39415 | An unauthorized user can export the Tax Sales Report | | |
| CVE-2024-39416 | Unauthorized user can export Orders Sale Report | | |
| CVE-2024-39417 | An unauthorized user can export the Shipping Report | | |
| CVE-2024-39418 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2024-39419 | A user without ship permissions can ship the orders | | |
| CVE-2024-39420 | Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) | | |
| CVE-2024-39422 | ZDI-CAN-24090: New Vulnerability Report - Use-after-free remote code execution vulnerability in Adobe Acrobat Reader DC | | |
| CVE-2024-39423 | ZDI-CAN-24182: New Vulnerability Report - Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-39424 | ZDI-CAN-24309: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-39425 | Security vulnerability in AdobeARMHelper | | |
| CVE-2024-39426 | ZDI-CAN-24312: Adobe Acrobat Reader DC Annotation Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-39427 | In trusty service, there is a possible out of bounds write due to a missing bounds check. This could... | | |
| CVE-2024-39428 | In trusty service, there is a possible out of bounds write due to a missing bounds check. This could... | | |
| CVE-2024-39429 | In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could... | | |
| CVE-2024-39430 | In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could... | | |
| CVE-2024-39431 | In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This coul... | | |
| CVE-2024-39432 | In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could... | | |
| CVE-2024-39433 | In drm service, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2024-39434 | In drm service, there is a possible out of bounds read due to a missing bounds check. This could lea... | | |
| CVE-2024-39435 | In Logmanager service, there is a possible missing verification incorrect input. This could lead to ... | | |
| CVE-2024-39436 | In linkturbonative service, there is a possible command injection due to improper input validation. ... | | |
| CVE-2024-39437 | In linkturbonative service, there is a possible command injection due to improper input validation. ... | | |
| CVE-2024-39438 | In linkturbonative service, there is a possible command injection due to improper input validation. ... | | |
| CVE-2024-39439 | In DRM service, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2024-39440 | In DRM service, there is a possible system crash due to null pointer dereference. This could lead to... | | |
| CVE-2024-39441 | In wifi display, there is a possible missing permission check. This could lead to local escalation o... | | |
| CVE-2024-39442 | In sprd ssense service, there is a possible missing permission check. This could lead to local infor... | | |
| CVE-2024-39457 | Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this v... | | |
| CVE-2024-39458 | When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs... | | |
| CVE-2024-39459 | In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file c... | | |
| CVE-2024-39460 | Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth acce... | | |
| CVE-2024-39461 | clk: bcm: rpi: Assign ->num before accessing ->hws | S | |
| CVE-2024-39462 | clk: bcm: dvp: Assign ->num before accessing ->hws | S | |
| CVE-2024-39463 | 9p: add missing locking around taking dentry fid list | S | |
| CVE-2024-39464 | media: v4l: async: Fix notifier list entry init | S | |
| CVE-2024-39465 | media: mgb4: Fix double debugfs remove | S | |
| CVE-2024-39466 | thermal/drivers/qcom/lmh: Check for SCM availability at probe | S | |
| CVE-2024-39467 | f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() | | |
| CVE-2024-39468 | smb: client: fix deadlock in smb2_find_smb_tcon() | S | |
| CVE-2024-39469 | nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors | | |
| CVE-2024-39470 | eventfs: Fix a possible null pointer dereference in eventfs_find_events() | S | |
| CVE-2024-39471 | drm/amdgpu: add error handle to avoid out-of-bounds | S | |
| CVE-2024-39472 | xfs: fix log recovery buffer allocation for the legacy h_size fixup | S | |
| CVE-2024-39473 | ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension | S | |
| CVE-2024-39474 | mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL | S | |
| CVE-2024-39475 | fbdev: savage: Handle err return when savagefb_check_var failed | S | |
| CVE-2024-39476 | md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING | S | |
| CVE-2024-39477 | mm/hugetlb: do not call vma_add_reservation upon ENOMEM | S | |
| CVE-2024-39478 | crypto: starfive - Do not free stack buffer | S | |
| CVE-2024-39479 | drm/i915/hwmon: Get rid of devm | S | |
| CVE-2024-39480 | kdb: Fix buffer overflow during tab-complete | S | |
| CVE-2024-39481 | media: mc: Fix graph walk in media_pipeline_start | S | |
| CVE-2024-39482 | bcache: fix variable length array abuse in btree_iter | S | |
| CVE-2024-39483 | KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked | S | |
| CVE-2024-39484 | mmc: davinci: Don't strip remove function when driver is builtin | S | |
| CVE-2024-39485 | media: v4l: async: Properly re-initialise notifier entry in unregister | S | |
| CVE-2024-39486 | drm/drm_file: Fix pid refcounting race | S | |
| CVE-2024-39487 | bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() | S | |
| CVE-2024-39488 | arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY | | |
| CVE-2024-39489 | ipv6: sr: fix memleak in seg6_hmac_init_algo | S | |
| CVE-2024-39490 | ipv6: sr: fix missing sk_buff release in seg6_input_core | S | |
| CVE-2024-39491 | ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance | | |
| CVE-2024-39492 | mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown | S | |
| CVE-2024-39493 | crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak | S | |
| CVE-2024-39494 | ima: Fix use-after-free on a dentry's dname.name | S | |
| CVE-2024-39495 | greybus: Fix use-after-free bug in gb_interface_release due to race condition. | S | |
| CVE-2024-39496 | btrfs: zoned: fix use-after-free due to race with dev replace | S | |
| CVE-2024-39497 | drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) | | |
| CVE-2024-39498 | drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 | S | |
| CVE-2024-39499 | vmci: prevent speculation leaks by sanitizing event in event_deliver() | | |
| CVE-2024-39500 | sock_map: avoid race between sock_map_close and sk_psock_put | | |
| CVE-2024-39501 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-39502 | ionic: fix use after netif_napi_del() | | |
| CVE-2024-39503 | netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type | | |
| CVE-2024-39504 | netfilter: nft_inner: validate mandatory meta and payload | S | |
| CVE-2024-39505 | drm/komeda: check for error-valued pointer | | |
| CVE-2024-39506 | liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet | S | |
| CVE-2024-39507 | net: hns3: fix kernel crash problem in concurrent scenario | S | |
| CVE-2024-39508 | io_uring/io-wq: Use set_bit() and test_bit() at worker->flags | | |
| CVE-2024-39509 | HID: core: remove unnecessary WARN_ON() in implement() | | |
| CVE-2024-39510 | cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() | S | |
| CVE-2024-39511 | Junos OS: The 802.1X Authentication Daemon crashes on running a specific command | S | |
| CVE-2024-39512 | Junos OS Evolved: User is not logged out when the console cable is disconnected | S | |
| CVE-2024-39513 | Junos OS Evolved: Execution of a specific CLI command will cause a crash in the AFT manager | S | |
| CVE-2024-39514 | Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash | S | |
| CVE-2024-39515 | Junos OS and Junos OS Evolved: With BGP traceoptions enabled, receipt of specifically malformed BGP update causes RPD crash | S | |
| CVE-2024-39516 | Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash | S | |
| CVE-2024-39517 | Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured | S | |
| CVE-2024-39518 | Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface | S | |
| CVE-2024-39519 | Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario | S | |
| CVE-2024-39520 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation | S | |
| CVE-2024-39521 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation | S | |
| CVE-2024-39522 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation | S | |
| CVE-2024-39523 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation | S | |
| CVE-2024-39524 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation | S | |
| CVE-2024-39525 | Junos OS and Junos OS Evolved: When BGP traceoptions is enabled, receipt of specially crafted BGP packet causes RPD crash | S | |
| CVE-2024-39526 | Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11/LC9600, MX304, EX9200, PTX Series: Receipt of malformed DHCP packets causes interfaces to stop processing packets | S | |
| CVE-2024-39527 | Junos OS: SRX Series: Low privileged user able to access sensitive information on file system | S | |
| CVE-2024-39528 | Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash | S | |
| CVE-2024-39529 | Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash | S | |
| CVE-2024-39530 | Junos OS: Attempting to access specific sensors on platforms not supporting these will lead to a chassisd crash | S | |
| CVE-2024-39531 | Junos OS Evolved: ACX 7000 Series: Protocol specific DDoS configuration affects other protocols | S | |
| CVE-2024-39532 | Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user | S | |
| CVE-2024-39533 | Junos OS: QFX5000 Series and EX4600 Series: Output firewall filter is not applied if certain match criteria are used | S | |
| CVE-2024-39534 | Junos OS Evolved: Connections to the network and broadcast address accepted | S | |
| CVE-2024-39535 | Junos OS Evolved: ACX 7000 Series: When specific traffic is received in a VPLS scenario evo-pfemand crashes | S | |
| CVE-2024-39536 | Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak | S | |
| CVE-2024-39537 | Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network | S | |
| CVE-2024-39538 | Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes | S | |
| CVE-2024-39539 | Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash | S | |
| CVE-2024-39540 | Junos OS: SRX Series, and MX Series with SPC3: Specific valid TCP traffic can cause a pfe crash | S | |
| CVE-2024-39541 | Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash | S | |
| CVE-2024-39542 | Junos OS and Junos OS Evolved: A malformed CFM packet or specific transit traffic leads to FPC crash | S | |
| CVE-2024-39543 | Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash | S | |
| CVE-2024-39544 | Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files | S | |
| CVE-2024-39545 | Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash | S | |
| CVE-2024-39546 | Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation | S | |
| CVE-2024-39547 | Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization | S | |
| CVE-2024-39548 | Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak | S | |
| CVE-2024-39549 | Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak | S | |
| CVE-2024-39550 | Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service | S | |
| CVE-2024-39551 | Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop | S | |
| CVE-2024-39552 | Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash | S | |
| CVE-2024-39553 | Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS). | S | |
| CVE-2024-39554 | Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash | S | |
| CVE-2024-39555 | Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset | S | |
| CVE-2024-39556 | Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow | S | |
| CVE-2024-39557 | Junos OS Evolved: MAC table changes cause a memory leak | S | |
| CVE-2024-39558 | Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR | S | |
| CVE-2024-39559 | Junos OS Evolved: Receipt of a specific TCP packet may result in a system crash (vmcore) on dual RE systems with NSR enabled | S | |
| CVE-2024-39560 | Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash | S | |
| CVE-2024-39561 | Junos OS: SRX4600, SRX5000 Series: TCP packets with SYN/FIN or SYN/RST are transferred after enabling no-syn-check with Express Path | S | |
| CVE-2024-39562 | Junos OS Evolved: A high rate of SSH connections causes a Denial of Service | S | |
| CVE-2024-39563 | Junos Space: Remote Command Execution (RCE) vulnerability in web application | S | |
| CVE-2024-39564 | Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash | S | |
| CVE-2024-39565 | Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device. | S | |
| CVE-2024-39567 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The s... | | |
| CVE-2024-39568 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The s... | S | |
| CVE-2024-39569 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The s... | S | |
| CVE-2024-39570 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affec... | S | |
| CVE-2024-39571 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affec... | S | |
| CVE-2024-39573 | Apache HTTP Server: mod_rewrite proxy handler substitution | | |
| CVE-2024-39574 | Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A hi... | | |
| CVE-2024-39576 | Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vuln... | | |
| CVE-2024-39577 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Imprope... | | |
| CVE-2024-39578 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) follo... | | |
| CVE-2024-39579 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vu... | | |
| CVE-2024-39580 | Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerabili... | | |
| CVE-2024-39581 | Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to Ex... | | |
| CVE-2024-39582 | Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A hig... | | |
| CVE-2024-39583 | Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptograph... | | |
| CVE-2024-39584 | Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privile... | | |
| CVE-2024-39585 | Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Us... | | |
| CVE-2024-39586 | Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerabilit... | | |
| CVE-2024-39589 | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser... | E | |
| CVE-2024-39590 | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser... | E | |
| CVE-2024-39591 | Missing Authorization check in SAP Document Builder | | |
| CVE-2024-39592 | [CVE-2024-39592] Missing Authorization check in SAP PDCE | | |
| CVE-2024-39593 | [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management | | |
| CVE-2024-39594 | [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation | | |
| CVE-2024-39595 | [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation | | |
| CVE-2024-39596 | [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now | | |
| CVE-2024-39597 | [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce | | |
| CVE-2024-39598 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) | | |
| CVE-2024-39599 | [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform | | |
| CVE-2024-39600 | [CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows | | |
| CVE-2024-39601 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40... | | |
| CVE-2024-39602 | An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC... | | |
| CVE-2024-39603 | A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functio... | | |
| CVE-2024-39604 | A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000... | | |
| CVE-2024-39605 | Delta Electronics DIAScreen Stack-based Buffer Overflow | S | |
| CVE-2024-39606 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Wind... | | |
| CVE-2024-39607 | OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted reques... | | |
| CVE-2024-39608 | A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.... | | |
| CVE-2024-39609 | Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privilege... | S | |
| CVE-2024-39610 | Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerabil... | | |
| CVE-2024-39612 | Background Task Manager has an out-of-bounds read permission bypass vulnerability | | |
| CVE-2024-39613 | RCE in desktop app in Windows by local attacker | S | |
| CVE-2024-39614 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_var... | | |
| CVE-2024-39619 | WordPress ListingPro plugin <= 2.9.3 - Unauthenticated Local File Inclusion vulnerability | | |
| CVE-2024-39620 | WordPress ListingPro plugin <= 2.9.4 - SQL Injection vulnerability | | |
| CVE-2024-39621 | WordPress ListingPro plugin <= 2.9.3 - Local File Inclusion vulnerability | | |
| CVE-2024-39622 | WordPress ListingPro theme <= 2.9.4 - Unauthenticated SQL Injection vulnerability | | |
| CVE-2024-39623 | WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability | S | |
| CVE-2024-39624 | WordPress ListingPro theme <= 2.9.3 - Local File Inclusion vulnerability | | |
| CVE-2024-39625 | WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability | S | |
| CVE-2024-39626 | WordPress Pretty Simple Popup Builder plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-39627 | WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 3.59.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39628 | WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-39629 | WordPress Himalayas theme <= 1.3.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-39630 | WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability | | |
| CVE-2024-39631 | WordPress Contest Gallery plugin <= 23.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39633 | WordPress PowerPack for Beaver Builder plugin <= 2.33.0 - Contributor+ Privilege Escalation vulnerability | S | |
| CVE-2024-39634 | WordPress PowerPack Pro for Elementor plugin <= 2.10.14 - Contributor+ Privilege Escalation vulnerability | S | |
| CVE-2024-39635 | WordPress Youzify plugin <= 1.2.6 - Broken Access Control vulnerability | S | |
| CVE-2024-39636 | WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability | S | |
| CVE-2024-39637 | WordPress Edubin theme <= 9.2.0 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-39638 | WordPress Registrations for the Events Calendar plugin <= 2.12.2 - SQL Injection vulnerability | S | |
| CVE-2024-39639 | WordPress File Upload plugin <= 4.24.7 - Broken Access Control + CSRF vulnerability | S | |
| CVE-2024-39640 | WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability | S | |
| CVE-2024-39641 | WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-39642 | WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2024-39643 | WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39644 | WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39645 | WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-39646 | WordPress Custom 404 Pro plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39647 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39648 | WordPress Eventin plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39649 | WordPress Essential Addons for Elementor plugin <= 5.9.26 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39650 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities | S | |
| CVE-2024-39651 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerability | S | |
| CVE-2024-39652 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39653 | WordPress VikRentCar Car Rental Management System plugin <= 1.4.0 - SQL Injection vulnerability | S | |
| CVE-2024-39654 | WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability | S | |
| CVE-2024-39655 | WordPress LiquidPoll plugin <= 3.3.77 - Unauthenticated Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39656 | WordPress Tin Canny Reporting for LearnDash plugin <= 4.3.0.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39657 | WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-39658 | WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability | S | |
| CVE-2024-39659 | WordPress WP-PostRatings plugin <= 1.91.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39660 | WordPress Photo Engine (Media Organizer & Lightroom) plugin <= 6.3.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39661 | WordPress Kubio AI Page Builder plugin <= 2.2.4 - Authenticated Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39662 | WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39663 | WordPress WP Fast Total Search plugin <= 1.68.232 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39664 | WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability | S | |
| CVE-2024-39665 | WordPress Filter & Grids plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39666 | WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39667 | WordPress Element Pack Elementor Addons plugin <= 5.6.11 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39668 | WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-39669 | In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. ... | | |
| CVE-2024-39670 | Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploit... | | |
| CVE-2024-39671 | Access control vulnerability in the security verification module. Impact: Successful exploitation of... | | |
| CVE-2024-39672 | Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vul... | | |
| CVE-2024-39673 | Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exp... | | |
| CVE-2024-39674 | Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulner... | | |
| CVE-2024-39675 | A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (... | | |
| CVE-2024-39676 | Apache Pinot: Unauthorized endpoint exposed sensitive information | | |
| CVE-2024-39677 | NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities | S | |
| CVE-2024-39678 | WordPress Cooked Plugin - Cross-Site Request Forgery to Get Recipe IDs | E | |
| CVE-2024-39679 | WordPress Cooked Plugin - Cross-Site Request Forgery to Recipe Template Reset | E | |
| CVE-2024-39680 | WordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template Save | E | |
| CVE-2024-39681 | WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes | E | |
| CVE-2024-39682 | WordPress Cooked Plugin - Authenticated (Contributor+) HTML Injection via Recipe Excerpt | E | |
| CVE-2024-39683 | ZITADEL Vulnerable to Session Information Leakage | S | |
| CVE-2024-39684 | Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Overflow | | |
| CVE-2024-39685 | fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function | E | |
| CVE-2024-39686 | fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function | E | |
| CVE-2024-39687 | Fedify vulnerable to allowing access to internal network resources | | |
| CVE-2024-39688 | fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function | E | |
| CVE-2024-39689 | Certifi removes GLOBALTRUST root certificate | S | |
| CVE-2024-39690 | Capsule tenant owner with "patch namespace" permission can hijack system namespaces | E S | |
| CVE-2024-39691 | Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to | | |
| CVE-2024-39693 | Next.js Denial of Service (DoS) condition | | |
| CVE-2024-39694 | Duende IdentityServer Open Redirect vulnerability | | |
| CVE-2024-39695 | Exiv2 has an out-of-bounds read in AsfVideo::streamProperties | S | |
| CVE-2024-39696 | Evmos vulnerable to exploit of smart contract account and vesting | S | |
| CVE-2024-39697 | phonenumber panics on parsing crafted phonenumber inputs | | |
| CVE-2024-39698 | Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6 | E S | |
| CVE-2024-39699 | Directus has a Blind SSRF On File Import | E S | |
| CVE-2024-39700 | Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action | | |
| CVE-2024-39701 | Directus Incorrectly handles _in` filter | | |
| CVE-2024-39702 | In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during st... | | |
| CVE-2024-39703 | In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands ... | | |
| CVE-2024-39704 | Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a r... | E | |
| CVE-2024-39705 | NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and ... | | |
| CVE-2024-39707 | Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further a... | | |
| CVE-2024-39708 | An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manag... | | |
| CVE-2024-39709 | Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) ... | | |
| CVE-2024-39710 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy S... | | |
| CVE-2024-39711 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy S... | | |
| CVE-2024-39712 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy S... | | |
| CVE-2024-39713 | A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.... | | |
| CVE-2024-39714 | A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the s... | | |
| CVE-2024-39715 | A code injection vulnerability that allows a low-privileged user with REST API access granted to rem... | | |
| CVE-2024-39717 | The Versa Director GUI provides an option to customize the look and feel of the user interface. This... | KEV | |
| CVE-2024-39718 | An improper input validation vulnerability that allows a low-privileged user to remotely remove file... | | |
| CVE-2024-39719 | An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create... | E | |
| CVE-2024-39720 | An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a m... | E | |
| CVE-2024-39721 | An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to rea... | E | |
| CVE-2024-39722 | An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which... | E | |
| CVE-2024-39723 | IBM FlashSystem denial of service | | |
| CVE-2024-39725 | IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure | | |
| CVE-2024-39726 | IBM Engineering Insights XML external entity injection | | |
| CVE-2024-39727 | IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing | | |
| CVE-2024-39728 | IBM Datacap Navigator cross-site scripting | | |
| CVE-2024-39729 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39731 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39732 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39733 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39734 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39735 | IBM Datacap Navigator cross-site scripting | | |
| CVE-2024-39736 | IBM Datacap Navigator HTTP HOST header injection | | |
| CVE-2024-39737 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39739 | IBM Datacap Navigator server-side request forgery | | |
| CVE-2024-39740 | IBM Datacap Navigator information disclosure | | |
| CVE-2024-39741 | IBM Datacap Navigator directory traversal | | |
| CVE-2024-39742 | IBM MQ Container authentication bypass | | |
| CVE-2024-39743 | IBM MQ Container denial of service | | |
| CVE-2024-39744 | IBM Sterling Connect:Direct Web Services cross-site request forgery | | |
| CVE-2024-39745 | IBM Sterling Connect:Direct Web Services information disclosure | | |
| CVE-2024-39746 | IBM Sterling Connect:Direct Web Services information disclosure | | |
| CVE-2024-39747 | IBM Sterling Connect:Direct Web Services information disclosure | | |
| CVE-2024-39750 | IBM Analytics Content Hub buffer overflow | | |
| CVE-2024-39751 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2024-39753 | An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to exec... | | |
| CVE-2024-39754 | A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505... | | |
| CVE-2024-39755 | A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.... | | |
| CVE-2024-39756 | A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC300... | | |
| CVE-2024-39757 | A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wav... | | |
| CVE-2024-39758 | Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.... | | |
| CVE-2024-39759 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of... | | |
| CVE-2024-39760 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of... | | |
| CVE-2024-39761 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of... | | |
| CVE-2024-39762 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional... | | |
| CVE-2024-39763 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional... | | |
| CVE-2024-39764 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional... | | |
| CVE-2024-39765 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional... | | |
| CVE-2024-39766 | Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor s... | | |
| CVE-2024-39767 | Spoofed push notifications from malicious server | S | |
| CVE-2024-39768 | Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlin... | | |
| CVE-2024-39769 | Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlin... | | |
| CVE-2024-39770 | Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlin... | | |
| CVE-2024-39771 | QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certi... | | |
| CVE-2024-39772 | Silent Desktop Screenshot Capture | S | |
| CVE-2024-39773 | An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M3... | | |
| CVE-2024-39774 | A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 ... | | |
| CVE-2024-39775 | Net Manager has an out-of-bounds read permission bypass vulnerability | | |
| CVE-2024-39776 | Avtec Outpost Storage of File with Sensitive Data Under Web Root | S | |
| CVE-2024-39777 | Malicious remote can invite itself to an arbitrary local channel | S | |
| CVE-2024-39778 | BIG-IP HSB vulnerability | | |
| CVE-2024-39779 | Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before vers... | | |
| CVE-2024-39780 | Use of unsafe yaml load in dynparam | | |
| CVE-2024-39781 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wav... | | |
| CVE-2024-39782 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wav... | | |
| CVE-2024-39783 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wav... | | |
| CVE-2024-39784 | Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink A... | | |
| CVE-2024-39785 | Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink A... | | |
| CVE-2024-39786 | Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink... | | |
| CVE-2024-39787 | Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink... | | |
| CVE-2024-39788 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of... | | |
| CVE-2024-39789 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of... | | |
| CVE-2024-39790 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of... | | |
| CVE-2024-39791 | Vonets WiFi Bridges Stack-based Buffer Overflow | M | |
| CVE-2024-39792 | NGINX Plus MQTT vulnerability | | |
| CVE-2024-39793 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionalit... | | |
| CVE-2024-39794 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionalit... | | |
| CVE-2024-39795 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionalit... | | |
| CVE-2024-39797 | Improper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version ... | | |
| CVE-2024-39798 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() fu... | | |
| CVE-2024-39799 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() fu... | | |
| CVE-2024-39800 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() fu... | | |
| CVE-2024-39801 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlin... | | |
| CVE-2024-39802 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlin... | | |
| CVE-2024-39803 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlin... | | |
| CVE-2024-39804 | A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafte... | | |
| CVE-2024-39805 | Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 ... | | |
| CVE-2024-39806 | Liteos_a has an out-of-bounds Read vulnerability | | |
| CVE-2024-39807 | Channel IDs of archived/restored channels leaked via webhook events | S | |
| CVE-2024-39808 | Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP messa... | | |
| CVE-2024-39809 | BIG-IP Next Central Manager vulnerability | | |
| CVE-2024-39810 | Server crash via Elasticsearch certificate file | S | |
| CVE-2024-39811 | Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privil... | | |
| CVE-2024-39813 | Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated u... | | |
| CVE-2024-39815 | Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions | M | |
| CVE-2024-39816 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability | | |
| CVE-2024-39817 | Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, wh... | | |
| CVE-2024-39818 | Zoom Workplace Apps and SDKs - Protection Mechanism Failure | | |
| CVE-2024-39819 | Zoom Workplace Apps and SDK for Windows - Improper Privilege Management | | |
| CVE-2024-39820 | Zoom Workplace Desktop App for macOS - Uncontrolled Search Path Element | | |
| CVE-2024-39821 | Zoom Workplace App for Windows and Zoom Rooms App for Windows - Race Condition | | |
| CVE-2024-39822 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure | | |
| CVE-2024-39823 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure | | |
| CVE-2024-39824 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure | | |
| CVE-2024-39825 | Zoom Workplace Apps and Rooms Clients - Buffer Overflow | | |
| CVE-2024-39826 | Zoom Workplace Apps and SDKs - Path traversal | | |
| CVE-2024-39827 | Zoom Workplace Desktop App for Windows - Improper Input Validation | | |
| CVE-2024-39828 | R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was f... | | |
| CVE-2024-39830 | Timing attack during remote cluster token comparison when shared channels are enabled | S | |
| CVE-2024-39831 | AccessTokenManager has an use after free vulnerability | | |
| CVE-2024-39832 | Permanently local data deletion by malicious remote | S | |
| CVE-2024-39833 | Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authentica... | | |
| CVE-2024-39836 | Munged email address used for password resets and notifications | S | |
| CVE-2024-39837 | Malicious remote can create arbitrary channels | S | |
| CVE-2024-39838 | ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a... | | |
| CVE-2024-39839 | Remote username set to an arbitrary string by remote user | S | |
| CVE-2024-39840 | Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom ma... | | |
| CVE-2024-39841 | A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.0... | | |
| CVE-2024-39842 | A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execut... | | |
| CVE-2024-39843 | A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execut... | | |
| CVE-2024-39844 | In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.... | | |
| CVE-2024-39846 | NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier ... | | |
| CVE-2024-39848 | Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certai... | | |
| CVE-2024-39853 | adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function pars... | | |
| CVE-2024-39863 | Apache Airflow: Potential XSS Vulnerability | S | |
| CVE-2024-39864 | Apache CloudStack: Integration API service uses dynamic port when disabled | S | |
| CVE-2024-39865 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | S | |
| CVE-2024-39866 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | S | |
| CVE-2024-39867 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affec... | S | |
| CVE-2024-39868 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affec... | S | |
| CVE-2024-39869 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affec... | S | |
| CVE-2024-39870 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | S | |
| CVE-2024-39871 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affec... | S | |
| CVE-2024-39872 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | S | |
| CVE-2024-39873 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | S | |
| CVE-2024-39874 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | S | |
| CVE-2024-39875 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The a... | | |
| CVE-2024-39876 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affec... | | |
| CVE-2024-39877 | Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler | S | |
| CVE-2024-39878 | In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connectio... | | |
| CVE-2024-39879 | In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile setti... | | |
| CVE-2024-39880 | Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2 | S | |
| CVE-2024-39881 | Out-of-bounds Write in Delta Electronics CNCSoft-G2 | S | |
| CVE-2024-39882 | Out-of-bounds Read in Delta Electronics CNCSoft-G2 | S | |
| CVE-2024-39883 | Heap-based Buffer Overflow in Delta Electronics CNCSoft-G2 | S | |
| CVE-2024-39884 | Apache HTTP Server: source code disclosure with handlers configured via AddType | | |
| CVE-2024-39886 | TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since T... | | |
| CVE-2024-39887 | Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions | | |
| CVE-2024-39888 | A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affect... | | |
| CVE-2024-39890 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825... | | |
| CVE-2024-39891 | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an una... | KEV | |
| CVE-2024-39894 | OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (... | | |
| CVE-2024-39895 | Directus GraphQL Field Duplication Denial of Service (DoS) | E S | |
| CVE-2024-39896 | Directus allows SSO User Enumeration | E S | |
| CVE-2024-39897 | Cache driver GetBlob() allows read access to any blob without access control check | S | |
| CVE-2024-39899 | PrivateBin allows shortening of URLs for other domains | | |
| CVE-2024-39900 | OpenSearch Dashboards Reports does not properly restrict access to private tenant resources | S | |
| CVE-2024-39901 | OpenSearch Observability does not properly restrict access to private tenant resources | S | |
| CVE-2024-39902 | Tuleap's recursive permissions to document manager folder are not properly applied | S | |
| CVE-2024-39903 | Local File Inclusion in Solara | S | |
| CVE-2024-39904 | Code Execution Vulnerability via Local File Path Traversal in Vnote | | |
| CVE-2024-39905 | Red-DiscordBot vulnerable to Incorrect Authorization in commands API | | |
| CVE-2024-39906 | Remote code execution in Haven IndieAuthClient (GHSL-2024-093) | | |
| CVE-2024-39907 | a sqlinjection in 1Panel | E | |
| CVE-2024-39908 | Denial of service in REXML | | |
| CVE-2024-39909 | SQL Injection in the KubeClarity REST API | | |
| CVE-2024-39910 | Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor | S | |
| CVE-2024-39911 | 1Panel SQL injection | E | |
| CVE-2024-39912 | Enumeration of valid usernames in web-auth/webauthn-lib | | |
| CVE-2024-39914 | FOG has a command injection in /fog/management/export.php?filename= | | |
| CVE-2024-39915 | Authenticated remote code execution in Thruk | | |
| CVE-2024-39916 | NFS server misconfiguration allows file access outside the exported directory | S | |
| CVE-2024-39917 | xrdp allows an ininite number of login attempts | S | |
| CVE-2024-39918 | Path Traveral in @jmondi/url-to-png | | |
| CVE-2024-39919 | Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png | | |
| CVE-2024-39920 | The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to ... | | |
| CVE-2024-39921 | Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20N... | M | |
| CVE-2024-39922 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/... | | |
| CVE-2024-39924 | An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been iden... | | |
| CVE-2024-39925 | An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding proce... | | |
| CVE-2024-39926 | An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting... | | |
| CVE-2024-39927 | Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a sp... | | |
| CVE-2024-39928 | Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability | | |
| CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can by... | | |
| CVE-2024-39930 | The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, lea... | E | |
| CVE-2024-39931 | Gogs through 0.13.0 allows deletion of internal files.... | | |
| CVE-2024-39932 | Gogs through 0.13.0 allows argument injection during the previewing of changes.... | E M | |
| CVE-2024-39933 | Gogs through 0.13.0 allows argument injection during the tagging of a new release.... | E M | |
| CVE-2024-39934 | Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Pytho... | | |
| CVE-2024-39935 | jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection b... | | |
| CVE-2024-39936 | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before... | | |
| CVE-2024-39937 | supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files.... | | |
| CVE-2024-39943 | rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command exec... | S | |
| CVE-2024-39944 | A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets t... | | |
| CVE-2024-39945 | A vulnerability has been found in Dahua products. After obtaining the administrator's username and ... | | |
| CVE-2024-39946 | A vulnerability has been found in Dahua products.After obtaining the administrator's username and pa... | | |
| CVE-2024-39947 | A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and pa... | | |
| CVE-2024-39948 | A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets ... | | |
| CVE-2024-39949 | A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets ... | | |
| CVE-2024-39950 | A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets ... | | |
| CVE-2024-39962 | D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a rem... | | |
| CVE-2024-39963 | AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router... | | |
| CVE-2024-39967 | Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via u... | |