| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-40034 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40035 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40036 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40037 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40038 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40039 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40051 | IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file na... | E | |
| CVE-2024-40060 | go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.... | E | |
| CVE-2024-40068 | Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2024-40069 | Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting ... | E | |
| CVE-2024-40070 | Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vul... | E | |
| CVE-2024-40071 | Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vul... | E | |
| CVE-2024-40072 | Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2024-40073 | Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2024-40074 | Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting ... | E | |
| CVE-2024-40075 | Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability.... | | |
| CVE-2024-40083 | A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System... | | |
| CVE-2024-40084 | A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauth... | | |
| CVE-2024-40085 | A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System ... | | |
| CVE-2024-40086 | A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh Wi... | | |
| CVE-2024-40087 | Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication i... | | |
| CVE-2024-40088 | A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 all... | | |
| CVE-2024-40089 | A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticat... | | |
| CVE-2024-40090 | Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in... | | |
| CVE-2024-40091 | Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote,... | | |
| CVE-2024-40094 | GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (E... | | |
| CVE-2024-40096 | The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensi... | | |
| CVE-2024-40101 | A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and ea... | S | |
| CVE-2024-40110 | Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution... | E | |
| CVE-2024-40111 | A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-... | E | |
| CVE-2024-40116 | An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext p... | | |
| CVE-2024-40117 | Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers t... | | |
| CVE-2024-40119 | Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Si... | | |
| CVE-2024-40120 | seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_... | | |
| CVE-2024-40124 | Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.... | E | |
| CVE-2024-40125 | An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS... | E | |
| CVE-2024-40129 | Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.... | E S | |
| CVE-2024-40130 | open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.... | E S | |
| CVE-2024-40137 | Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulner... | | |
| CVE-2024-40239 | An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physi... | | |
| CVE-2024-40240 | An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically ... | | |
| CVE-2024-40318 | An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitr... | E | |
| CVE-2024-40322 | An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_d... | E | |
| CVE-2024-40324 | A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and L... | E | |
| CVE-2024-40328 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40329 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40331 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40332 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | | |
| CVE-2024-40333 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40334 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/... | E | |
| CVE-2024-40336 | idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'... | E | |
| CVE-2024-40347 | A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows a... | E | |
| CVE-2024-40348 | An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to... | | |
| CVE-2024-40391 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-40392 | SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework w... | | |
| CVE-2024-40393 | Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL in... | E | |
| CVE-2024-40394 | Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary... | | |
| CVE-2024-40395 | An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitiv... | | |
| CVE-2024-40400 | An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attacke... | | |
| CVE-2024-40402 | A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management Sy... | E | |
| CVE-2024-40404 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control i... | | |
| CVE-2024-40405 | Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers ... | | |
| CVE-2024-40407 | A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to... | | |
| CVE-2024-40408 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control i... | | |
| CVE-2024-40410 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptog... | | |
| CVE-2024-40412 | Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410... | | |
| CVE-2024-40414 | A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmw... | | |
| CVE-2024-40415 | A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmw... | | |
| CVE-2024-40416 | A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 fir... | | |
| CVE-2024-40417 | A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetReb... | | |
| CVE-2024-40420 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-36694. Reason: This record is a du... | R | |
| CVE-2024-40422 | The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susc... | E | |
| CVE-2024-40425 | File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 ... | | |
| CVE-2024-40427 | Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploi... | E | |
| CVE-2024-40430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-40431 | A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the impl... | | |
| CVE-2024-40432 | A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the impl... | | |
| CVE-2024-40433 | Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privile... | | |
| CVE-2024-40441 | An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Docc... | | |
| CVE-2024-40442 | An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Docc... | | |
| CVE-2024-40443 | SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows ... | E | |
| CVE-2024-40445 | A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Wind... | | |
| CVE-2024-40446 | An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafte... | | |
| CVE-2024-40453 | squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulne... | E S | |
| CVE-2024-40455 | An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary file... | E | |
| CVE-2024-40456 | ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \... | E | |
| CVE-2024-40457 | No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line o... | | |
| CVE-2024-40458 | An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privilege... | | |
| CVE-2024-40459 | An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privile... | | |
| CVE-2024-40460 | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOB... | | |
| CVE-2024-40461 | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STO... | E | |
| CVE-2024-40462 | An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SET... | E | |
| CVE-2024-40464 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMai... | | |
| CVE-2024-40465 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCach... | | |
| CVE-2024-40472 | Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calori... | | |
| CVE-2024-40473 | A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester... | E | |
| CVE-2024-40474 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester ... | | |
| CVE-2024-40475 | SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control vi... | | |
| CVE-2024-40476 | A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Mana... | | |
| CVE-2024-40477 | A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Manag... | E | |
| CVE-2024-40478 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara O... | E | |
| CVE-2024-40479 | A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allo... | | |
| CVE-2024-40480 | A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kas... | | |
| CVE-2024-40481 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGuruk... | E | |
| CVE-2024-40482 | An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Li... | E | |
| CVE-2024-40484 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul ... | E | |
| CVE-2024-40486 | A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote... | E | |
| CVE-2024-40487 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Me... | E | |
| CVE-2024-40488 | A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System ... | E | |
| CVE-2024-40490 | An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via... | | |
| CVE-2024-40492 | Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute ar... | | |
| CVE-2024-40493 | Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 ... | E | |
| CVE-2024-40494 | Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause... | | |
| CVE-2024-40495 | A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated at... | | |
| CVE-2024-40498 | SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attac... | | |
| CVE-2024-40500 | Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local at... | E | |
| CVE-2024-40502 | SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote at... | E | |
| CVE-2024-40503 | An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via t... | | |
| CVE-2024-40505 | Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to esca... | | |
| CVE-2024-40506 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | E | |
| CVE-2024-40507 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | E | |
| CVE-2024-40508 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | E | |
| CVE-2024-40509 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | | |
| CVE-2024-40510 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | | |
| CVE-2024-40511 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | E | |
| CVE-2024-40512 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensiti... | E | |
| CVE-2024-40513 | An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the ... | | |
| CVE-2024-40514 | Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escal... | | |
| CVE-2024-40515 | An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker ... | | |
| CVE-2024-40516 | An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker t... | | |
| CVE-2024-40518 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.p... | E | |
| CVE-2024-40519 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php... | E | |
| CVE-2024-40520 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_m... | E | |
| CVE-2024-40521 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that alt... | E | |
| CVE-2024-40522 | There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomeb... | E | |
| CVE-2024-40524 | Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitr... | | |
| CVE-2024-40530 | A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass ... | | |
| CVE-2024-40531 | A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows... | | |
| CVE-2024-40535 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow v... | | |
| CVE-2024-40536 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow ... | | |
| CVE-2024-40539 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability vi... | E | |
| CVE-2024-40540 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability vi... | E | |
| CVE-2024-40541 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability vi... | E | |
| CVE-2024-40542 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability vi... | E | |
| CVE-2024-40543 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the compo... | E | |
| CVE-2024-40544 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the compo... | E | |
| CVE-2024-40545 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0... | E | |
| CVE-2024-40546 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202... | E | |
| CVE-2024-40547 | PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerabilit... | E | |
| CVE-2024-40548 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.20... | E | |
| CVE-2024-40549 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4... | E | |
| CVE-2024-40550 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Publ... | E | |
| CVE-2024-40551 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.... | E | |
| CVE-2024-40552 | PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability vi... | E | |
| CVE-2024-40553 | Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUs... | | |
| CVE-2024-40554 | An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information.... | | |
| CVE-2024-40555 | Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability.... | | |
| CVE-2024-40560 | Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.... | | |
| CVE-2024-40568 | Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c... | | |
| CVE-2024-40575 | An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to... | | |
| CVE-2024-40576 | Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attack... | E | |
| CVE-2024-40579 | Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a... | | |
| CVE-2024-40582 | Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.... | E | |
| CVE-2024-40583 | Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.... | E | |
| CVE-2024-40584 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | S | |
| CVE-2024-40585 | An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager versio... | S | |
| CVE-2024-40586 | An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2... | S | |
| CVE-2024-40587 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | S | |
| CVE-2024-40590 | An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2... | S | |
| CVE-2024-40591 | An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 t... | S | |
| CVE-2024-40592 | An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS ver... | S | |
| CVE-2024-40594 | The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations... | | |
| CVE-2024-40595 | An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Session... | | |
| CVE-2024-40596 | An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investi... | | |
| CVE-2024-40597 | An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppr... | | |
| CVE-2024-40598 | An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose ... | | |
| CVE-2024-40599 | An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via Me... | E | |
| CVE-2024-40600 | An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via ... | E | |
| CVE-2024-40601 | An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur ... | | |
| CVE-2024-40602 | An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via Medi... | | |
| CVE-2024-40603 | An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:Change... | | |
| CVE-2024-40604 | An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via Med... | E | |
| CVE-2024-40605 | An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via... | E | |
| CVE-2024-40614 | EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGr... | S | |
| CVE-2024-40616 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-40617 | Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remot... | | |
| CVE-2024-40618 | Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper ... | | |
| CVE-2024-40619 | Rockwell Automation GuardLogix/ControlLogix 5580 Controller denial-of-service Vulnerability via Malformed Packet Handling | S | |
| CVE-2024-40620 | Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol | S | |
| CVE-2024-40624 | Deserialization of untrusted data in torrentpier/torrentpier | | |
| CVE-2024-40626 | Stored Cross-site Scripting (XSS) vulnerability in Outline editor | | |
| CVE-2024-40627 | OpaMiddleware does not filter HTTP OPTIONS requests | | |
| CVE-2024-40628 | Arbitrary File Read in Ansible Playbooks in Jumpserver | | |
| CVE-2024-40629 | Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver | | |
| CVE-2024-40630 | HEIF Heap OOB Read in OpenImageIO | | |
| CVE-2024-40631 | Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media | | |
| CVE-2024-40632 | Linkerd potential access to the shutdown endpoint | | |
| CVE-2024-40633 | Customer data leak via adjustments API endpoint in Sylius | | |
| CVE-2024-40634 | Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint | E S | |
| CVE-2024-40635 | containerd has an integer overflow in User ID handling | | |
| CVE-2024-40636 | Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness | | |
| CVE-2024-40637 | Implicit override for built-in materializations from installed packages in dbt-core | E S | |
| CVE-2024-40638 | GLPI allows account takeover via SQL Injection in AJAX scripts | | |
| CVE-2024-40639 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2024-40640 | Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac | | |
| CVE-2024-40641 | Unsigned code template execution through workflows in projectdiscovery/nuclei | | |
| CVE-2024-40642 | Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp | | |
| CVE-2024-40643 | Joplin has a parsing error leading to Cross-site Scripting (XSS) | E S | |
| CVE-2024-40644 | gitoxide's gix-path can use a fake program files location | | |
| CVE-2024-40645 | FOG Authenticated File Upload RCE | E S | |
| CVE-2024-40647 | Unintentional exposure of environment variables to subprocesses in sentry-sdk | | |
| CVE-2024-40648 | `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk | | |
| CVE-2024-40649 | In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead ... | | |
| CVE-2024-40650 | In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FR... | S | |
| CVE-2024-40651 | In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead ... | | |
| CVE-2024-40652 | In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app whi... | S | |
| CVE-2024-40654 | In multiple locations, there is a possible permission bypass due to a confused deputy. This could le... | S | |
| CVE-2024-40655 | In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maint... | S | |
| CVE-2024-40656 | In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to revea... | S | |
| CVE-2024-40657 | In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable app... | S | |
| CVE-2024-40658 | In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a h... | S | |
| CVE-2024-40659 | In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable... | S | |
| CVE-2024-40660 | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display at... | S | |
| CVE-2024-40661 | In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to acces... | S | |
| CVE-2024-40662 | In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input... | S | |
| CVE-2024-40669 | In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local ... | | |
| CVE-2024-40670 | In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local ... | | |
| CVE-2024-40671 | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code e... | | |
| CVE-2024-40672 | In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due... | | |
| CVE-2024-40673 | In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by mani... | | |
| CVE-2024-40674 | In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configur... | | |
| CVE-2024-40675 | In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validati... | | |
| CVE-2024-40676 | In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security c... | | |
| CVE-2024-40677 | In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass facto... | | |
| CVE-2024-40679 | IBM Db2 information disclosure | | |
| CVE-2024-40680 | IBM MQ denial of service | | |
| CVE-2024-40681 | IBM MQ security bypass | | |
| CVE-2024-40689 | IBM InfoSphere Information Server SQL injection | | |
| CVE-2024-40690 | IBM InfoSphere Server cross-site scripting | | |
| CVE-2024-40691 | IBM Cognos Controller file upload | | |
| CVE-2024-40693 | IBM Planning Analytics file upload | | |
| CVE-2024-40695 | IBM Cognos Analytics file upload | | |
| CVE-2024-40696 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2024-40697 | IBM Common Licensing information disclosure | | |
| CVE-2024-40700 | IBM Security Verify Access cross-site scripting | | |
| CVE-2024-40702 | IBM Cognos Controller improper certificate validation | | |
| CVE-2024-40703 | IBM Cognos Analytics information disclosure | S | |
| CVE-2024-40704 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2024-40705 | IBM InfoSphere Information Server denial of service | | |
| CVE-2024-40706 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2024-40709 | A missing authorization vulnerability allows a local low-privileged user on the machine to escalate ... | | |
| CVE-2024-40710 | A series of related high-severity vulnerabilities, the most notable enabling remote code execution (... | | |
| CVE-2024-40711 | A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthentica... | KEV E | |
| CVE-2024-40712 | A path traversal vulnerability allows an attacker with a low-privileged account and local access to ... | | |
| CVE-2024-40713 | A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup &... | | |
| CVE-2024-40714 | An improper certificate validation vulnerability in TLS certificate validation allows an attacker on... | | |
| CVE-2024-40715 | A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows a... | | |
| CVE-2024-40717 | A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to per... | | |
| CVE-2024-40718 | A server side request forgery vulnerability allows a low-privileged user to perform local privilege ... | | |
| CVE-2024-40719 | CHANGING Information Technology TCBServiSign Windows Version - Inadequate Encryption Strength | S | |
| CVE-2024-40720 | CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation | S | |
| CVE-2024-40721 | CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation | S | |
| CVE-2024-40722 | CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow | S | |
| CVE-2024-40723 | CHANGING Information Technology HWATAIServiSign Windows Version - Stack-based Buffer Overflow | S | |
| CVE-2024-40724 | Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker t... | S | |
| CVE-2024-40725 | Apache HTTP Server: source code disclosure with handlers configured via AddType | | |
| CVE-2024-40726 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40727 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40728 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40729 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40730 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40731 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40732 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40733 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40734 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40735 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40736 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40737 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40738 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40739 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40740 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40741 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40742 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we... | E | |
| CVE-2024-40743 | [20240805] - Core - XSS vectors in Outputfilter::strip* methods | | |
| CVE-2024-40744 | Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8 | | |
| CVE-2024-40745 | Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component for Joomla < 4.4.8 | | |
| CVE-2024-40746 | Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1 | | |
| CVE-2024-40747 | [20250101] - Core - XSS vectors in module chromes | | |
| CVE-2024-40748 | [20250102] - Core - XSS vector in the id attribute of menu lists | | |
| CVE-2024-40749 | [20250103] - Core - Read ACL violation in multiple core views | | |
| CVE-2024-40750 | Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi pass... | | |
| CVE-2024-40754 | Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Ov... | | |
| CVE-2024-40761 | Apache Answer: Avatar URL leaked user email addresses | | |
| CVE-2024-40762 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentica... | | |
| CVE-2024-40763 | Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. Th... | | |
| CVE-2024-40764 | Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote a... | M | |
| CVE-2024-40765 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in ... | | |
| CVE-2024-40766 | An improper access control vulnerability has been identified in the SonicWall SonicOS management acc... | KEV | |
| CVE-2024-40767 | In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format i... | E | |
| CVE-2024-40770 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-40771 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS... | | |
| CVE-2024-40774 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2024-40775 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2024-40776 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.... | | |
| CVE-2024-40777 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO... | | |
| CVE-2024-40778 | An authentication issue was addressed with improved state management. This issue is fixed in macOS S... | | |
| CVE-2024-40779 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9... | | |
| CVE-2024-40780 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9... | | |
| CVE-2024-40781 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monter... | | |
| CVE-2024-40782 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.... | | |
| CVE-2024-40783 | The issue was addressed with improved restriction of data container access. This issue is fixed in m... | | |
| CVE-2024-40784 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 ... | | |
| CVE-2024-40785 | This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, ... | | |
| CVE-2024-40786 | This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPad... | | |
| CVE-2024-40787 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2024-40788 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.... | | |
| CVE-2024-40789 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO... | | |
| CVE-2024-40790 | The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app ... | | |
| CVE-2024-40791 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-40792 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-40793 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPad... | | |
| CVE-2024-40794 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6... | | |
| CVE-2024-40795 | This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS S... | | |
| CVE-2024-40796 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-40797 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2024-40798 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2024-40799 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS... | | |
| CVE-2024-40800 | An input validation issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2024-40801 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2024-40802 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monter... | | |
| CVE-2024-40803 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6,... | | |
| CVE-2024-40804 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious ... | | |
| CVE-2024-40805 | A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6,... | | |
| CVE-2024-40806 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS... | | |
| CVE-2024-40807 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Mo... | | |
| CVE-2024-40809 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.... | | |
| CVE-2024-40810 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2024-40811 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may b... | | |
| CVE-2024-40812 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.... | | |
| CVE-2024-40813 | A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.... | | |
| CVE-2024-40814 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2024-40815 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6... | | |
| CVE-2024-40816 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Son... | | |
| CVE-2024-40817 | The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari ... | | |
| CVE-2024-40818 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in i... | | |
| CVE-2024-40821 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Son... | | |
| CVE-2024-40822 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in w... | | |
| CVE-2024-40823 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monter... | | |
| CVE-2024-40824 | This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, mac... | | |
| CVE-2024-40825 | The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A... | | |
| CVE-2024-40826 | A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPa... | | |
| CVE-2024-40827 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monter... | | |
| CVE-2024-40828 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monter... | | |
| CVE-2024-40829 | The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPad... | | |
| CVE-2024-40830 | This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18.... | | |
| CVE-2024-40831 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-40832 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may b... | | |
| CVE-2024-40833 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7... | | |
| CVE-2024-40834 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2024-40835 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.... | | |
| CVE-2024-40836 | A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma ... | | |
| CVE-2024-40837 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-40838 | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed ... | | |
| CVE-2024-40839 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPad... | | |
| CVE-2024-40840 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS... | | |
| CVE-2024-40841 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2024-40842 | An issue was addressed with improved validation of environment variables. This issue is fixed in mac... | | |
| CVE-2024-40843 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be... | | |
| CVE-2024-40844 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS ... | | |
| CVE-2024-40845 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, mac... | | |
| CVE-2024-40846 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, mac... | | |
| CVE-2024-40847 | The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Vent... | | |
| CVE-2024-40848 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2024-40850 | A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventu... | | |
| CVE-2024-40851 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in i... | | |
| CVE-2024-40852 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in i... | | |
| CVE-2024-40853 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in i... | | |
| CVE-2024-40854 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO... | | |
| CVE-2024-40855 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Seq... | | |
| CVE-2024-40856 | An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18... | | |
| CVE-2024-40857 | This issue was addressed through improved state management. This issue is fixed in Safari 18, vision... | | |
| CVE-2024-40859 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-40860 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Se... | | |
| CVE-2024-40861 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be... | | |
| CVE-2024-40862 | A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attack... | | |
| CVE-2024-40863 | This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18.... | | |
| CVE-2024-40864 | The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13... | | |
| CVE-2024-40865 | The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fix... | | |
| CVE-2024-40866 | The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiti... | | |
| CVE-2024-40867 | A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed... | | |
| CVE-2024-40872 | Elevation of privilege in Absolute Secure Access clients and servers | | |
| CVE-2024-40873 | XSS in Secure Access administrative console | | |
| CVE-2024-40875 | Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.52 | | |
| CVE-2024-40883 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious ... | | |
| CVE-2024-40884 | Unauthorized disabling of invite URL | S | |
| CVE-2024-40885 | Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user ... | | |
| CVE-2024-40886 | One-click Client-Side Path Traversal Leading to CSRF in User Management admin page | S | |
| CVE-2024-40887 | Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before ... | | |
| CVE-2024-40890 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI progr... | KEV | |
| CVE-2024-40891 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the managemen... | KEV | |
| CVE-2024-40892 | Firewalla BTLE Weak Credentials | E | |
| CVE-2024-40893 | Firewalla BTLE Authenticated Command Injection | E | |
| CVE-2024-40895 | FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0... | | |
| CVE-2024-40896 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produc... | | |
| CVE-2024-40897 | Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a... | | |
| CVE-2024-40898 | Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows | | |
| CVE-2024-40899 | cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() | S | |
| CVE-2024-40900 | cachefiles: remove requests from xarray during flushing requests | | |
| CVE-2024-40901 | scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory | S | |
| CVE-2024-40902 | jfs: xattr: fix buffer overflow for invalid xattr | S | |
| CVE-2024-40903 | usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps | S | |
| CVE-2024-40904 | USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages | S | |
| CVE-2024-40905 | ipv6: fix possible race in __fib6_drop_pcpu_from() | S | |
| CVE-2024-40906 | net/mlx5: Always stop health timer during driver removal | S | |
| CVE-2024-40907 | ionic: fix kernel panic in XDP_TX action | S | |
| CVE-2024-40908 | bpf: Set run context for rawtp test_run callback | | |
| CVE-2024-40909 | bpf: Fix a potential use-after-free in bpf_link_free() | S | |
| CVE-2024-40910 | ax25: Fix refcount imbalance on inbound connections | S | |
| CVE-2024-40911 | wifi: cfg80211: Lock wiphy in cfg80211_get_station | S | |
| CVE-2024-40912 | wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() | S | |
| CVE-2024-40913 | cachefiles: defer exposing anon_fd until after copy_to_user() succeeds | | |
| CVE-2024-40914 | mm/huge_memory: don't unpoison huge_zero_folio | | |
| CVE-2024-40915 | riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context | | |
| CVE-2024-40916 | drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found | | |
| CVE-2024-40917 | memblock: make memblock_set_node() also warn about use of MAX_NUMNODES | | |
| CVE-2024-40918 | parisc: Try to fix random segmentation faults in package builds | | |
| CVE-2024-40919 | bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() | S | |
| CVE-2024-40920 | net: bridge: mst: fix suspicious rcu usage in br_mst_set_state | | |
| CVE-2024-40921 | net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state | | |
| CVE-2024-40922 | io_uring/rsrc: don't lock while !TASK_RUNNING | | |
| CVE-2024-40923 | vmxnet3: disable rx data ring on dma allocation failure | | |
| CVE-2024-40924 | drm/i915/dpt: Make DPT object unshrinkable | | |
| CVE-2024-40925 | block: fix request.queuelist usage in flush | | |
| CVE-2024-40926 | drm/nouveau: don't attempt to schedule hpd_work on headless cards | S | |
| CVE-2024-40927 | xhci: Handle TD clearing for multiple streams case | | |
| CVE-2024-40928 | net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() | S | |
| CVE-2024-40929 | wifi: iwlwifi: mvm: check n_ssids before accessing the ssids | | |
| CVE-2024-40930 | wifi: cfg80211: validate HE operation element parsing | | |
| CVE-2024-40931 | mptcp: ensure snd_una is properly initialized on connect | S | |
| CVE-2024-40932 | drm/exynos/vidi: fix memory leak in .get_modes() | S | |
| CVE-2024-40933 | iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe() | S | |
| CVE-2024-40934 | HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() | S | |
| CVE-2024-40935 | cachefiles: flush all requests after setting CACHEFILES_DEAD | | |
| CVE-2024-40936 | cxl/region: Fix memregion leaks in devm_cxl_add_region() | S | |
| CVE-2024-40937 | gve: Clear napi->skb before dev_kfree_skb_any() | | |
| CVE-2024-40938 | landlock: Fix d_parent walk | | |
| CVE-2024-40939 | net: wwan: iosm: Fix tainted pointer delete is case of region creation fail | | |
| CVE-2024-40940 | net/mlx5: Fix tainted pointer delete is case of flow rules creation fail | | |
| CVE-2024-40941 | wifi: iwlwifi: mvm: don't read past the mfuart notifcation | | |
| CVE-2024-40942 | wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects | | |
| CVE-2024-40943 | ocfs2: fix races between hole punching and AIO+DIO | | |
| CVE-2024-40944 | x86/kexec: Fix bug with call depth tracking | | |
| CVE-2024-40945 | iommu: Return right value in iommu_sva_bind_device() | S | |
| CVE-2024-40946 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-40947 | ima: Avoid blocking in RCU read-side critical section | S | |
| CVE-2024-40948 | mm/page_table_check: fix crash on ZONE_DEVICE | | |
| CVE-2024-40949 | mm: shmem: fix getting incorrect lruvec when replacing a shmem folio | | |
| CVE-2024-40950 | mm: huge_memory: fix misused mapping_large_folio_support() for anon folios | | |
| CVE-2024-40951 | ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() | S | |
| CVE-2024-40952 | ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() | S | |
| CVE-2024-40953 | KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() | | |
| CVE-2024-40954 | net: do not leave a dangling sk pointer, when socket creation fails | S | |
| CVE-2024-40955 | ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists() | S | |
| CVE-2024-40956 | dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list | S | |
| CVE-2024-40957 | seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors | S | |
| CVE-2024-40958 | netns: Make get_net_ns() handle zero refcount net | S | |
| CVE-2024-40959 | xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() | S | |
| CVE-2024-40960 | ipv6: prevent possible NULL dereference in rt6_probe() | S | |
| CVE-2024-40961 | ipv6: prevent possible NULL deref in fib6_nh_init() | S | |
| CVE-2024-40962 | btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes | S | |
| CVE-2024-40963 | mips: bmips: BCM6358: make sure CBR is correctly set | | |
| CVE-2024-40964 | ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() | S | |
| CVE-2024-40965 | i2c: lpi2c: Avoid calling clk_get_rate during transfer | S | |
| CVE-2024-40966 | tty: add the option to have a tty reject a new ldisc | | |
| CVE-2024-40967 | serial: imx: Introduce timeout when waiting on transmitter empty | S | |
| CVE-2024-40968 | MIPS: Octeon: Add PCIe link status check | | |
| CVE-2024-40969 | f2fs: don't set RO when shutting down f2fs | S | |
| CVE-2024-40970 | Avoid hw_desc array overrun in dw-axi-dmac | S | |
| CVE-2024-40971 | f2fs: remove clear SB_INLINECRYPT flag in default_options | | |
| CVE-2024-40972 | ext4: do not create EA inode under buffer lock | S | |
| CVE-2024-40973 | media: mtk-vcodec: potential null pointer deference in SCP | S | |
| CVE-2024-40974 | powerpc/pseries: Enforce hcall result buffer validity and size | | |
| CVE-2024-40975 | platform/x86: x86-android-tablets: Unregister devices in reverse order | | |
| CVE-2024-40976 | drm/lima: mask irqs in timeout path before hard reset | | |
| CVE-2024-40977 | wifi: mt76: mt7921s: fix potential hung tasks during chip recovery | S | |
| CVE-2024-40978 | scsi: qedi: Fix crash while reading debugfs attribute | | |
| CVE-2024-40979 | wifi: ath12k: fix kernel crash during resume | | |
| CVE-2024-40980 | drop_monitor: replace spin_lock by raw_spin_lock | S | |
| CVE-2024-40981 | batman-adv: bypass empty buckets in batadv_purge_orig_ref() | S | |
| CVE-2024-40982 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-40983 | tipc: force a dst refcount before doing decryption | | |
| CVE-2024-40984 | ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." | S | |
| CVE-2024-40985 | net/tcp_ao: Don't leak ao_info on error-path | | |
| CVE-2024-40986 | dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr() | | |
| CVE-2024-40987 | drm/amdgpu: fix UBSAN warning in kv_dpm.c | | |
| CVE-2024-40988 | drm/radeon: fix UBSAN warning in kv_dpm.c | | |
| CVE-2024-40989 | KVM: arm64: Disassociate vcpus from redistributor region on teardown | | |
| CVE-2024-40990 | RDMA/mlx5: Add check for srq max_sge attribute | | |
| CVE-2024-40991 | dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() | | |
| CVE-2024-40992 | RDMA/rxe: Fix responder length checking for UD request packets | | |
| CVE-2024-40993 | netfilter: ipset: Fix suspicious rcu_dereference_protected() | | |
| CVE-2024-40994 | ptp: fix integer overflow in max_vclocks_store | S | |
| CVE-2024-40995 | net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() | S | |
| CVE-2024-40996 | bpf: Avoid splat in pskb_pull_reason | S | |
| CVE-2024-40997 | cpufreq: amd-pstate: fix memory leak on CPU EPP exit | S | |
| CVE-2024-40998 | ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() | | |
| CVE-2024-40999 | net: ena: Add validation for completion descriptors consistency | |