| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-41000 | block/ioctl: prefer different overflow check | S | |
| CVE-2024-41001 | io_uring/sqpoll: work around a potential audit memory leak | S | |
| CVE-2024-41002 | crypto: hisilicon/sec - Fix memory leak for sec resource release | S | |
| CVE-2024-41003 | bpf: Fix reg_set_min_max corruption of fake_reg | | |
| CVE-2024-41004 | tracing: Build event generation tests only as modules | | |
| CVE-2024-41005 | netpoll: Fix race condition in netpoll_owner_active | | |
| CVE-2024-41006 | netrom: Fix a memory leak in nr_heartbeat_expiry() | S | |
| CVE-2024-41007 | tcp: avoid too many retransmit packets | S | |
| CVE-2024-41008 | drm/amdgpu: change vm->task_info handling | | |
| CVE-2024-41009 | bpf: Fix overrunning reservations in ringbuf | S | |
| CVE-2024-41010 | bpf: Fix too early release of tcx_entry | S | |
| CVE-2024-41011 | drm/amdkfd: don't allow mapping the MMIO HDP page with large pages | S | |
| CVE-2024-41012 | filelock: Remove locks reliably when fcntl/close race is detected | S | |
| CVE-2024-41013 | xfs: don't walk off the end of a directory data block | | |
| CVE-2024-41014 | xfs: add bounds checking to xlog_recover_process_data | S | |
| CVE-2024-41015 | ocfs2: add bounds checking to ocfs2_check_dir_entry() | | |
| CVE-2024-41016 | ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() | | |
| CVE-2024-41017 | jfs: don't walk off the end of ealist | | |
| CVE-2024-41018 | fs/ntfs3: Add a check for attr_names and oatbl | | |
| CVE-2024-41019 | fs/ntfs3: Validate ff offset | | |
| CVE-2024-41020 | filelock: Fix fcntl/close race recovery compat path | | |
| CVE-2024-41021 | s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() | | |
| CVE-2024-41022 | drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() | | |
| CVE-2024-41023 | sched/deadline: Fix task_struct reference leak | S | |
| CVE-2024-41024 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-41025 | misc: fastrpc: Fix memory leak in audio daemon attach operation | S | |
| CVE-2024-41026 | mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length | | |
| CVE-2024-41027 | Fix userfaultfd_api to return EINVAL as expected | | |
| CVE-2024-41028 | platform/x86: toshiba_acpi: Fix array out-of-bounds access | S | |
| CVE-2024-41029 | nvmem: core: limit cell sysfs permissions to main attribute ones | | |
| CVE-2024-41030 | ksmbd: discard write access to the directory open | | |
| CVE-2024-41031 | mm/filemap: skip to create PMD-sized page cache if needed | | |
| CVE-2024-41032 | mm: vmalloc: check if a hash-index is in cpu_possible_mask | | |
| CVE-2024-41033 | cachestat: do not flush stats in recency check | | |
| CVE-2024-41034 | nilfs2: fix kernel bug on rename operation of broken directory | | |
| CVE-2024-41035 | USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor | | |
| CVE-2024-41036 | net: ks8851: Fix deadlock with the SPI chip variant | S | |
| CVE-2024-41037 | ASoC: SOF: Intel: hda: fix null deref on system suspend entry | S | |
| CVE-2024-41038 | firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers | S | |
| CVE-2024-41039 | firmware: cs_dsp: Fix overflow checking of wmfw header | S | |
| CVE-2024-41040 | net/sched: Fix UAF when resolving a clash | S | |
| CVE-2024-41041 | udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). | | |
| CVE-2024-41042 | netfilter: nf_tables: prefer nft_chain_validate | | |
| CVE-2024-41043 | netfilter: nfnetlink_queue: drop bogus WARN_ON | | |
| CVE-2024-41044 | ppp: reject claimed-as-LCP but actually malformed packets | | |
| CVE-2024-41045 | bpf: Defer work in bpf_timer_cancel_and_free | | |
| CVE-2024-41046 | net: ethernet: lantiq_etop: fix double free in detach | S | |
| CVE-2024-41047 | i40e: Fix XDP program unloading while removing the driver | | |
| CVE-2024-41048 | skmsg: Skip zero length skb in sk_msg_recvmsg | S | |
| CVE-2024-41049 | filelock: fix potential use-after-free in posix_lock_inode | S | |
| CVE-2024-41050 | cachefiles: cyclic allocation of msg_id to avoid reuse | | |
| CVE-2024-41051 | cachefiles: wait for ondemand_object_worker to finish when dropping object | | |
| CVE-2024-41052 | vfio/pci: Init the count variable in collecting hot-reset devices | S | |
| CVE-2024-41053 | scsi: ufs: core: Fix ufshcd_abort_one racing issue | S | |
| CVE-2024-41054 | scsi: ufs: core: Fix ufshcd_clear_cmd racing issue | S | |
| CVE-2024-41055 | mm: prevent derefencing NULL ptr in pfn_section_valid() | S | |
| CVE-2024-41056 | firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files | | |
| CVE-2024-41057 | cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() | S | |
| CVE-2024-41058 | cachefiles: fix slab-use-after-free in fscache_withdraw_volume() | S | |
| CVE-2024-41059 | hfsplus: fix uninit-value in copy_name | S | |
| CVE-2024-41060 | drm/radeon: check bo_va->bo is non-NULL before using it | S | |
| CVE-2024-41061 | drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport | S | |
| CVE-2024-41062 | bluetooth/l2cap: sync sock recv cb and release | | |
| CVE-2024-41063 | Bluetooth: hci_core: cancel all works upon hci_unregister_dev() | S | |
| CVE-2024-41064 | powerpc/eeh: avoid possible crash when edev->pdev changes | S | |
| CVE-2024-41065 | powerpc/pseries: Whitelist dtl slub object for copying to userspace | | |
| CVE-2024-41066 | ibmvnic: Add tx check to prevent skb leak | S | |
| CVE-2024-41067 | btrfs: scrub: handle RST lookup error correctly | | |
| CVE-2024-41068 | s390/sclp: Fix sclp_init() cleanup on failure | | |
| CVE-2024-41069 | ASoC: topology: Fix references to freed memory | | |
| CVE-2024-41070 | KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() | S | |
| CVE-2024-41071 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-41072 | wifi: cfg80211: wext: add extra SIOCSIWSCAN data check | | |
| CVE-2024-41073 | nvme: avoid double free special payload | S | |
| CVE-2024-41074 | cachefiles: Set object to close if ondemand_id < 0 in copen | | |
| CVE-2024-41075 | cachefiles: add consistency check for copen/cread | | |
| CVE-2024-41076 | NFSv4: Fix memory leak in nfs4_set_security_label | S | |
| CVE-2024-41077 | null_blk: fix validation of block size | S | |
| CVE-2024-41078 | btrfs: qgroup: fix quota root leak after quota disable failure | | |
| CVE-2024-41079 | nvmet: always initialize cqe.result | | |
| CVE-2024-41080 | io_uring: fix possible deadlock in io_register_iowq_max_workers() | S | |
| CVE-2024-41081 | ila: block BH in ila_output() | | |
| CVE-2024-41082 | nvme-fabrics: use reserved tag for reg read/write command | | |
| CVE-2024-41083 | netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid | S | |
| CVE-2024-41084 | cxl/region: Avoid null pointer dereference in region lookup | S | |
| CVE-2024-41085 | cxl/mem: Fix no cxl_nvd during pmem region auto-assembling | S | |
| CVE-2024-41086 | bcachefs: Fix sb_field_downgrade validation | | |
| CVE-2024-41087 | ata: libata-core: Fix double free on error | S | |
| CVE-2024-41088 | can: mcp251xfd: fix infinite loop when xmit fails | S | |
| CVE-2024-41089 | drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes | S | |
| CVE-2024-41090 | tap: add missing verification for short frame | | |
| CVE-2024-41091 | tun: add missing verification for short frame | | |
| CVE-2024-41092 | drm/i915/gt: Fix potential UAF by revoke of fence registers | S | |
| CVE-2024-41093 | drm/amdgpu: avoid using null object of framebuffer | S | |
| CVE-2024-41094 | drm/fbdev-dma: Only set smem_start is enable per module option | S | |
| CVE-2024-41095 | drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes | S | |
| CVE-2024-41096 | PCI/MSI: Fix UAF in msi_capability_init | S | |
| CVE-2024-41097 | usb: atm: cxacru: fix endpoint checking in cxacru_bind() | S | |
| CVE-2024-41098 | ata: libata-core: Fix null pointer dereference on error | S | |
| CVE-2024-41107 | Apache CloudStack: SAML Signature Exclusion | M | |
| CVE-2024-41108 | FOG Sensitive Information Disclosure | E | |
| CVE-2024-41109 | Pimcore vulnerable to disclosure of system and database information behind /admin firewall | | |
| CVE-2024-41110 | Moby authz zero length regression | | |
| CVE-2024-41111 | BishopFox Sliver Authenticated Remote Code Execution | | |
| CVE-2024-41112 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette | E S | |
| CVE-2024-41113 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params | E S | |
| CVE-2024-41114 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option | E S | |
| CVE-2024-41115 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette | E S | |
| CVE-2024-41116 | Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params | E S | |
| CVE-2024-41117 | Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py | E S | |
| CVE-2024-41118 | streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py | E S | |
| CVE-2024-41119 | streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py | E S | |
| CVE-2024-41120 | streamlit-geospatial blind SSRF in pages/9_🔲_Vector_Data_Visualization.py | E S | |
| CVE-2024-41121 | Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker | S | |
| CVE-2024-41122 | Custom environment variables allow to alter execution flow of plugins in Woodpecker | S | |
| CVE-2024-41123 | REXML DoS vulnerability | | |
| CVE-2024-41124 | Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` | | |
| CVE-2024-41125 | Out-of-bounds read in SNMP when decoding a string in Contiki-NG | S | |
| CVE-2024-41126 | Out-of-bounds read when decoding SNMP messages in Contiki-NG | S | |
| CVE-2024-41127 | Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access. | E S | |
| CVE-2024-41128 | Action Dispatch has possible ReDoS vulnerability in query parameter filtering | | |
| CVE-2024-41129 | The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command | | |
| CVE-2024-41130 | llama.cpp null pointer dereference in gguf_init_from_file | | |
| CVE-2024-41131 | Out-of-bounds Write in SixLabors ImageSharp | S | |
| CVE-2024-41132 | SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder | S | |
| CVE-2024-41133 | Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface | | |
| CVE-2024-41134 | Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface | | |
| CVE-2024-41135 | Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface | | |
| CVE-2024-41136 | Authenticated Command Injection in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface | | |
| CVE-2024-41138 | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Mi... | | |
| CVE-2024-41139 | Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210... | | |
| CVE-2024-41140 | Improper Authorization | | |
| CVE-2024-41141 | Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple ... | | |
| CVE-2024-41143 | Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. I... | | |
| CVE-2024-41144 | Malicious remote can create/update/delete arbitrary posts in arbitrary channels | S | |
| CVE-2024-41145 | A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or s... | | |
| CVE-2024-41146 | Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller ... | | |
| CVE-2024-41147 | An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of ... | | |
| CVE-2024-41149 | block: avoid to reuse `hctx` not removed from cpuhp callback list | S | |
| CVE-2024-41150 | Stored XSS | | |
| CVE-2024-41151 | Apache HertzBeat: RCE by notice template injection vulnerability | | |
| CVE-2024-41153 | Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows fo... | | |
| CVE-2024-41156 | Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Prof... | | |
| CVE-2024-41157 | Liteos-A has an use after free vulnerability | | |
| CVE-2024-41159 | A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted l... | | |
| CVE-2024-41160 | Liteos-A has an use after free vulnerability | | |
| CVE-2024-41161 | Vonets WiFi Bridges Use of Hard-coded Credentials | M | |
| CVE-2024-41162 | Malicious remote can make an arbitrary local channel read-only | S | |
| CVE-2024-41163 | A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0.... | E | |
| CVE-2024-41164 | BIG-IP MPTCP vulnerability | | |
| CVE-2024-41165 | A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted libr... | | |
| CVE-2024-41166 | Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Wi... | | |
| CVE-2024-41167 | Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow ... | | |
| CVE-2024-41168 | Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before ... | | |
| CVE-2024-41170 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015)... | | |
| CVE-2024-41171 | A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All vers... | | |
| CVE-2024-41172 | Apache CXF: Unrestricted memory consumption in CXF HTTP clients | | |
| CVE-2024-41173 | Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD | M | |
| CVE-2024-41174 | Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD | M | |
| CVE-2024-41175 | Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package | M | |
| CVE-2024-41176 | Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD | M | |
| CVE-2024-41178 | Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files | | |
| CVE-2024-41183 | Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under speci... | | |
| CVE-2024-41184 | In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overfl... | | |
| CVE-2024-41195 | An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authenti... | E | |
| CVE-2024-41196 | An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authenticatio... | E | |
| CVE-2024-41197 | An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication an... | E | |
| CVE-2024-41198 | An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and... | E | |
| CVE-2024-41199 | An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication ... | | |
| CVE-2024-41200 | A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a... | | |
| CVE-2024-41206 | A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to ca... | | |
| CVE-2024-41209 | A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to caus... | | |
| CVE-2024-41217 | A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to caus... | | |
| CVE-2024-41226 | A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers t... | E | |
| CVE-2024-41228 | A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 al... | | |
| CVE-2024-41236 | A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management Sys... | E | |
| CVE-2024-41237 | A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management S... | E | |
| CVE-2024-41238 | A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management S... | E | |
| CVE-2024-41239 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Respo... | E | |
| CVE-2024-41240 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kash... | E | |
| CVE-2024-41241 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kaship... | E | |
| CVE-2024-41242 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipa... | E | |
| CVE-2024-41243 | An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive ... | E | |
| CVE-2024-41244 | An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive ... | E | |
| CVE-2024-41245 | An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsi... | E | |
| CVE-2024-41246 | An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Respon... | E | |
| CVE-2024-41247 | An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submi... | E | |
| CVE-2024-41248 | An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_s... | E | |
| CVE-2024-41249 | An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsiv... | E | |
| CVE-2024-41250 | An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsi... | E | |
| CVE-2024-41251 | An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and... | E | |
| CVE-2024-41252 | An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and... | E | |
| CVE-2024-41253 | goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to ex... | | |
| CVE-2024-41254 | An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables... | | |
| CVE-2024-41255 | filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, poss... | | |
| CVE-2024-41256 | Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application t... | | |
| CVE-2024-41258 | An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables hos... | | |
| CVE-2024-41259 | Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to... | | |
| CVE-2024-41260 | A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to o... | | |
| CVE-2024-41262 | mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText fun... | | |
| CVE-2024-41264 | An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh... | | |
| CVE-2024-41265 | A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensiti... | | |
| CVE-2024-41270 | An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept an... | | |
| CVE-2024-41276 | A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code auth... | | |
| CVE-2024-41281 | Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.... | | |
| CVE-2024-41285 | A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrar... | E | |
| CVE-2024-41290 | FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the... | | |
| CVE-2024-41304 | An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows... | E | |
| CVE-2024-41305 | A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to for... | E | |
| CVE-2024-41308 | An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restri... | E | |
| CVE-2024-41309 | An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape th... | E | |
| CVE-2024-41310 | AndServer 2.1.12 is vulnerable to Directory Traversal.... | | |
| CVE-2024-41311 | In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an o... | E S | |
| CVE-2024-41314 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41315 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41316 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41317 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41318 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41319 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41320 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-41332 | Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Manag... | E | |
| CVE-2024-41333 | A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 al... | E | |
| CVE-2024-41334 | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925... | | |
| CVE-2024-41335 | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925... | | |
| CVE-2024-41336 | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925... | | |
| CVE-2024-41338 | A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prio... | | |
| CVE-2024-41339 | An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to... | | |
| CVE-2024-41340 | An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vig... | | |
| CVE-2024-41344 | A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the... | | |
| CVE-2024-41345 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php... | E | |
| CVE-2024-41346 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php... | E | |
| CVE-2024-41347 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php... | E | |
| CVE-2024-41348 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php... | E | |
| CVE-2024-41349 | unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php.... | E | |
| CVE-2024-41350 | bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3... | E | |
| CVE-2024-41351 | bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3... | E | |
| CVE-2024-41353 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php... | E | |
| CVE-2024-41354 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php... | E | |
| CVE-2024-41355 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.... | E | |
| CVE-2024-41356 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-netw... | E | |
| CVE-2024-41357 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.... | E | |
| CVE-2024-41358 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data... | E | |
| CVE-2024-41361 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht... | E | |
| CVE-2024-41364 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht... | E | |
| CVE-2024-41366 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht... | E | |
| CVE-2024-41367 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht... | E | |
| CVE-2024-41368 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht... | E | |
| CVE-2024-41369 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht... | E | |
| CVE-2024-41370 | Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.... | E | |
| CVE-2024-41371 | Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php.... | E | |
| CVE-2024-41372 | Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.... | E | |
| CVE-2024-41373 | ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.... | E | |
| CVE-2024-41374 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php... | E | |
| CVE-2024-41375 | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php... | E | |
| CVE-2024-41376 | dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.... | | |
| CVE-2024-41380 | microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles... | | |
| CVE-2024-41381 | microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles... | | |
| CVE-2024-41432 | An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows... | E | |
| CVE-2024-41433 | PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.Explain... | | |
| CVE-2024-41434 | PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecim... | | |
| CVE-2024-41435 | YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.... | | |
| CVE-2024-41436 | ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateCon... | | |
| CVE-2024-41437 | A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows a... | E | |
| CVE-2024-41438 | A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows att... | | |
| CVE-2024-41439 | A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows atta... | E | |
| CVE-2024-41440 | A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a ... | | |
| CVE-2024-41443 | A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attacker... | E | |
| CVE-2024-41444 | SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/inde... | | |
| CVE-2024-41445 | Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is p... | | |
| CVE-2024-41446 | A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execu... | E | |
| CVE-2024-41447 | A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execu... | E | |
| CVE-2024-41453 | A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attacke... | E | |
| CVE-2024-41454 | An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm... | | |
| CVE-2024-41459 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41460 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41461 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41462 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41463 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41464 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41465 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41466 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the... | E | |
| CVE-2024-41468 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput ... | | |
| CVE-2024-41473 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac param... | E | |
| CVE-2024-41475 | Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.... | E | |
| CVE-2024-41476 | AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injectio... | | |
| CVE-2024-41481 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid c... | | |
| CVE-2024-41482 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax c... | | |
| CVE-2024-41492 | A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a ... | E | |
| CVE-2024-41511 | A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.... | | |
| CVE-2024-41512 | A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before al... | | |
| CVE-2024-41513 | A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and befor... | | |
| CVE-2024-41514 | A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and b... | | |
| CVE-2024-41515 | A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11... | | |
| CVE-2024-41516 | A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows r... | | |
| CVE-2024-41517 | An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersich... | | |
| CVE-2024-41518 | An Incorrect Access Control vulnerability in "/admin/programm/ | | |
| CVE-2024-41519 | Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/ | | |
| CVE-2024-41550 | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_Syste... | E | |
| CVE-2024-41551 | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_Syste... | E | |
| CVE-2024-41564 | EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Posi... | | |
| CVE-2024-41565 | JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Posit... | S | |
| CVE-2024-41570 | An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allo... | E | |
| CVE-2024-41572 | Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a s... | | |
| CVE-2024-41577 | An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows atta... | | |
| CVE-2024-41579 | DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listName... | | |
| CVE-2024-41583 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by aut... | | |
| CVE-2024-41584 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, ca... | | |
| CVE-2024-41585 | DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that... | | |
| CVE-2024-41586 | A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a rem... | | |
| CVE-2024-41587 | Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting messag... | M | |
| CVE-2024-41588 | The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerab... | | |
| CVE-2024-41589 | DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.... | | |
| CVE-2024-41590 | Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing... | | |
| CVE-2024-41591 | DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.... | M | |
| CVE-2024-41592 | DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string p... | | |
| CVE-2024-41593 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the f... | M | |
| CVE-2024-41594 | An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive informat... | M | |
| CVE-2024-41595 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denia... | | |
| CVE-2024-41596 | Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor mana... | | |
| CVE-2024-41597 | Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execut... | | |
| CVE-2024-41599 | Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute a... | E | |
| CVE-2024-41600 | Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker... | | |
| CVE-2024-41601 | Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain ... | | |
| CVE-2024-41602 | Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker t... | | |
| CVE-2024-41603 | Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via th... | | |
| CVE-2024-41605 | In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker ... | | |
| CVE-2024-41610 | D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet servic... | | |
| CVE-2024-41611 | In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials,... | | |
| CVE-2024-41613 | A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject ... | E | |
| CVE-2024-41614 | symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articl... | E | |
| CVE-2024-41616 | D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.... | E | |
| CVE-2024-41617 | Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The ... | | |
| CVE-2024-41618 | Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transact... | | |
| CVE-2024-41622 | D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability... | | |
| CVE-2024-41623 | An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to exe... | | |
| CVE-2024-41624 | Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote at... | | |
| CVE-2024-41628 | Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 bef... | | |
| CVE-2024-41629 | An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obta... | | |
| CVE-2024-41630 | Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to e... | E | |
| CVE-2024-41631 | Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a deni... | | |
| CVE-2024-41637 | RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to... | | |
| CVE-2024-41640 | Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbit... | | |
| CVE-2024-41643 | An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary cod... | | |
| CVE-2024-41644 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41645 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41646 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41647 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41648 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41649 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41650 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.hu... | E | |
| CVE-2024-41651 | An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the... | E | |
| CVE-2024-41655 | TF2 Item Format Regular Expression Denial of Service vulnerability | | |
| CVE-2024-41656 | Sentry vulnerable to stored Cross-Site Scripting (XSS) | | |
| CVE-2024-41657 | GHSL-2024-035: Casdoor CORS misconfiguration | E | |
| CVE-2024-41658 | GHSL-2024-036: Reflected XSS in QrCodePage.js | E | |
| CVE-2024-41659 | GHSL-2024-034: memos CORS Misconfiguration in server.go | | |
| CVE-2024-41660 | slpd-lite unauthenticated memory corruption | | |
| CVE-2024-41661 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: ... | R | |
| CVE-2024-41662 | VNote vulnerable to Markdown XSS, which leads to RCE | E S | |
| CVE-2024-41663 | Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting | | |
| CVE-2024-41664 | Blind SSRF via Canarytoken Webhook | | |
| CVE-2024-41665 | Ampache Stored Cross-site Scripting Vulnerability | E | |
| CVE-2024-41666 | The Argo CD web terminal session does not handle the revocation of user permissions properly. | E S | |
| CVE-2024-41667 | OpenAM FreeMarker template injection | | |
| CVE-2024-41668 | cBioPortal Proxy Endpoint Vulnerabliity | | |
| CVE-2024-41670 | PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard | | |
| CVE-2024-41671 | twisted.web has disordered HTTP pipeline response | | |
| CVE-2024-41672 | DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled | E S | |
| CVE-2024-41673 | Decidim has a cross-site scripting vulnerability in the version control page | | |
| CVE-2024-41674 | CKAN may leak Solr credentials via error message in package_search action | S | |
| CVE-2024-41675 | CKAN has a Cross-site Scripting vector in the Datatables view plugin | S | |
| CVE-2024-41676 | Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs | M | |
| CVE-2024-41677 | Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik | E S | |
| CVE-2024-41678 | GLPI has multiple reflected XSS | | |
| CVE-2024-41679 | Authenticated SQL injection in ticket form | | |
| CVE-2024-41681 | A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web s... | | |
| CVE-2024-41682 | A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected ... | | |
| CVE-2024-41683 | A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected ... | | |
| CVE-2024-41684 | Cookie Without Secure Flag Set Vulnerability | S | |
| CVE-2024-41685 | Cookie Without HTTPOnly Flag Set Vulnerability | S | |
| CVE-2024-41686 | Password Policy Bypass Vulnerability | S | |
| CVE-2024-41687 | Cleartext Transmission of Sensitive Information Vulnerability | S | |
| CVE-2024-41688 | Cleartext Storage of Sensitive Information Vulnerability | S | |
| CVE-2024-41689 | Hard-coded Credentials Vulnerability | S | |
| CVE-2024-41690 | Default Credential Storage in Plaintext Vulnerability | S | |
| CVE-2024-41691 | Insecure Storage of Sensitive Information Vulnerability | S | |
| CVE-2024-41692 | Incorrect Access Control Vulnerability | S | |
| CVE-2024-41693 | Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | S | |
| CVE-2024-41694 | Cybonet – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-41695 | Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory | S | |
| CVE-2024-41696 | Priority PRI WEB Portal Add-On for Priority ERP on prem – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-41697 | Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | S | |
| CVE-2024-41698 | Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-41699 | Priority – CWE-552: Files or Directories Accessible to External Parties | S | |
| CVE-2024-41700 | Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-41701 | AccuPOS – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-41702 | SiberianCMS – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | S | |
| CVE-2024-41703 | LibreChat through 0.7.4-rc1 has incorrect access control for message updates.... | S | |
| CVE-2024-41704 | LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.... | S | |
| CVE-2024-41705 | A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated mali... | | |
| CVE-2024-41706 | A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticate... | | |
| CVE-2024-41707 | An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML co... | | |
| CVE-2024-41708 | An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges a... | | |
| CVE-2024-41709 | Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels befo... | | |
| CVE-2024-41710 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 69... | KEV E | |
| CVE-2024-41711 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 69... | | |
| CVE-2024-41712 | A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an a... | | |
| CVE-2024-41713 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 F... | KEV | |
| CVE-2024-41714 | A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoi... | | |
| CVE-2024-41715 | goTenna Pro ATAK Plugin Observable Response Discrepancy | S | |
| CVE-2024-41716 | Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this ... | | |
| CVE-2024-41717 | Kieback&Peter DDC4000 Series Path Traversal | S | |
| CVE-2024-41718 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: CVE-2024-39771. Reason: This CVE I... | R | |
| CVE-2024-41719 | BIG-IP Next Central Manager vulnerability | | |
| CVE-2024-41720 | Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versi... | | |
| CVE-2024-41721 | bhyve(8) out-of-bounds read access via XHCI emulation | | |
| CVE-2024-41722 | goTenna Pro ATAK Plugin Weak Authentication | S | |
| CVE-2024-41723 | BIG-IP iControl REST vulnerability | | |
| CVE-2024-41724 | Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed ... | | |
| CVE-2024-41725 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Cross-site Scripting | S | |
| CVE-2024-41726 | Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vu... | | |
| CVE-2024-41727 | BIG-IP TMM vulnerability | | |
| CVE-2024-41728 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | S | |
| CVE-2024-41729 | Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) | | |
| CVE-2024-41730 | Missing Authentication check in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2024-41731 | Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2024-41732 | Improper Access Control in SAP Netweaver Application Server ABAP | | |
| CVE-2024-41733 | Information Disclosure Vulnerability in SAP Commerce | | |
| CVE-2024-41734 | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform | | |
| CVE-2024-41735 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice | | |
| CVE-2024-41736 | Information Disclosure vulnerability in SAP Permit to Work | | |
| CVE-2024-41737 | Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management) | | |
| CVE-2024-41738 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2024-41739 | IBM Cognos Dashboards on Cloud Pak for Data privilege escalation | | |
| CVE-2024-41741 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2024-41742 | IBM TXSeries for Multiplatforms denial of service | | |
| CVE-2024-41743 | IBM TXSeries for Multiplatforms denial of service | | |
| CVE-2024-41744 | IBM CICS TX Standard cross-site request forgery | | |
| CVE-2024-41745 | IBM CICS TX Standard cross-site scripting | | |
| CVE-2024-41746 | IBM CICS TX cross-site scripting | | |
| CVE-2024-41752 | IBM Cognos Analytics HTML injection | | |
| CVE-2024-41753 | IBM Cloud Pak for Business Automation cross-site scripting | S | |
| CVE-2024-41757 | IBM Concert Software information disclosure | | |
| CVE-2024-41760 | IBM Common Cryptographic Architecture information disclosure | | |
| CVE-2024-41761 | IBM Db2 denial of service | | |
| CVE-2024-41762 | IBM Db2 denial of service | | |
| CVE-2024-41763 | IBM Engineering Lifecycle Optimization - Publishing information disclosure | | |
| CVE-2024-41765 | IBM Engineering Lifecycle Optimization - Publishing directory traversal | | |
| CVE-2024-41766 | IBM Engineering Lifecycle Optimization - Publishing denial of service | | |
| CVE-2024-41767 | IBM Engineering Lifecycle Optimization - Publishing SQL injection | | |
| CVE-2024-41768 | IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception | | |
| CVE-2024-41770 | IBM Engineering Requirements Management DOORS Next information disclosure | | |
| CVE-2024-41771 | IBM Engineering Requirements Management DOORS Next information disclosure | | |
| CVE-2024-41773 | IBM Global Configuration Management incorrect ownership assignment | | |
| CVE-2024-41774 | IBM Common Licensing cross-site scripting | | |
| CVE-2024-41775 | IBM Cognos Controller information disclosure | | |
| CVE-2024-41776 | IBM Cognos Controller cross-site request forgery | | |
| CVE-2024-41777 | IBM Cognos Controller hard coded credentials | | |
| CVE-2024-41778 | IBM Controller information disclosure | | |
| CVE-2024-41779 | IBM Engineering Systems Design Rhapsody - Model Manager | | |
| CVE-2024-41780 | IBM Jazz Foundation information disclosure | | |
| CVE-2024-41781 | IBM PowerVM Hypervisor information disclosure | | |
| CVE-2024-41783 | IBM Sterling Secure Proxy improper input validation | | |
| CVE-2024-41784 | IBM Sterling Secure Proxy directory traversal | | |
| CVE-2024-41785 | IBM Concert cross-site scripting | | |
| CVE-2024-41787 | IBM Engineering Requirements Management DOORS Next code execution | | |
| CVE-2024-41788 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41789 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41790 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41791 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41792 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41793 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41794 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected dev... | | |
| CVE-2024-41795 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41796 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web inte... | | |
| CVE-2024-41798 | A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only pro... | | |
| CVE-2024-41799 | tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users | | |
| CVE-2024-41800 | Craft CMS Allows TOTP Token To Stay Valid After Use | S | |
| CVE-2024-41801 | OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration | S | |
| CVE-2024-41802 | Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data Import | S | |
| CVE-2024-41803 | Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Filter | S | |
| CVE-2024-41804 | Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Column Formula | S | |
| CVE-2024-41805 | Tracks vulnerable to reflected cross-site scripting | | |
| CVE-2024-41806 | Open edX Platform's instructor upload CSV for cohort creation not Private by Default | | |
| CVE-2024-41807 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-4759. Reason: This r... | R | |
| CVE-2024-41808 | OpenObserve stored XSS vulnerability may lead to complete account takeover | E M | |
| CVE-2024-41809 | OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue` | S | |
| CVE-2024-41810 | HTML injection in HTTP redirect body | S | |
| CVE-2024-41811 | ipl/web susceptible to Cross-Site Request Forgery (CSRF) | | |
| CVE-2024-41812 | txtdot SSRF vulnerability in /get | E S | |
| CVE-2024-41813 | txtdot SSRF vulnerability in /proxy | E S | |
| CVE-2024-41815 | Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands | E S | |
| CVE-2024-41816 | WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode | E S | |
| CVE-2024-41817 | Arbitrary Code Execution in `AppImage` version `ImageMagick` | E S | |
| CVE-2024-41818 | ReDOS at currency parsing fast-xml-parser | E S | |
| CVE-2024-41819 | Note Mark has a stored XSS in the note link href attribute | E S | |
| CVE-2024-41820 | Cluster-level privilege escalation in kubean | | |
| CVE-2024-41824 | In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log... | | |
| CVE-2024-41825 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab... | | |
| CVE-2024-41826 | In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page... | | |
| CVE-2024-41827 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expirati... | | |
| CVE-2024-41828 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time... | | |
| CVE-2024-41829 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space App... | | |
| CVE-2024-41830 | Talos Security Advisory for Adobe (TALOS-2024-2009) | | |
| CVE-2024-41831 | ZDI-CAN-24569: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2024-41832 | TALOS-2024-2002 | Adobe Acrobat Reader Font gvar TupleVariation Data Out-Of-Bounds Read Vulnerability | | |
| CVE-2024-41833 | ZDI-CAN-24310: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-41834 | ZDI-CAN-24311: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-41835 | TALOS-2024-2003 | Adobe Acrobat Reader Font Packed Point Numbers Out-Of-Bounds Read Vulnerability | | |
| CVE-2024-41836 | InDesign Desktop | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-41839 | Adobe Experience Manager | Improper Input Validation (CWE-20) | | |
| CVE-2024-41840 | ZDI-CAN-24607: Adobe Bridge JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-41841 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-41842 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41843 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41844 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41845 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41846 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41847 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-41848 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-41849 | Adobe Experience Manager | Improper Input Validation (CWE-20) | | |
| CVE-2024-41850 | Adobe Indesign 2024 TIF File Parsing Heap Memory Corruption | | |
| CVE-2024-41851 | Adobe InDesign (Beta) has an integer overflow vulnerability when parsing SVG file | | |
| CVE-2024-41852 | Adobe Indesign 2024 AVI File Parsing Stack Based Buffer Overflow | | |
| CVE-2024-41853 | Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-41854 | Adobe Indesign 2024 PDF File parsing memory corruption | | |
| CVE-2024-41856 | Illustrator | Improper Input Validation (CWE-20) | | |
| CVE-2024-41857 | Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2024-41858 | Adobe InCopy has an integer overflow vulnerability when parsing SVG file | | |
| CVE-2024-41859 | After Effects | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-41860 | Adobe Substance 3D Sampler Memory Corruption Vulnerability I, when parsing PSD file | | |
| CVE-2024-41861 | Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability I, when parsing PSD file | | |
| CVE-2024-41862 | Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability II, when parsing PSD file | | |
| CVE-2024-41863 | Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability III, when parsing DNG file | | |
| CVE-2024-41864 | Adobe Substance 3D Designer ICO Parsing Out-Of-Bounds Write Vulnerability | | |
| CVE-2024-41865 | Adobe Dimension Untrusted Search Path lead to load malicious DLL swift.dll | | |
| CVE-2024-41866 | Adobe Indesign 2024 DOC File Parsing Null Pointer Dereference | | |
| CVE-2024-41867 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-41868 | Audition | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-41869 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2024-41870 | Media Encoder | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-41871 | Media Encoder | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-41872 | Media Encoder | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-41873 | Media Encoder | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-41874 | ColdFusion | Deserialization of Untrusted Data (CWE-502) | | |
| CVE-2024-41875 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41876 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-41877 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-41878 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-41879 | RE: New Edge T5 MSRC Case [DCMSFT-1294] | S | |
| CVE-2024-41880 | In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that dec... | | |
| CVE-2024-41881 | SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, res... | | |
| CVE-2024-41882 | Stack based buffer overflow | | |
| CVE-2024-41883 | Null Pointer Dereference | | |
| CVE-2024-41884 | Null Pointer Dereference | | |
| CVE-2024-41885 | Hardcoding sensitive information | | |
| CVE-2024-41886 | Improper Input Validation | | |
| CVE-2024-41887 | Arbitrary File Overwrite | | |
| CVE-2024-41888 | Apache Answer: The link for resetting user password is not Single-Use | | |
| CVE-2024-41889 | Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerabilit... | | |
| CVE-2024-41890 | Apache Answer: The link to reset the user's password will remain valid after sending a new link | | |
| CVE-2024-41902 | A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application c... | M | |
| CVE-2024-41903 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2024-41904 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2024-41905 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2024-41906 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2024-41907 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2024-41908 | A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications con... | | |
| CVE-2024-41909 | Apache MINA SSHD: integrity check bypass | | |
| CVE-2024-41910 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device... | | |
| CVE-2024-41911 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device... | | |
| CVE-2024-41912 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager device... | | |
| CVE-2024-41913 | Clariti Manager – Arbitrary File Upload | | |
| CVE-2024-41914 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow... | | |
| CVE-2024-41915 | Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface | | |
| CVE-2024-41916 | Authenticated Sensitive Information Disclosure in ClearPass Policy Manager | | |
| CVE-2024-41917 | Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software bef... | | |
| CVE-2024-41918 | 'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earl... | | |
| CVE-2024-41922 | A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Bu... | E | |
| CVE-2024-41924 | Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. ... | | |
| CVE-2024-41925 | Optigo Networks ONS-S8 Spectra Aggregation Switch PHP Remote File Inclusion | M | |
| CVE-2024-41926 | Malicious remote can claim that a user was synced from another remote | S | |
| CVE-2024-41927 | Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an at... | | |
| CVE-2024-41928 | bhyve(8) privileged guest escape via TPM device passthrough | | |
| CVE-2024-41929 | Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGIN... | | |
| CVE-2024-41930 | Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If ... | | |
| CVE-2024-41931 | goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data | S | |
| CVE-2024-41932 | sched: fix warning in sched_setaffinity | | |
| CVE-2024-41934 | Improper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticat... | | |
| CVE-2024-41935 | f2fs: fix to shrink read extent node in batches | | |
| CVE-2024-41936 | Vonets WiFi Bridges Path Traversal | M | |
| CVE-2024-41937 | Apache Airflow: Stored XSS Vulnerability on provider link | S | |
| CVE-2024-41938 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate functi... | | |
| CVE-2024-41939 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application doe... | | |
| CVE-2024-41940 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application doe... | | |
| CVE-2024-41941 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application doe... | | |
| CVE-2024-41942 | JupyterHub has a privilege escalation vulnerability with the `admin:users` scope | S | |
| CVE-2024-41943 | I, Librarian Stored XSS vulnerability in Item Summary | | |
| CVE-2024-41944 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report | | |
| CVE-2024-41945 | The fuels-ts typescript SDK has no awareness of to-be-spent transactions | | |
| CVE-2024-41946 | REXML DoS vulnerability | S | |
| CVE-2024-41947 | XWiki Platform XSS through conflict resolution | S | |
| CVE-2024-41948 | biscuit-java vulnerable to public key confusion in third party block | | |
| CVE-2024-41949 | biscuit-rust vulnerable to public key confusion in third party block | | |
| CVE-2024-41950 | Insecure Jinja2 templates rendered in Haystack Components can lead to RCE | | |
| CVE-2024-41951 | PheonixAppAPI has visible Encoding Maps | | |
| CVE-2024-41952 | Zitadel has an "Ignoring unknown usernames" vulnerability | S | |
| CVE-2024-41953 | Zitadel improperly sanitizes HTML in emails and Console UI | S | |
| CVE-2024-41954 | FOG Weak file permissions | E S | |
| CVE-2024-41955 | Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect | E S | |
| CVE-2024-41956 | Soft Serve allows arbitrary code execution by crafting git-lfs requests | | |
| CVE-2024-41957 | Vim double free in src/alloc.c:616 | S | |
| CVE-2024-41958 | Two-Factor Authentication (2FA) Bypass in mailcow: dockerized | S | |
| CVE-2024-41959 | Cross-site Scripting (XSS) via API Logs in mailcow: dockerized | S | |
| CVE-2024-41960 | Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized | S | |
| CVE-2024-41961 | Elektra vulnerable to remote code execution in universal search | | |
| CVE-2024-41962 | Bostr Improper Authorization | S | |
| CVE-2024-41964 | Insufficient permission checks in the language settings in Kirby CMS | S | |
| CVE-2024-41965 | Vim < v9.1.0648 has a double-free in dialog_changed() | S | |
| CVE-2024-41967 | WAGO: Boot Mode Manipulation in Multiple Devices | | |
| CVE-2024-41968 | WAGO: Docker Settings Manipulation in Multiple Devices | | |
| CVE-2024-41969 | WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices | | |
| CVE-2024-41970 | WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices | | |
| CVE-2024-41971 | WAGO: Arbitrary File Overwrite in Multiple Devices | | |
| CVE-2024-41972 | WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices | | |
| CVE-2024-41973 | WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices | | |
| CVE-2024-41974 | WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices | | |
| CVE-2024-41975 | CODESYS (Edge) Gateway for Windows insecure default | | |
| CVE-2024-41976 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | | |
| CVE-2024-41977 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | | |
| CVE-2024-41978 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | | |
| CVE-2024-41981 | A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (... | | |
| CVE-2024-41987 | Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter | M | |
| CVE-2024-41988 | Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter | M | |
| CVE-2024-41989 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template f... | S | |
| CVE-2024-41990 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetru... | S | |
| CVE-2024-41991 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc... | S | |
| CVE-2024-41992 | Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x f... | | |
| CVE-2024-41995 | Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12... | | |
| CVE-2024-41996 | Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approv... | | |
| CVE-2024-41997 | An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A com... | | |
| CVE-2024-41999 | Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. I... | |