| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-45000 | fs/netfs/fscache_cookie: add missing "n_accesses" check | S | |
| CVE-2024-45001 | net: mana: Fix RX buf alloc_size alignment and atomic op panic | S | |
| CVE-2024-45002 | rtla/osnoise: Prevent NULL dereference in error handling | S | |
| CVE-2024-45003 | vfs: Don't evict inode under the inode lru traversing context | S | |
| CVE-2024-45004 | KEYS: trusted: dcp: fix leak of blob encryption key | S | |
| CVE-2024-45005 | KVM: s390: fix validity interception issue when gisa is switched off | S | |
| CVE-2024-45006 | xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration | S | |
| CVE-2024-45007 | char: xillybus: Don't destroy workqueue from work item running on it | | |
| CVE-2024-45008 | Input: MT - limit max slots | | |
| CVE-2024-45009 | mptcp: pm: only decrement add_addr_accepted for MPJ req | S | |
| CVE-2024-45010 | mptcp: pm: only mark 'subflow' endp as available | S | |
| CVE-2024-45011 | char: xillybus: Check USB endpoints when probing device | S | |
| CVE-2024-45012 | nouveau/firmware: use dma non-coherent allocator | S | |
| CVE-2024-45013 | nvme: move stopping keep-alive into nvme_uninit_ctrl() | S | |
| CVE-2024-45014 | s390/boot: Avoid possible physmem_info segment corruption | S | |
| CVE-2024-45015 | drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() | S | |
| CVE-2024-45016 | netem: fix return value if duplicate enqueue fails | S | |
| CVE-2024-45017 | net/mlx5: Fix IPsec RoCE MPV trace call | S | |
| CVE-2024-45018 | netfilter: flowtable: initialise extack before use | S | |
| CVE-2024-45019 | net/mlx5e: Take state lock during tx timeout reporter | S | |
| CVE-2024-45020 | bpf: Fix a kernel verifier crash in stacksafe() | S | |
| CVE-2024-45021 | memcg_write_event_control(): fix a user-triggerable oops | S | |
| CVE-2024-45022 | mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 | S | |
| CVE-2024-45023 | md/raid1: Fix data corruption for degraded array with slow disk | S | |
| CVE-2024-45024 | mm/hugetlb: fix hugetlb vs. core-mm PT locking | S | |
| CVE-2024-45025 | fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE | S | |
| CVE-2024-45026 | s390/dasd: fix error recovery leading to data corruption on ESE devices | S | |
| CVE-2024-45027 | usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() | S | |
| CVE-2024-45028 | mmc: mmc_test: Fix NULL dereference on allocation failure | S | |
| CVE-2024-45029 | i2c: tegra: Do not mark ACPI devices as irq safe | S | |
| CVE-2024-45030 | igb: cope with large MAX_SKB_FRAGS | S | |
| CVE-2024-45031 | Apache Syncope: Stored XSS in Console and Enduser | | |
| CVE-2024-45032 | A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Indus... | | |
| CVE-2024-45033 | Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli | S | |
| CVE-2024-45034 | Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes | S | |
| CVE-2024-45036 | Improper Access Control Vulnerability When Accessing a Maliciously Crafted Tophat Link | | |
| CVE-2024-45037 | AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template | | |
| CVE-2024-45038 | Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware | | |
| CVE-2024-45039 | gnark's Groth16 commitment extension unsound for more than one commitment | | |
| CVE-2024-45040 | gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property | S | |
| CVE-2024-45041 | External Secrets Operator vulnerable to privilege escalation | S | |
| CVE-2024-45042 | Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials | | |
| CVE-2024-45043 | OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability | | |
| CVE-2024-45044 | Bareos's negative command ACLs can be circumvented by abbreviating commands | | |
| CVE-2024-45045 | JavaScript Injection via url encoded values in links in Collabora Office Android | | |
| CVE-2024-45046 | PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information | E S | |
| CVE-2024-45047 | Potential mXSS vulnerability due to improper HTML escaping in svelte | E | |
| CVE-2024-45048 | XML External Entity Reference (XXE) in PHPSpreadsheet | E S | |
| CVE-2024-45049 | Nix Hydra Missing authentication when triggering evaluations | | |
| CVE-2024-45050 | Ringer Server Does Not Check Members When Loading Messages | | |
| CVE-2024-45051 | Bypass of email address validation via encoded email addresses in Discourse | | |
| CVE-2024-45052 | Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability | E S | |
| CVE-2024-45053 | Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine | E S | |
| CVE-2024-45054 | Potential Permission Leakage of Cluster Level in hwameistor | S | |
| CVE-2024-45056 | `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc | S | |
| CVE-2024-45057 | Reflected Cross-Site Scripting in i-Educar | E S | |
| CVE-2024-45058 | Privilege escalation in i-Educar | E S | |
| CVE-2024-45059 | Authenticated SQL Injection in i-Educar | E S | |
| CVE-2024-45060 | Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet | E M | |
| CVE-2024-45061 | A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observi... | E | |
| CVE-2024-45062 | A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially co... | E M | |
| CVE-2024-45063 | Multiple issues in ctl(4) CAM Target Layer | | |
| CVE-2024-45064 | A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroe... | | |
| CVE-2024-45065 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.... | R | |
| CVE-2024-45066 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection | S | |
| CVE-2024-45067 | Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may ... | | |
| CVE-2024-45068 | Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA | | |
| CVE-2024-45069 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.... | R | |
| CVE-2024-45070 | Liteos_a has an out-of-bounds read vulnerability | | |
| CVE-2024-45071 | IBM WebSphere Application Server cross-site scripting | | |
| CVE-2024-45072 | IBM WebSphere Application Server XML external entity injection | | |
| CVE-2024-45073 | IBM WebSphere Application Server cross-site scripting | | |
| CVE-2024-45074 | IBM webMethods Integration directory traversal | | |
| CVE-2024-45075 | IBM webMethods Integration privilege escalation | | |
| CVE-2024-45076 | IBM webMethods Integration code execution | | |
| CVE-2024-45077 | IBM Maximo Asset Management file upload | | |
| CVE-2024-45081 | IBM Cognos Controller incorrect authorization | S | |
| CVE-2024-45082 | IBM Cognos Analytics HTTP open redirection | | |
| CVE-2024-45084 | IBM Cognos Controller CSV injection | S | |
| CVE-2024-45085 | IBM WebSphere Application Server denial of service | | |
| CVE-2024-45086 | IBM WebSphere Application Server XML external entity injection | | |
| CVE-2024-45087 | IBM WebSphere Application Server cross-site scripting | | |
| CVE-2024-45088 | IBM Maximo Asset Management cross-site scripting | | |
| CVE-2024-45089 | IBM Sterling B2B Integrator information disclosure | | |
| CVE-2024-45091 | IBM UrbanCode Deploy information disclosure | | |
| CVE-2024-45094 | IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting | S | |
| CVE-2024-45096 | IBM Aspera Faspex information disclosure | | |
| CVE-2024-45097 | IBM Aspera Faspex bypass security | | |
| CVE-2024-45098 | IBM Aspera Faspex bypass security | | |
| CVE-2024-45099 | IBM Security ReaQta cross-site scripting | | |
| CVE-2024-45100 | IBM Security QRadar EDR denial of service | | |
| CVE-2024-45101 | A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could ... | S | |
| CVE-2024-45102 | A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA use... | S | |
| CVE-2024-45103 | A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA ... | S | |
| CVE-2024-45104 | A valid, authenticated LXCA user without sufficient privileges may be able to use the device identif... | S | |
| CVE-2024-45105 | An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerabil... | S | |
| CVE-2024-45106 | Apache Ozone: Improper authentication when generating S3 secrets | | |
| CVE-2024-45107 | ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2024-45108 | Photoshop Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45109 | Photoshop Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45111 | Illustrator | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-45112 | Acrobat Reader | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) | | |
| CVE-2024-45113 | ColdFusion | Improper Authentication (CWE-287) | | |
| CVE-2024-45114 | Illustrator | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45115 | Adobe Commerce | Improper Authentication (CWE-287) | | |
| CVE-2024-45116 | Adobe Commerce | Cross-site Scripting (XSS) (CWE-79) | | |
| CVE-2024-45117 | Adobe Commerce | Improper Input Validation (CWE-20) | | |
| CVE-2024-45118 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45119 | Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) | | |
| CVE-2024-45120 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) | | |
| CVE-2024-45121 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45122 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45123 | Adobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-45124 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45125 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2024-45127 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-45128 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2024-45129 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45130 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45131 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2024-45132 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2024-45133 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45134 | Adobe Commerce | Information Exposure (CWE-200) | | |
| CVE-2024-45135 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45136 | InCopy | Unrestricted Upload of File with Dangerous Type (CWE-434) | | |
| CVE-2024-45137 | InDesign Desktop | Unrestricted Upload of File with Dangerous Type (CWE-434) | | |
| CVE-2024-45138 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2024-45139 | Substance3D - Stager | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-45140 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45141 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45142 | Substance3D - Stager | Write-what-where Condition (CWE-123) | | |
| CVE-2024-45143 | Substance3D - Stager | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2024-45144 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45145 | Lightroom Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-45146 | Dimension | Use After Free (CWE-416) | | |
| CVE-2024-45147 | Bridge | Out-of-bounds Read (CWE-125) | | |
| CVE-2024-45148 | Adobe Commerce | Improper Authentication (CWE-287) | | |
| CVE-2024-45149 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2024-45150 | Dimension | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45152 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2024-45153 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-45155 | Animate | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2024-45156 | Animate | NULL Pointer Dereference (CWE-476) | | |
| CVE-2024-45157 | An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected a... | | |
| CVE-2024-45158 | An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_t... | | |
| CVE-2024-45159 | An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional a... | | |
| CVE-2024-45160 | Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to... | | |
| CVE-2024-45163 | The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and ... | | |
| CVE-2024-45164 | Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Ser... | E M | |
| CVE-2024-45165 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between clie... | | |
| CVE-2024-45166 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input val... | | |
| CVE-2024-45167 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input val... | | |
| CVE-2024-45168 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over ... | | |
| CVE-2024-45169 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input val... | | |
| CVE-2024-45170 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing a... | | |
| CVE-2024-45171 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input v... | | |
| CVE-2024-45172 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing ... | | |
| CVE-2024-45173 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege ma... | | |
| CVE-2024-45174 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper... | | |
| CVE-2024-45175 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is sto... | | |
| CVE-2024-45176 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input valida... | | |
| CVE-2024-45177 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper... | | |
| CVE-2024-45178 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input v... | | |
| CVE-2024-45179 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insuffic... | | |
| CVE-2024-45180 | SquaredUp DS for SCOM 6.2.1.11104 allows XSS.... | | |
| CVE-2024-45181 | An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. A... | M | |
| CVE-2024-45182 | An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An... | M | |
| CVE-2024-45183 | An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2... | | |
| CVE-2024-45184 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exy... | | |
| CVE-2024-45185 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825... | | |
| CVE-2024-45186 | FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.... | | |
| CVE-2024-45187 | Mage AI allows deleted users to use the terminal server with admin access, leading to remote code execution | | |
| CVE-2024-45188 | Mage AI file content request remote arbitrary file leak | | |
| CVE-2024-45189 | Mage AI git content request remote arbitrary file leak | E | |
| CVE-2024-45190 | Mage AI pipeline interaction request remote arbitrary file leak | | |
| CVE-2024-45191 | An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cac... | E S | |
| CVE-2024-45192 | An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use o... | E S | |
| CVE-2024-45193 | An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due... | E S | |
| CVE-2024-45194 | In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows executio... | | |
| CVE-2024-45195 | Apache OFBiz: Confused controller-view authorization logic (forced browsing) | KEV S | |
| CVE-2024-45198 | insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject ma... | | |
| CVE-2024-45199 | insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can in... | | |
| CVE-2024-45200 | In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a ... | | |
| CVE-2024-45201 | An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call... | | |
| CVE-2024-45203 | Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions p... | | |
| CVE-2024-45204 | A vulnerability exists where a low-privileged user can exploit insufficient permissions in credentia... | | |
| CVE-2024-45205 | An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (no... | | |
| CVE-2024-45206 | A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbit... | | |
| CVE-2024-45207 | DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure l... | | |
| CVE-2024-45208 | The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. A... | | |
| CVE-2024-45216 | Apache Solr: Authentication bypass possible using a fake URL Path ending | | |
| CVE-2024-45217 | Apache Solr: ConfigSets created during a backup restore command are trusted implicitly | | |
| CVE-2024-45219 | Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure | S | |
| CVE-2024-45229 | The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such ... | | |
| CVE-2024-45230 | An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The url... | | |
| CVE-2024-45231 | An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.Passwor... | | |
| CVE-2024-45232 | An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the ma... | | |
| CVE-2024-45233 | An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the Outp... | | |
| CVE-2024-45234 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trus... | | |
| CVE-2024-45235 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trus... | | |
| CVE-2024-45236 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trus... | S | |
| CVE-2024-45237 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trus... | S | |
| CVE-2024-45238 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trus... | | |
| CVE-2024-45239 | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trus... | | |
| CVE-2024-45240 | The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover ... | | |
| CVE-2024-45241 | A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) thro... | | |
| CVE-2024-45242 | EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injectio... | | |
| CVE-2024-45244 | Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestam... | S | |
| CVE-2024-45245 | Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-45246 | Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | S | |
| CVE-2024-45247 | Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | S | |
| CVE-2024-45248 | Multi-DNC – CWE-35: Path Traversal: '.../...//' | S | |
| CVE-2024-45249 | Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | S | |
| CVE-2024-45250 | ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-45251 | Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | S | |
| CVE-2024-45252 | Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | S | |
| CVE-2024-45253 | Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | S | |
| CVE-2024-45254 | VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | S | |
| CVE-2024-45256 | An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allow... | | |
| CVE-2024-45258 | The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided... | | |
| CVE-2024-45259 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and A... | | |
| CVE-2024-45260 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and A... | | |
| CVE-2024-45261 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and A... | | |
| CVE-2024-45262 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and A... | | |
| CVE-2024-45263 | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and A... | | |
| CVE-2024-45264 | A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.... | | |
| CVE-2024-45265 | A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows rem... | | |
| CVE-2024-45269 | WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vu... | | |
| CVE-2024-45270 | WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vu... | | |
| CVE-2024-45271 | MB connect line/Helmholz: Remote code execution due to improper input validation | | |
| CVE-2024-45272 | MB connect line/Helmholz: Generation of weak passwords vulnerability | | |
| CVE-2024-45273 | MB connect line/Helmholz: Weak encryption of configuration file | | |
| CVE-2024-45274 | MB connect line/Helmholz: Remote code execution via confnet service | | |
| CVE-2024-45275 | MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords | | |
| CVE-2024-45276 | MB connect line/Helmholz: tmp directory exposed via webservice | | |
| CVE-2024-45277 | Prototype Pollution vulnerability in SAP HANA Client | | |
| CVE-2024-45278 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice | | |
| CVE-2024-45279 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) | | |
| CVE-2024-45280 | Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application) | | |
| CVE-2024-45281 | DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2024-45282 | HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements) | | |
| CVE-2024-45283 | Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) | | |
| CVE-2024-45284 | Missing authorization check in SAP Student Life Cycle Management (SLcM) | | |
| CVE-2024-45285 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform | | |
| CVE-2024-45286 | Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) | | |
| CVE-2024-45287 | Multiple vulnerabilities in libnv | | |
| CVE-2024-45288 | Multiple vulnerabilities in libnv | | |
| CVE-2024-45289 | Unbounded allocation in ctl(4) CAM Target Layer | | |
| CVE-2024-45290 | Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet | E S | |
| CVE-2024-45291 | Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet | E | |
| CVE-2024-45292 | PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks | E | |
| CVE-2024-45293 | XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader | E | |
| CVE-2024-45294 | `org.hl7.fhir.core` XXE vulnerability in XSLT transforms | | |
| CVE-2024-45295 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-45294. Reason: ... | R | |
| CVE-2024-45296 | path-to-regexp outputs backtracking regular expressions | | |
| CVE-2024-45297 | Prevent topic list filtering by hidden tags for unauthorized users in Discourse | | |
| CVE-2024-45298 | Disabled user can bypass lockout by requesting password reset in wiki.js | | |
| CVE-2024-45299 | alf.io's preloaded data as json is not escaped correctly | E S | |
| CVE-2024-45300 | Bypassing promo code limitations with race conditions | E S | |
| CVE-2024-45302 | CRLF Injection in RestSharp's `RestRequest.AddHeader` method | E S | |
| CVE-2024-45303 | Discourse Calendar plugin event names susceptible to XSS | S | |
| CVE-2024-45304 | OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts | S | |
| CVE-2024-45305 | gix-path uses local config across repos when it is the highest scope | | |
| CVE-2024-45306 | heap-buffer-overflow in Vim | S | |
| CVE-2024-45307 | SudoBot missing authorization check in `-config` command | S | |
| CVE-2024-45308 | MySQL & free URL mode allows to hide existing notes in hedgedoc | | |
| CVE-2024-45309 | OneDev vulnerable to arbitrary file reading for unauthenticated user | S | |
| CVE-2024-45310 | runc can be confused to create empty files/directories on the host | | |
| CVE-2024-45311 | Denial of service in quinn-proto when using `Endpoint::retry()` | S | |
| CVE-2024-45312 | Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf | S | |
| CVE-2024-45313 | Insecure default setting for Server Pro installed via Overleaf toolkit | S | |
| CVE-2024-45314 | Flask-AppBuilder login form allows browser to cache sensitive fields | S | |
| CVE-2024-45315 | The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connec... | | |
| CVE-2024-45316 | The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connec... | | |
| CVE-2024-45317 | A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-026... | | |
| CVE-2024-45318 | A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to c... | | |
| CVE-2024-45319 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows... | | |
| CVE-2024-45320 | Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w ... | | |
| CVE-2024-45321 | The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code e... | E S | |
| CVE-2024-45323 | An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 ... | S | |
| CVE-2024-45324 | A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 throug... | S | |
| CVE-2024-45326 | An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and... | S | |
| CVE-2024-45327 | An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 th... | S | |
| CVE-2024-45328 | An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a l... | S | |
| CVE-2024-45329 | A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions ... | S | |
| CVE-2024-45330 | A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3,... | S | |
| CVE-2024-45331 | A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 throu... | S | |
| CVE-2024-45332 | Exposure of sensitive information caused by shared microarchitectural predictor state that influence... | | |
| CVE-2024-45333 | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before vers... | | |
| CVE-2024-45334 | Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configu... | | |
| CVE-2024-45335 | Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an att... | | |
| CVE-2024-45336 | Sensitive headers incorrectly sent after cross-domain redirect in net/http | | |
| CVE-2024-45337 | Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto | | |
| CVE-2024-45338 | Non-linear parsing of case-insensitive content in golang.org/x/net/html | | |
| CVE-2024-45339 | Vulnerability when creating log files in github.com/golang/glog | | |
| CVE-2024-45340 | GOAUTH credential leak in cmd/go | | |
| CVE-2024-45341 | Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 | | |
| CVE-2024-45342 | Rejected reason: reserved but not needed... | R | |
| CVE-2024-45343 | Rejected reason: reserved but not needed... | R | |
| CVE-2024-45344 | Rejected reason: reserved but not needed... | R | |
| CVE-2024-45345 | Rejected reason: reserved but not needed... | R | |
| CVE-2024-45346 | GetApps application has code execution vulnerability | | |
| CVE-2024-45347 | Mi Connect Service APP protocol flaws lead to unauthorized access | | |
| CVE-2024-45348 | Xiaomi Router AX9000 has a post-authorization command injection vulnerability | | |
| CVE-2024-45351 | Game center application has code execution Vulnerability | | |
| CVE-2024-45352 | Xiaomi smarthome application Webview has code execution vulnerability | | |
| CVE-2024-45353 | quick App has intent redriction vulnerability | | |
| CVE-2024-45354 | xiaomi shop application Webview has code execution vulnerability | | |
| CVE-2024-45355 | Xiaomi phone framework has unauthorized access vulnerability | | |
| CVE-2024-45356 | Xiaomi phone framework has unauthorized access vulnerability | | |
| CVE-2024-45361 | Mi Connect Service APP protocol flaws lead to leaking sensitive user information | | |
| CVE-2024-45366 | Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerabil... | | |
| CVE-2024-45367 | Optigo Networks ONS-S8 Spectra Aggregation Switch Weak Authentication | M | |
| CVE-2024-45368 | AutomationDirect DirectLogic H2-DM1E Session Fixation | M | |
| CVE-2024-45369 | mySCADA myPRO Improper Authentication | S | |
| CVE-2024-45371 | Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.... | | |
| CVE-2024-45372 | MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Vi... | | |
| CVE-2024-45373 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Improper Privilege Management | S | |
| CVE-2024-45374 | goTenna Pro ATAK Plugin Weak Password Requirements | S | |
| CVE-2024-45380 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.... | R | |
| CVE-2024-45382 | Liteos_a has an Out-of-bounds Write vulnerability | | |
| CVE-2024-45383 | A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High D... | E | |
| CVE-2024-45384 | Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack | | |
| CVE-2024-45385 | A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affect... | | |
| CVE-2024-45386 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (Al... | | |
| CVE-2024-45387 | Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments | | |
| CVE-2024-45388 | Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) | E | |
| CVE-2024-45389 | Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS) | S | |
| CVE-2024-45390 | @blakeembrey/template vulnerable to code injection when attacker controls template input | S | |
| CVE-2024-45391 | Tina search token leak via lock file in TinaCMS | S | |
| CVE-2024-45392 | SuiteCRM has wrong deletion permission checks on API delete call | | |
| CVE-2024-45393 | Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries | S | |
| CVE-2024-45394 | Secret encryption vulnerable to brute-force attacks | S | |
| CVE-2024-45395 | Unbounded loop over untrusted input can lead to endless data attack | S | |
| CVE-2024-45396 | Quicly assertion failures | S | |
| CVE-2024-45397 | H2O alllows bypassing address-based access control with 0-RTT | S | |
| CVE-2024-45398 | Remote command execution through file upload in contao/core-bundle | | |
| CVE-2024-45399 | Indico has a Cross-Site-Scripting during account creation | S | |
| CVE-2024-45400 | CKEditor Open Link plugin vulnerable to Cross-site Scripting | S | |
| CVE-2024-45401 | stripe-cli Path Traversal vulnerability | | |
| CVE-2024-45402 | Picotls double free | S | |
| CVE-2024-45403 | H2O assertion failure when HTTP/3 requests are cancelled | S | |
| CVE-2024-45404 | OpenCTI's lack of Rate Limit lead to OTP brute forcing | E | |
| CVE-2024-45405 | gix-path improperly resolves configuration path reported by Git | | |
| CVE-2024-45406 | Craft CMS stored XSS in breadcrumb list and title fields | E S | |
| CVE-2024-45407 | Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client | E S | |
| CVE-2024-45408 | eLabFTW contains a direct and indirect information disclosure | | |
| CVE-2024-45409 | The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector | S | |
| CVE-2024-45410 | HTTP client can remove the X-Forwarded headers in Traefik | | |
| CVE-2024-45411 | Twig has a possible sandbox bypass | S | |
| CVE-2024-45412 | Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack | E S | |
| CVE-2024-45413 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decr... | | |
| CVE-2024-45414 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPriva... | | |
| CVE-2024-45415 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_da... | | |
| CVE-2024-45416 | The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init fu... | | |
| CVE-2024-45417 | Zoom Apps for macOS - Uncontrolled Resource Consumption | | |
| CVE-2024-45418 | Zoom Apps for macOS - Symbolic Link Following | | |
| CVE-2024-45419 | Zoom Apps - Improper Input Validation | | |
| CVE-2024-45420 | Zoom Apps - Uncontrolled Resource Consumption | | |
| CVE-2024-45421 | Zoom Apps - Buffer Overflow | | |
| CVE-2024-45422 | Zoom Apps - Improper Input Validation | | |
| CVE-2024-45424 | Zoom Workplace Apps - Business Logic Error | | |
| CVE-2024-45425 | Zoom Workplace Apps - Incorrect User Management | | |
| CVE-2024-45426 | Zoom Workplace Apps - Incorrect Ownership Assignment | | |
| CVE-2024-45429 | Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and A... | | |
| CVE-2024-45435 | Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.... | E | |
| CVE-2024-45436 | extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside ... | S | |
| CVE-2024-45438 | An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.... | | |
| CVE-2024-45440 | core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) ... | | |
| CVE-2024-45441 | Input verification vulnerability in the system service module Impact: Successful exploitation of thi... | | |
| CVE-2024-45442 | Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Success... | | |
| CVE-2024-45443 | Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnera... | | |
| CVE-2024-45444 | Access permission verification vulnerability in the WMS module Impact: Successful exploitation of th... | | |
| CVE-2024-45445 | Vulnerability of resources not being closed or released in the keystore module Impact: Successful ex... | | |
| CVE-2024-45446 | Access permission verification vulnerability in the camera driver module Impact: Successful exploita... | | |
| CVE-2024-45447 | Access control vulnerability in the camera framework module Impact: Successful exploitation of this ... | | |
| CVE-2024-45448 | Page table protection configuration vulnerability in the trusted firmware module Impact: Successful ... | | |
| CVE-2024-45449 | Access permission verification vulnerability in the ringtone setting module Impact: Successful explo... | | |
| CVE-2024-45450 | Permission control vulnerability in the software update module. Impact: Successful exploitation of t... | | |
| CVE-2024-45451 | WordPress Roseta theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-45452 | WordPress Septera theme <= 1.5.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-45453 | WordPress Maintenance Redirect plugin <= 2.0.1 - IP Bypass vulnerability | S | |
| CVE-2024-45454 | WordPress Unlimited Elements for Elementor plugin <= 1.5.121 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45455 | WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45456 | WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45457 | WordPress Spiffy Calendar plugin <= 4.9.13 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45458 | WordPress Spiffy Calendar plugin <= 4.9.13 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45459 | WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45460 | WordPress Flipping Cards plugin <= 1.30 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-45461 | Apache CloudStack Quota plugin: Access checks not enforced in Quota | S | |
| CVE-2024-45462 | Apache CloudStack: Incomplete session invalidation on web interface logout | S | |
| CVE-2024-45463 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45464 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45465 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45466 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45467 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45468 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45469 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45470 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45471 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45472 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45473 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45474 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45475 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45476 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), T... | | |
| CVE-2024-45477 | Apache NiFi: Improper Neutralization of Input in Parameter Description | | |
| CVE-2024-45478 | Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input | | |
| CVE-2024-45479 | Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost | | |
| CVE-2024-45480 | Unauthorized local file reading in B&R APROL | | |
| CVE-2024-45481 | Improper authentication in SSH of B&R APROL | | |
| CVE-2024-45482 | Privilege escalation in B&R APROL | | |
| CVE-2024-45483 | Missing GRUB password in B&R APROL | | |
| CVE-2024-45484 | Enabled ICMP redirection in B&R APROL | | |
| CVE-2024-45488 | One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of a... | | |
| CVE-2024-45489 | Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript ... | | |
| CVE-2024-45490 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for X... | S | |
| CVE-2024-45491 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow... | S | |
| CVE-2024-45492 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer... | S | |
| CVE-2024-45493 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldSe... | | |
| CVE-2024-45494 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldSe... | | |
| CVE-2024-45495 | MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.... | | |
| CVE-2024-45496 | Openshift-controller-manager: elevated build pods can lead to node compromise in openshift | M | |
| CVE-2024-45497 | Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials | M | |
| CVE-2024-45498 | Apache Airflow: Command Injection in an example DAG | S | |
| CVE-2024-45504 | Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the... | | |
| CVE-2024-45505 | Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities | | |
| CVE-2024-45506 | HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial o... | | |
| CVE-2024-45507 | Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE | S | |
| CVE-2024-45508 | HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an atte... | E S | |
| CVE-2024-45509 | In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to... | S | |
| CVE-2024-45510 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vu... | | |
| CVE-2024-45511 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting... | | |
| CVE-2024-45512 | An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can explo... | | |
| CVE-2024-45513 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (X... | | |
| CVE-2024-45514 | An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vu... | | |
| CVE-2024-45515 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vul... | | |
| CVE-2024-45516 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, ... | | |
| CVE-2024-45517 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vul... | | |
| CVE-2024-45518 | An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.... | | |
| CVE-2024-45519 | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 4... | KEV E | |
| CVE-2024-45520 | WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote Denial of Service because of m... | | |
| CVE-2024-45522 | Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a ... | S | |
| CVE-2024-45523 | An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x befor... | | |
| CVE-2024-45526 | An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote... | | |
| CVE-2024-45527 | REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to ... | E | |
| CVE-2024-45528 | CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fulln... | E | |
| CVE-2024-45537 | Apache Druid: Users can provide MySQL JDBC properties not on allow list | | |
| CVE-2024-45540 | Use After Free in HLOS | | |
| CVE-2024-45541 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Windows Host | | |
| CVE-2024-45542 | Stack-based Buffer Overflow in WLAN Windows Host | | |
| CVE-2024-45543 | Out-of-bounds Write in Audio | | |
| CVE-2024-45544 | Use After Free in Data Network Stack & Connectivity | | |
| CVE-2024-45546 | Buffer Over-read in WLAN Windows Host | | |
| CVE-2024-45547 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Windows Host | | |
| CVE-2024-45548 | Buffer Over-read in WLAN Windows Host | | |
| CVE-2024-45549 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in KERNEL | | |
| CVE-2024-45550 | Improper Validation of Array Index in DSP Services | | |
| CVE-2024-45551 | Weak Authentication in HLOS | | |
| CVE-2024-45552 | Buffer Over-read in Data Network Stack & Connectivity | | |
| CVE-2024-45553 | Use After Free in DSP Services | S | |
| CVE-2024-45554 | Use After Free in DSP Service | S | |
| CVE-2024-45555 | Integer Overflow to Buffer Overflow in Automotive OS Platform | | |
| CVE-2024-45556 | Improper Access Control for Register Interface in TZ Firmware | | |
| CVE-2024-45557 | Use of Out-of-range Pointer Offset in Trust Management Engine | | |
| CVE-2024-45558 | Buffer Over-read in WLAN Host Cmn | S | |
| CVE-2024-45559 | Buffer Over-read in Automotive OS Platform | | |
| CVE-2024-45560 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera | | |
| CVE-2024-45561 | Use After Free in Windows WLAN Host | | |
| CVE-2024-45562 | Use After Free in HLOS | S | |
| CVE-2024-45563 | Out-of-bounds Write in Camera Driver | S | |
| CVE-2024-45564 | Use After Free in HLOS | S | |
| CVE-2024-45565 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver | S | |
| CVE-2024-45566 | Use After Free in Camera Driver | S | |
| CVE-2024-45567 | Use After Free in Camera Driver | S | |
| CVE-2024-45568 | Buffer Over-read in Camera Driver | S | |
| CVE-2024-45569 | Improper Validation of Array Index in WLAN Host Communication | S | |
| CVE-2024-45570 | Use of Out-of-range Pointer Offset in Camera Driver | S | |
| CVE-2024-45571 | Use After Free in WLAN Host Communication | S | |
| CVE-2024-45573 | Use of Out-of-range Pointer Offset in Display | | |
| CVE-2024-45574 | Improper Validation of Array Index in Camera Driver | S | |
| CVE-2024-45575 | Integer Overflow or Wraparound in Camera Driver | S | |
| CVE-2024-45576 | Improper Validation of Array Index in Camera Driver | S | |
| CVE-2024-45577 | Improper Input Validation in Camera Driver | S | |
| CVE-2024-45578 | Improper Validation of Array Index in Camera Driver | S | |
| CVE-2024-45579 | Improper Input Validation in Camera Driver | S | |
| CVE-2024-45580 | Use After Free in DSP Service | S | |
| CVE-2024-45581 | Out-of-bounds Write in Audio | S | |
| CVE-2024-45582 | Improper Validation of Array Index in Camera Driver | S | |
| CVE-2024-45583 | Use After Free in Secure Processor | S | |
| CVE-2024-45584 | Untrusted Pointer Dereference in Automotive Android OS | S | |
| CVE-2024-45586 | Account Take Over Vulnerability | S | |
| CVE-2024-45587 | Unauthorized Modification Vulnerability | S | |
| CVE-2024-45588 | Information Disclosure Vulnerability | S | |
| CVE-2024-45589 | RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authen... | E | |
| CVE-2024-45590 | body-parser vulnerable to denial of service when url encoding is enabled | S | |
| CVE-2024-45591 | XWiki Platform document history including authors of any page exposed to unauthorized actors | E S | |
| CVE-2024-45592 | auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped | S | |
| CVE-2024-45593 | Nix affected by unsafe NAR unpacking | S | |
| CVE-2024-45594 | Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds | | |
| CVE-2024-45595 | D-Tale allows Remote Code Execution through the Query input on Chart Builder | S | |
| CVE-2024-45596 | Directus's session is cached for OpenID and OAuth2 if `redirect` is not used | | |
| CVE-2024-45597 | Pluto's http.request allows CR and LF in header values | S | |
| CVE-2024-45598 | Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path | E S | |
| CVE-2024-45599 | TCC Bypass in Cursor's macOS Application | | |
| CVE-2024-45600 | Fields GLPI plugin has an Authenticated SQL Injection | | |
| CVE-2024-45601 | Local file Inclusion via static file serving functionality in Mesop | | |
| CVE-2024-45604 | Directory traversal in the file selector widget in contao/core-bundle | | |
| CVE-2024-45605 | Improper authorization on deletion of user issue alert notifications in sentry | S | |
| CVE-2024-45606 | Improper authorization on muting of alert rules in sentry | S | |
| CVE-2024-45607 | whatsapp-api-js fails to validate message's signature | S | |
| CVE-2024-45608 | GLPI has an Authenticated SQL Injection | | |
| CVE-2024-45609 | GLPI has a Reflected XSS in /front/stat.graph.php | | |
| CVE-2024-45610 | GLPI has a reflected XSS in ajax/cable.php | | |
| CVE-2024-45611 | GLPI has a stored XSS at src/RSSFeed.php | | |
| CVE-2024-45612 | Insert tag injection via canonical URL in Contao | | |
| CVE-2024-45613 | CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package | | |
| CVE-2024-45614 | Header normalization allows for client to clobber proxy set headers in Puma | | |
| CVE-2024-45615 | Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init | | |
| CVE-2024-45616 | Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc | | |
| CVE-2024-45617 | Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc | | |
| CVE-2024-45618 | Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init | | |
| CVE-2024-45619 | Libopensc: incorrect handling length of buffers or files in libopensc | | |
| CVE-2024-45620 | Libopensc: incorrect handling of the length of buffers or files in pkcs15init | | |
| CVE-2024-45621 | The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uplo... | | |
| CVE-2024-45622 | ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username... | | |
| CVE-2024-45623 | D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via ... | | |
| CVE-2024-45624 | Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a datab... | | |
| CVE-2024-45625 | Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerabil... | S | |
| CVE-2024-45626 | Apache James: denial of service through JMAP HTML to text conversion | | |
| CVE-2024-45627 | Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability | | |
| CVE-2024-45638 | IBM QRadar EDR information disclosure | | |
| CVE-2024-45640 | IBM Security QRadar EDR information disclosure | | |
| CVE-2024-45641 | IBM Security ReaQta improper certificate validation | S | |
| CVE-2024-45642 | IBM Security ReaQta information disclosure | | |
| CVE-2024-45643 | IBM QRadar EDR information disclosure | | |
| CVE-2024-45644 | IBM Security ReaQta file upload | | |
| CVE-2024-45647 | IBM Security Verify Access unverified password change | | |
| CVE-2024-45650 | IBM Security Verify Directory denial of service | | |
| CVE-2024-45651 | IBM Sterling Connect:Direct Web Services session fixation | | |
| CVE-2024-45652 | IBM Maximo Asset Management directory traversal | | |
| CVE-2024-45653 | IBM Sterling Connect:Direct Web Services information disclosure | | |
| CVE-2024-45654 | IBM Security ReaQta improper input validation | | |
| CVE-2024-45655 | IBM Application Gateway incorrect permission assignment | S | |
| CVE-2024-45656 | IBM Flexible Service Processor hard coded credentials | | |
| CVE-2024-45657 | IBM Security Verify Access incorrect privilege assignment | | |
| CVE-2024-45658 | IBM Security Verify Access information disclosure | | |
| CVE-2024-45659 | IBM Security Verify Access information disclosure | | |
| CVE-2024-45662 | IBM Safer Payments denial of service | | |
| CVE-2024-45663 | IBM Db2 denial of service | | |
| CVE-2024-45670 | IBM Security SOAR weak password recovery mechanism | | |
| CVE-2024-45672 | IBM Security Verify Bridge data manipulation | | |
| CVE-2024-45673 | IBM Security Verify Bridge information disclosure | S | |
| CVE-2024-45674 | IBM Security Verify Bridge information disclosure | S | |
| CVE-2024-45676 | IBM Cognos Controller file upload | | |
| CVE-2024-45678 | Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware befor... | M | |
| CVE-2024-45679 | Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker t... | S | |
| CVE-2024-45682 | Millbeck Communications Proroute H685t-w Command Injection. | S | |
| CVE-2024-45687 | HTTP Server incorrectly accepting disallowed characters within header values | | |
| CVE-2024-45689 | Moodle: unprotected access to sensitive information via dynamic tables | | |
| CVE-2024-45690 | Moodle: idor when deleting oauth2 linked accounts | | |
| CVE-2024-45691 | Moodle: lesson activity password bypass through php loose comparison | | |
| CVE-2024-45692 | Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packet... | | |
| CVE-2024-45693 | Apache CloudStack: Request origin validation bypass makes account takeover possible | S | |
| CVE-2024-45694 | D-Link WiFi router - Stack-based Buffer Overflow | S | |
| CVE-2024-45695 | D-Link WiFi router - Stack-based Buffer Overflow | S | |
| CVE-2024-45696 | D-Link WiFi router - Hidden Functionality | S | |
| CVE-2024-45697 | D-Link WiFi router - Hidden Functionality | S | |
| CVE-2024-45698 | D-Link WiFi router - OS Command Injection | S | |
| CVE-2024-45699 | Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps | | |
| CVE-2024-45700 | DoS vulnerability due to uncontrolled resource exhaustion | | |
| CVE-2024-45709 | SolarWinds Web Help Desk Local File Read Vulnerability | S | |
| CVE-2024-45710 | SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | S | |
| CVE-2024-45711 | SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2024-45712 | SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability | S | |
| CVE-2024-45713 | SolarWinds Kiwi CatTools Sensitive Information Disclosure Vulnerability | S | |
| CVE-2024-45714 | SolarWinds Serv-U Stored XSS Vulnerability | S | |
| CVE-2024-45715 | SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability | S | |
| CVE-2024-45717 | SolarWinds Platform Cross- Site Scripting Vulnerability | S | |
| CVE-2024-45718 | Sensitive data disclosure vulnerability | S | |
| CVE-2024-45719 | Apache Answer: Predictable Authorization Token Using UUIDv1 | | |
| CVE-2024-45720 | Apache Subversion: Command line argument injection on Windows platforms | | |
| CVE-2024-45721 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnera... | | |
| CVE-2024-45722 | Ruijie Reyee OS Use of Weak Credentials | S | |
| CVE-2024-45723 | goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator | S | |
| CVE-2024-45731 | Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk | | |
| CVE-2024-45732 | Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app | | |
| CVE-2024-45733 | Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows | | |
| CVE-2024-45734 | Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard | | |
| CVE-2024-45735 | Improper Access Control for low-privileged user in Splunk Secure Gateway App | | |
| CVE-2024-45736 | Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon | | |
| CVE-2024-45737 | Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) | | |
| CVE-2024-45738 | Sensitive information disclosure in REST_Calls logging channel | | |
| CVE-2024-45739 | Sensitive information disclosure in AdminManager logging channel | | |
| CVE-2024-45740 | Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise | | |
| CVE-2024-45741 | Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise | | |
| CVE-2024-45744 | TopQuadrant TopBraid EDG password manager stores external credentials insecurely | | |
| CVE-2024-45745 | TopQuadrant TopBraid EDG JavaScript console XXE | | |
| CVE-2024-45746 | An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox ... | | |
| CVE-2024-45750 | An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Cli... | | |
| CVE-2024-45751 | tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without s... | | |
| CVE-2024-45752 | logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its l... | | |
| CVE-2024-45753 | In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML ha... | | |
| CVE-2024-45754 | An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.... | | |
| CVE-2024-45755 | An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04... | | |
| CVE-2024-45756 | An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.... | | |
| CVE-2024-45757 | An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can o... | | |
| CVE-2024-45758 | H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserializa... | | |
| CVE-2024-45759 | Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contai... | | |
| CVE-2024-45760 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access contr... | M | |
| CVE-2024-45761 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input valida... | | |
| CVE-2024-45763 | Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special ... | | |
| CVE-2024-45764 | Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authenticat... | | |
| CVE-2024-45765 | Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special ... | | |
| CVE-2024-45766 | Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generati... | | |
| CVE-2024-45767 | Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of S... | | |
| CVE-2024-45769 | Pcp: pmcd heap corruption through metric pmstore operations | M | |
| CVE-2024-45770 | Pcp: pmpost symlink attack allows escalating pcp to root user | M | |
| CVE-2024-45771 | RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter a... | E | |
| CVE-2024-45772 | Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue | M | |
| CVE-2024-45773 | A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash... | | |
| CVE-2024-45774 | Grub2: reader/jpeg: heap oob write during jpeg parsing | M | |
| CVE-2024-45775 | Grub2: commands/extcmd: missing check for failed allocation | M | |
| CVE-2024-45776 | Grub2: grub-core/gettext: integer overflow leads to heap oob write and read. | M | |
| CVE-2024-45777 | Grub2: grub-core/gettext: integer overflow leads to heap oob write. | | |
| CVE-2024-45778 | Grub2: fs/bfs: integer overflow in the bfs parser. | M | |
| CVE-2024-45779 | Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser | M | |
| CVE-2024-45780 | Grub2: fs/tar: integer overflow causes heap oob write | M | |
| CVE-2024-45781 | Grub2: fs/ufs: oob write in the heap | M | |
| CVE-2024-45782 | Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382) | | |
| CVE-2024-45783 | Grub2: fs/hfs+: refcount can be decremented twice | M | |
| CVE-2024-45784 | Apache Airflow: Sensitive configuration values are not masked in the logs by default | S | |
| CVE-2024-45785 | MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is ... | | |
| CVE-2024-45786 | Improper Authorization Vulnerability | S | |
| CVE-2024-45787 | Information Disclosure Vulnerability | S | |
| CVE-2024-45788 | No Rate Limiting Vulnerability | S | |
| CVE-2024-45789 | Parameter Tampering Vulnerability | S | |
| CVE-2024-45790 | User Enumeration vulnerability | S | |
| CVE-2024-45791 | Apache HertzBeat: Exposure sensitive token via http GET method with query string | | |
| CVE-2024-45792 | MantisBT vulnerable to information disclosure with user profiles | S | |
| CVE-2024-45793 | Cross-site Scripting from in Confidant API call | | |
| CVE-2024-45794 | SQL Injection in CreateUser API in devtron | E | |
| CVE-2024-45795 | Suricata detect/datasets: reachable assertion with unimplemented rule option | | |
| CVE-2024-45796 | Suricata defrag: off by one can lead to policy bypass | | |
| CVE-2024-45797 | LibHTP's unbounded header handling leads to denial service | E S | |
| CVE-2024-45798 | Multiple Poisoned Pipeline Execution (PPE) vulnerabilities | | |
| CVE-2024-45799 | Javascript Injection in Vending Info/Buyers Info Module in FluxCP | | |
| CVE-2024-45800 | Multiple mXSS found in snappymail HTML parser | | |
| CVE-2024-45801 | Tampering by prototype polution in DOMPurify | | |
| CVE-2024-45802 | Squid Denial of Service | M | |
| CVE-2024-45803 | Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui | S | |
| CVE-2024-45804 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2024-45805 | OpenCTI leaks support information due to inadequate access control | E | |
| CVE-2024-45806 | Potential manipulate `x-envoy` headers from external sources in envoy | | |
| CVE-2024-45807 | oghttp2 crash on OnBeginHeadersForStream in envoy | | |
| CVE-2024-45808 | Malicious log injection via access logs in envoy | | |
| CVE-2024-45809 | Jwt filter crash in the clear route cache with remote JWKs in envoy | | |
| CVE-2024-45810 | Envoy crashes for LocalReply in http async client | E | |
| CVE-2024-45811 | server.fs.deny bypassed when using ?import&raw in vite | | |
| CVE-2024-45812 | DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite | | |
| CVE-2024-45813 | ReDoS vulnerability in multiparametric routes in find-my-way | | |
| CVE-2024-45815 | Prototype pollution in @backstage/plugin-catalog-backend | | |
| CVE-2024-45816 | Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend | | |
| CVE-2024-45817 | x86: Deadlock in vlapic_error() | M | |
| CVE-2024-45818 | Deadlock in x86 HVM standard VGA handling | S | |
| CVE-2024-45819 | libxl leaks data to PVH guests via ACPI tables | M | |
| CVE-2024-45823 | FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets | S | |
| CVE-2024-45824 | FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation | S | |
| CVE-2024-45825 | 5015-U8IHFT Denial-of-Service Vulnerability via CIP Message | S | |
| CVE-2024-45826 | ThinManager® Code Execution Vulnerability | S | |
| CVE-2024-45827 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2024-45828 | i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request | S | |
| CVE-2024-45829 | Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP req... | | |
| CVE-2024-45832 | Ossur Mobile Logic Application Use of Hard-coded Credentials | S | |
| CVE-2024-45833 | Mobile password gets saved in dictionary under conditions | S | |
| CVE-2024-45835 | Insufficient Electron Fuses Configuration | S | |
| CVE-2024-45836 | Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS networ... | | |
| CVE-2024-45837 | Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Suppor... | | |
| CVE-2024-45838 | goTenna Pro ATAK Plugin Cleartext Transmission of Sensitive Information | S | |
| CVE-2024-45841 | Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and ... | | |
| CVE-2024-45842 | Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Trav... | | |
| CVE-2024-45843 | Weak SSRF Filtering | S | |
| CVE-2024-45844 | BIG-IP monitors vulnerability | E | |
| CVE-2024-45845 | Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a r... | R | |
| CVE-2024-45846 | An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB... | E | |
| CVE-2024-45847 | An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB... | E | |
| CVE-2024-45848 | An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB... | E | |
| CVE-2024-45849 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB... | E | |
| CVE-2024-45850 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB... | E | |
| CVE-2024-45851 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB... | E | |
| CVE-2024-45852 | Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, ... | E | |
| CVE-2024-45853 | Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform,... | E | |
| CVE-2024-45854 | Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform,... | E | |
| CVE-2024-45855 | Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform,... | E | |
| CVE-2024-45856 | A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling ... | E | |
| CVE-2024-45857 | Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enab... | | |
| CVE-2024-45858 | An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI... | | |
| CVE-2024-45861 | Use of Hard-coded Credentials in Kastle Systems Access Control System | S | |
| CVE-2024-45862 | Cleartext Storage of Sensitive Information in Kastle Systems Access Control System | S | |
| CVE-2024-45863 | A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause t... | | |
| CVE-2024-45870 | Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC... | E | |
| CVE-2024-45871 | Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service... | E | |
| CVE-2024-45872 | Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs... | E | |
| CVE-2024-45873 | A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code ... | | |
| CVE-2024-45874 | A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / m... | | |
| CVE-2024-45875 | The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed in version1.35.291), in /App... | | |
| CVE-2024-45876 | The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw... | | |
| CVE-2024-45877 | baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Manageme... | | |
| CVE-2024-45878 | The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps... | | |
| CVE-2024-45879 | The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed... | | |
| CVE-2024-45880 | A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability... | | |
| CVE-2024-45882 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when... | | |
| CVE-2024-45884 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulne... | | |
| CVE-2024-45885 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulne... | | |
| CVE-2024-45887 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulne... | | |
| CVE-2024-45888 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when... | | |
| CVE-2024-45889 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulne... | | |
| CVE-2024-45890 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulner... | | |
| CVE-2024-45891 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulne... | | |
| CVE-2024-45893 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulne... | | |
| CVE-2024-45894 | BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.p... | | |
| CVE-2024-45918 | Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injecti... | | |
| CVE-2024-45919 | A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate the... | E | |
| CVE-2024-45920 | A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to injec... | E | |
| CVE-2024-45932 | Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /ad... | E | |
| CVE-2024-45933 | OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute ar... | | |
| CVE-2024-45944 | In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger ce... | E | |
| CVE-2024-45955 | Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.... | E | |
| CVE-2024-45960 | Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code int... | E | |
| CVE-2024-45962 | October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaS... | | |
| CVE-2024-45964 | Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organize... | E | |
| CVE-2024-45965 | Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer)... | E | |
| CVE-2024-45967 | Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.... | E | |
| CVE-2024-45969 | NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1... | | |
| CVE-2024-45970 | Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281... | | |
| CVE-2024-45971 | Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae0... | | |
| CVE-2024-45979 | A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the passwor... | | |
| CVE-2024-45980 | A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset... | | |
| CVE-2024-45981 | A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the passwo... | | |
| CVE-2024-45982 | A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password r... | | |
| CVE-2024-45983 | A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System ... | E | |
| CVE-2024-45984 | A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management Sy... | E | |
| CVE-2024-45985 | A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Manageme... | E | |
| CVE-2024-45986 | A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting Syste... | E | |
| CVE-2024-45987 | Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via... | E | |
| CVE-2024-45989 | Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to... | | |
| CVE-2024-45993 | Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.... | | |
| CVE-2024-45999 | A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station... | E |