| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-56000 | WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability | S | |
| CVE-2024-56001 | WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability | S | |
| CVE-2024-56002 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability | S | |
| CVE-2024-56003 | WordPress Caldera SMTP Mailer plugin <= 1.0.1 - Broken Access Control vulnerability | | |
| CVE-2024-56004 | WordPress Easy Site Importer plugin <= 1.0.1 - Settings Change vulnerability | | |
| CVE-2024-56005 | WordPress Posti Shipping Plugin <= 3.10.3 - CSRF to Settings Change vulnerability | S | |
| CVE-2024-56006 | WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability | S | |
| CVE-2024-56007 | WordPress Leader plugin <= 2.6.1 - Broken Access Control vulnerability | | |
| CVE-2024-56008 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability | S | |
| CVE-2024-56009 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Broken Access Control vulnerability | S | |
| CVE-2024-56010 | WordPress Device Detector Plugin <= 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56011 | WordPress Responsive Google Maps | by imbaa plugin <= 1.2.5 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56012 | WordPress Post Title (TypeWriter) and Flash News / Post (Responsive) plugins <= 4.1 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2024-56013 | WordPress Wovax IDX plugin <= 1.2.2 - Account Takeover vulnerability | | |
| CVE-2024-56014 | WordPress Olivia Theme <= 0.9.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56015 | WordPress Tidy Up Plugin <= 1.3 - CSRF to Reflected Cross-Site Scripting vulnerability | | |
| CVE-2024-56016 | WordPress Image Mapper plugin <= 0.2.5.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56017 | WordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-56018 | WordPress BU Section Editing Plugin <= 0.9.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56019 | WordPress Inline Footnotes Plugin <= 2.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56020 | WordPress SvegliaT Buttons Plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56021 | WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56022 | WordPress Preloader by WordPress Monsters plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56023 | WordPress WP eCommerce Quickpay plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56024 | WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56025 | WordPress AdWork Media EZ Content Locker plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56026 | WordPress Simple Proxy plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56027 | WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56028 | WordPress Lemonade Social Networks Autoposter Pinterest plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56029 | WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56030 | WordPress 10CentMail plugin <= 2.1.50 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56031 | WordPress Smart Shopify Product plugin <= 1.0.2 - Arbitrary Content Deletion vulnerability | | |
| CVE-2024-56032 | WordPress FV Descriptions plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56033 | WordPress FAQs plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56034 | WordPress Services updates for customers plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56035 | WordPress Upload Scanner plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56036 | WordPress odPhotogallery plugin <= 0.5.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56037 | WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56038 | WordPress SendSMS Plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56039 | WordPress VibeBP plugin < 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability | S | |
| CVE-2024-56040 | WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability | S | |
| CVE-2024-56041 | WordPress VibeBP plugin < 1.9.9.5.1 - SQL Injection vulnerability | S | |
| CVE-2024-56042 | WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability | S | |
| CVE-2024-56043 | WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability | S | |
| CVE-2024-56044 | WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability | S | |
| CVE-2024-56045 | WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability | S | |
| CVE-2024-56046 | WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability | S | |
| CVE-2024-56047 | WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability | S | |
| CVE-2024-56048 | WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability | S | |
| CVE-2024-56049 | WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability | S | |
| CVE-2024-56050 | WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability | S | |
| CVE-2024-56051 | WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-56052 | WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability | S | |
| CVE-2024-56053 | WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability | S | |
| CVE-2024-56054 | WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability | S | |
| CVE-2024-56055 | WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability | S | |
| CVE-2024-56056 | WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56057 | WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-56058 | WordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerability | | |
| CVE-2024-56059 | WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability | | |
| CVE-2024-56060 | WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56061 | WordPress RepairBuddy plugin <= 3.8119 - Account Takeover vulnerability | S | |
| CVE-2024-56062 | WordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56063 | WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56064 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability | S | |
| CVE-2024-56065 | WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56066 | WordPress Agency Toolkit plugin <= 1.0.23 - Privilege Escalation vulnerability | S | |
| CVE-2024-56067 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability | S | |
| CVE-2024-56068 | WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability | S | |
| CVE-2024-56069 | WordPress WP SuperBackup plugin <= 2.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56070 | WordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilities | S | |
| CVE-2024-56071 | WordPress Simple Dashboard plugin <= 2.0 - Privilege Escalation vulnerability | | |
| CVE-2024-56072 | An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows re... | | |
| CVE-2024-56073 | An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Net... | | |
| CVE-2024-56074 | gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.... | | |
| CVE-2024-56082 | ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package i... | | |
| CVE-2024-56083 | Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the htt... | | |
| CVE-2024-56084 | An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject... | | |
| CVE-2024-56085 | An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while crea... | | |
| CVE-2024-56086 | An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report ... | | |
| CVE-2024-56087 | An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while quer... | | |
| CVE-2024-56112 | CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadmins... | | |
| CVE-2024-56113 | Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing se... | | |
| CVE-2024-56114 | Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role ... | | |
| CVE-2024-56115 | A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize s... | E | |
| CVE-2024-56116 | A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to crea... | | |
| CVE-2024-56128 | Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption | | |
| CVE-2024-56131 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. | | |
| CVE-2024-56132 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. | | |
| CVE-2024-56133 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. | | |
| CVE-2024-56134 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. | | |
| CVE-2024-56135 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. | | |
| CVE-2024-56136 | /api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server | | |
| CVE-2024-56137 | MaxKB RCE vulnerability in function library | E | |
| CVE-2024-56138 | Timestamp signature generation lacks certificate revocation check in notion-go | | |
| CVE-2024-56139 | A stack overflow Segmentation Fault (SEGV) and Memory Leak in pdftools | E | |
| CVE-2024-56140 | Bypass of CSRF Middleware in Astro | | |
| CVE-2024-56142 | Path Traversal in pghoard | | |
| CVE-2024-56144 | Stored XSS-LibreNMS-Display Name 2 in librenms | E | |
| CVE-2024-56145 | RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms | | |
| CVE-2024-56156 | Halo Vulnerable to Stored XSS and RCE via File Upload Bypass | | |
| CVE-2024-56157 | iTop vulnerable to Self XSS in CSV Import | | |
| CVE-2024-56159 | Server source code is exposed to the public if sourcemaps are enabled | E | |
| CVE-2024-56161 | Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with loc... | | |
| CVE-2024-56169 | A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties... | | |
| CVE-2024-56170 | A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are l... | | |
| CVE-2024-56171 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables a... | | |
| CVE-2024-56173 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently... | | |
| CVE-2024-56174 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently... | | |
| CVE-2024-56175 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently... | | |
| CVE-2024-56178 | An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_loca... | | |
| CVE-2024-56180 | Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution | | |
| CVE-2024-56181 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All v... | | |
| CVE-2024-56182 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All ... | | |
| CVE-2024-56184 | In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect b... | | |
| CVE-2024-56185 | In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-o... | | |
| CVE-2024-56186 | In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect... | | |
| CVE-2024-56187 | In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to ... | | |
| CVE-2024-56188 | there is a possible way to crash the modem due to a missing null check. This could lead to remote de... | | |
| CVE-2024-56191 | In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. T... | | |
| CVE-2024-56192 | In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing b... | | |
| CVE-2024-56193 | There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could ... | | |
| CVE-2024-56195 | Apache Traffic Server: Intercept plugins are not access controlled | | |
| CVE-2024-56196 | Apache Traffic Server: ACL is not fully compatible with older versions | | |
| CVE-2024-56197 | Users can see other user's tagged PMs in Discourse | | |
| CVE-2024-56198 | path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability | | |
| CVE-2024-56199 | phpMyFAQ Vulnerable to Stored HTML Injection at FAQ | | |
| CVE-2024-56200 | Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy | | |
| CVE-2024-56201 | Jinja has a sandbox breakout through malicious filenames | | |
| CVE-2024-56202 | Apache Traffic Server: Expect header field can unreasonably retain resource | | |
| CVE-2024-56203 | WordPress Wayne Audio Player plugin <= 1.0 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2024-56204 | WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2024-56205 | WordPress AI Magic – SEO Content Generator & Article Writer plugin <= 1.0.4 - Privilege Escalation vulnerability | | |
| CVE-2024-56206 | WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability | | |
| CVE-2024-56207 | WordPress EditionGuard for WooCommerce – eBook Sales with DRM plugin <= 3.4.2 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2024-56209 | WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56210 | WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56211 | WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability | | |
| CVE-2024-56212 | WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability | | |
| CVE-2024-56213 | WordPress Eventin plugin <= 4.0.7 - Contributor+ Limited Local File Inclusion vulnerability | S | |
| CVE-2024-56214 | WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability | | |
| CVE-2024-56215 | WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability | S | |
| CVE-2024-56216 | WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability | S | |
| CVE-2024-56217 | WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability | S | |
| CVE-2024-56218 | WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-56219 | WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability | S | |
| CVE-2024-56220 | WordPress SSL Wireless SMS Notification plugin <= 3.5.0 - Privilege Escalation vulnerability | | |
| CVE-2024-56221 | WordPress WPMozo Addons Lite for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56222 | WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-56223 | WordPress Gulri Slider plugin <= 3.5.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56224 | WordPress Ledenbeheer plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56225 | WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability | S | |
| CVE-2024-56226 | WordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56227 | WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability | S | |
| CVE-2024-56228 | WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56229 | WordPress SearchIQ plugin <= 4.6 - Cross-Site Requst Forgery (CSRF) vulnerability | S | |
| CVE-2024-56230 | WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin <= 1.1.3 - Local File Inclusion vulnerability | S | |
| CVE-2024-56231 | WordPress SaasPricing plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56232 | WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-56233 | WordPress Kintpv Wooconnect plugin <= 8.129 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56234 | WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability | | |
| CVE-2024-56235 | WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-56236 | WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-56237 | WordPress Contest Gallery plugin <= 24.0.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56238 | WordPress Floating Action Buttons plugin <= 0.9.1 - Broken Access Control vulnerability | S | |
| CVE-2024-56239 | WordPress Themify Audio Dock plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56240 | WordPress Pronamic Google Maps plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56241 | WordPress WPKoi Templates for Elementor plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56242 | WordPress Arconix Shortcodes plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56243 | WordPress WPSSO Core plugin <= 18.18.1 - Broken Access Control vulnerability | S | |
| CVE-2024-56244 | WordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerability | S | |
| CVE-2024-56245 | WordPress Premium Blocks plugin <= 2.1.42 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56246 | WordPress Nexter Blocks plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56247 | WordPress WP Post Author plugin <= 3.8.2 - SQL Injection vulnerability | S | |
| CVE-2024-56248 | WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Download vulnerability | S | |
| CVE-2024-56249 | WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-56250 | WordPress Just Writing Statistics plugin <= 4.7 - SQL Injection vulnerability | S | |
| CVE-2024-56251 | WordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-56252 | WordPress Enter Addons plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56253 | WordPress Data Tables Generator by Supsystic plugin <= 1.10.36 - Broken Access Control vulnerability | S | |
| CVE-2024-56254 | WordPress Move Addons for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56255 | WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability | S | |
| CVE-2024-56256 | WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56257 | WordPress Coins MarketCap plugin <= 5.5.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56258 | WordPress Magazine Blocks plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56259 | WordPress GeoDirectory plugin <= 2.3.84 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56260 | WordPress ShopElement plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56261 | WordPress Project Showcase plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56262 | WordPress GS Coaches plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56263 | WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56264 | WordPress ACF City Selector plugin <= 1.14.0 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-56265 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56266 | WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability | S | |
| CVE-2024-56267 | WordPress Interactive UK Map plugin <= 3.4.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56268 | WordPress Post Grid Elementor Addon plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56270 | WordPress WP SecureSubmit plugin <= 1.5.16 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-56271 | WordPress WP SecureSubmit plugin <= 1.5.16 - Broken Access Control vulnerability | | |
| CVE-2024-56272 | WordPress Hide Category by User Role for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability | | |
| CVE-2024-56273 | WordPress WPvivid Backup plugin <= 0.9.106 - Broken Access Control vulnerability | S | |
| CVE-2024-56274 | WordPress Astra Widgets plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56275 | WordPress Envato Elements plugin <= 2.0.14 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-56276 | WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability | S | |
| CVE-2024-56277 | WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability | S | |
| CVE-2024-56278 | WordPress WP Ultimate Exporter plugin <= 2.9.1 - Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-56279 | WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-56280 | WordPress WPGuppy plugin <= 1.1.0 - Privilege Escalation vulnerability | S | |
| CVE-2024-56281 | WordPress 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin <= 5.2.0 - Local File Inclusion vulnerability | S | |
| CVE-2024-56282 | WordPress WPMozo Addons Lite for Elementor plugin <= 1.1.0 - Local File Inclusion vulnerability | S | |
| CVE-2024-56283 | WordPress Locatoraid Store Locator Plugin <= 3.9.50 - PHP Object Injection vulnerability | S | |
| CVE-2024-56284 | WordPress SSL Wireless SMS Notification Plugin <= 3.5.0 - SQL Injection vulnerability | | |
| CVE-2024-56285 | WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross-Site Scripting vulnerability | S | |
| CVE-2024-56286 | WordPress Classic Addons – WPBakery Page Builder plugin <= 3.0 - Local File Inclusion vulnerability | S | |
| CVE-2024-56287 | WordPress WP jQuery DataTable Plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56288 | WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56289 | WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56290 | WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.2 - Unauthenticated SQL Injection vulnerability | S | |
| CVE-2024-56291 | WordPress PlainInventory – Inventory Management Plugin Plugin <= 3.1.6 - PHP Object Injection vulnerability | S | |
| CVE-2024-56292 | WordPress Email Reminders Plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56293 | WordPress AFI – The Easiest Integration Plugin <= 1.95.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56294 | WordPress Nexter Blocks plugin <= 4.0.7 - Broken Access Control vulnerability | S | |
| CVE-2024-56295 | WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability | S | |
| CVE-2024-56296 | WordPress Mang Board WP plugin <= 1.8.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56297 | WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56298 | WordPress Pretty Simple Popup Builder Plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56299 | WordPress Notify Odoo plugin <= 1.0.0 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-56300 | WordPress Post/Page Copying Tool plugin <= 2.0.0 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-56301 | WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56302 | WordPress ConvertCalculator for WordPress plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-56310 | REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-... | E | |
| CVE-2024-56311 | REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to... | E | |
| CVE-2024-56312 | A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14... | E | |
| CVE-2024-56313 | A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 a... | E | |
| CVE-2024-56314 | A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allow... | E | |
| CVE-2024-56316 | In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allo... | | |
| CVE-2024-56317 | In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all e... | | |
| CVE-2024-56318 | In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there... | | |
| CVE-2024-56319 | In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label... | E | |
| CVE-2024-56320 | GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user | | |
| CVE-2024-56321 | GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access | | |
| CVE-2024-56322 | GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality | | |
| CVE-2024-56323 | OpenFGA Authorization Bypass | | |
| CVE-2024-56324 | GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins | | |
| CVE-2024-56325 | Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required | | |
| CVE-2024-56326 | Jinja has a sandbox breakout through indirect reference to format method | | |
| CVE-2024-56327 | Malicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrage | | |
| CVE-2024-56328 | HTMLi(XSS without CSP) via Onebox urls in Discourse | | |
| CVE-2024-56329 | Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream | | |
| CVE-2024-56330 | Session VNC may be accessed by other sessions on the same host in stardust | | |
| CVE-2024-56331 | Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor | | |
| CVE-2024-56332 | Next.js Vulnerable to Denial of Service (DoS) with Server Actions | | |
| CVE-2024-56333 | Remote code execution in onyxia-api | | |
| CVE-2024-56334 | Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation | E | |
| CVE-2024-56335 | Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden | | |
| CVE-2024-56336 | A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with... | | |
| CVE-2024-56337 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete | | |
| CVE-2024-56338 | IBM Sterling B2B Integrator cross-site scripting | | |
| CVE-2024-56340 | IBM Cognos Analytics path traversal | | |
| CVE-2024-56341 | IBM Content Navigator cross-site scripting | | |
| CVE-2024-56346 | IBM AIX command execution | | |
| CVE-2024-56347 | IBM AIX command execution | | |
| CVE-2024-56348 | In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized... | | |
| CVE-2024-56349 | In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify bu... | | |
| CVE-2024-56350 | In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects... | | |
| CVE-2024-56351 | In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles... | | |
| CVE-2024-56352 | In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details pag... | | |
| CVE-2024-56353 | In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies... | | |
| CVE-2024-56354 | In JetBrains TeamCity before 2024.12 password field value were accessible to users with view setting... | | |
| CVE-2024-56355 | In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController respons... | | |
| CVE-2024-56356 | In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE at... | | |
| CVE-2024-56357 | Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core | S | |
| CVE-2024-56358 | Cross-site Scripting vulnerability through svg attachment previews in grist-core | S | |
| CVE-2024-56359 | Cross-site Scripting vulnerability through HyperLink cells in grist-core | S | |
| CVE-2024-56361 | Stored Cross-Site Scripting (XSS) in lgsl v7.0 | E | |
| CVE-2024-56362 | Navidrome Stores JWT Secret in Plaintext in navidrome.db | | |
| CVE-2024-56363 | APTRS has SSTI vulnerability | | |
| CVE-2024-56364 | Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx | | |
| CVE-2024-56365 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in the constructor of the Downloader class | E S | |
| CVE-2024-56366 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file | E S | |
| CVE-2024-56368 | ring-buffer: Fix overflow in __rb_map_vma | | |
| CVE-2024-56369 | drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() | S | |
| CVE-2024-56370 | Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions | | |
| CVE-2024-56372 | net: tun: fix tun_napi_alloc_frags() | | |
| CVE-2024-56374 | An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack o... | | |
| CVE-2024-56375 | An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repositor... | | |
| CVE-2024-56376 | A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows ... | E | |
| CVE-2024-56377 | A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authentic... | E | |
| CVE-2024-56378 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bit... | | |
| CVE-2024-56404 | In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerab... | | |
| CVE-2024-56406 | Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes | S | |
| CVE-2024-56408 | PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file | E S | |
| CVE-2024-56409 | PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file | E S | |
| CVE-2024-56410 | PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties | E S | |
| CVE-2024-56411 | PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header | E S | |
| CVE-2024-56412 | PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters | E S | |
| CVE-2024-56413 | Missing session invalidation after user deletion. The following products are affected: Acronis Cyber... | | |
| CVE-2024-56414 | Web installer integrity check used weak hash algorithm. The following products are affected: Acronis... | | |
| CVE-2024-56427 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 108... | | |
| CVE-2024-56428 | The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext cre... | | |
| CVE-2024-56429 | itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.ja... | | |
| CVE-2024-56430 | OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-... | E | |
| CVE-2024-56431 | oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative ... | E | |
| CVE-2024-56433 | shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 1... | | |
| CVE-2024-56434 | UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerabi... | | |
| CVE-2024-56435 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-56436 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-56437 | Vulnerability of input parameters not being verified in the widget framework module Impact: Successf... | | |
| CVE-2024-56438 | Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitati... | | |
| CVE-2024-56439 | Access control vulnerability in the identity authentication module Impact: Successful exploitation o... | | |
| CVE-2024-56440 | Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this ... | | |
| CVE-2024-56441 | Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2024-56442 | Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful expl... | | |
| CVE-2024-56443 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-56444 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o... | | |
| CVE-2024-56445 | Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploit... | | |
| CVE-2024-56446 | Vulnerability of variables not being initialized in the notification module Impact: Successful explo... | | |
| CVE-2024-56447 | Vulnerability of improper permission control in the window management module Impact: Successful expl... | | |
| CVE-2024-56448 | Vulnerability of improper access control in the home screen widget module Impact: Successful exploit... | | |
| CVE-2024-56449 | Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vul... | | |
| CVE-2024-56450 | Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this... | | |
| CVE-2024-56451 | Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful ... | | |
| CVE-2024-56452 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu... | | |
| CVE-2024-56453 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu... | | |
| CVE-2024-56454 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu... | | |
| CVE-2024-56455 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu... | | |
| CVE-2024-56456 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu... | | |
| CVE-2024-56463 | IBM QRadar SIEM cross-site scripting | S | |
| CVE-2024-56467 | IBM EntireX information disclosure | | |
| CVE-2024-56469 | IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication | | |
| CVE-2024-56470 | IBM Aspera Shares Server-Side Request Forgery | | |
| CVE-2024-56471 | IBM Aspera Shares Server-Side Request Forgery | | |
| CVE-2024-56472 | IBM Aspera Shares Cross-Site Scripting | | |
| CVE-2024-56473 | IBM Aspera Shares Data Manipulation | | |
| CVE-2024-56474 | IBM TXSeries for Multiplatforms cross-site request forgery | | |
| CVE-2024-56475 | IBM TXSeries for Multiplatforms cross-site scripting | | |
| CVE-2024-56476 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2024-56477 | IBM Power Hardware Management Console directory traversal | | |
| CVE-2024-56493 | IBM EntireX information disclosure | | |
| CVE-2024-56494 | IBM EntireX information disclosure | | |
| CVE-2024-56495 | IBM EntireX information disclosure | | |
| CVE-2024-56496 | IBM EntireX information disclosure | | |
| CVE-2024-56497 | An improper neutralization of special elements used in an os command ('os command injection') in For... | S | |
| CVE-2024-56498 | Rejected reason: Not used... | R | |
| CVE-2024-56499 | Rejected reason: Not used... | R | |
| CVE-2024-56500 | Rejected reason: Not used... | R | |
| CVE-2024-56501 | Rejected reason: Not used... | R | |
| CVE-2024-56502 | Rejected reason: Not used... | R | |
| CVE-2024-56503 | Rejected reason: Not used... | R | |
| CVE-2024-56504 | Rejected reason: Not used... | R | |
| CVE-2024-56505 | Rejected reason: Not used... | R | |
| CVE-2024-56506 | Rejected reason: Not used... | R | |
| CVE-2024-56507 | Reflected Cross-Site Scripting (XSS) Vulnerability in LinkAce | E | |
| CVE-2024-56508 | File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 | E | |
| CVE-2024-56509 | changedetection.io has Improper Input Validation Leading to LFR/Path Traversal | E | |
| CVE-2024-56510 | Marp Core allows XSS by improper neutralization of HTML sanitization | | |
| CVE-2024-56511 | DataEase has an unauthorized vulnerability | E | |
| CVE-2024-56512 | Apache NiFi: Missing Complete Authorization for Parameter and Service References | | |
| CVE-2024-56513 | Karmada PULL Mode Cluster Privilege Escalation | | |
| CVE-2024-56514 | Karmada Tar Slips in CRDs archive extraction | | |
| CVE-2024-56515 | Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo | | |
| CVE-2024-56516 | free-one-api uses md5 for password storage | | |
| CVE-2024-56517 | LGSL has a reflected XSS at /lgsl_files/lgsl_list.php | | |
| CVE-2024-56518 | Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.prov... | | |
| CVE-2024-56519 | An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family at... | S | |
| CVE-2024-56520 | An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other pro... | | |
| CVE-2024-56521 | An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOP... | S | |
| CVE-2024-56522 | An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) an... | S | |
| CVE-2024-56523 | Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass fir... | | |
| CVE-2024-56524 | Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass fir... | | |
| CVE-2024-56525 | In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE... | | |
| CVE-2024-56526 | An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display use... | | |
| CVE-2024-56527 | An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for... | E S | |
| CVE-2024-56528 | This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse ... | S | |
| CVE-2024-56529 | Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote att... | | |
| CVE-2024-56531 | ALSA: caiaq: Use snd_card_free_when_closed() at disconnection | | |
| CVE-2024-56532 | ALSA: us122l: Use snd_card_free_when_closed() at disconnection | | |
| CVE-2024-56533 | ALSA: usx2y: Use snd_card_free_when_closed() at disconnection | | |
| CVE-2024-56534 | isofs: avoid memory leak in iocharset | S | |
| CVE-2024-56535 | wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() | S | |
| CVE-2024-56536 | wifi: cw1200: Fix potential NULL dereference | S | |
| CVE-2024-56537 | drm: xlnx: zynqmp_disp: layer may be null while releasing | S | |
| CVE-2024-56538 | drm: zynqmp_kms: Unplug DRM device before removal | S | |
| CVE-2024-56539 | wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() | | |
| CVE-2024-56540 | accel/ivpu: Prevent recovery invocation during probe and resume | S | |
| CVE-2024-56541 | wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() | S | |
| CVE-2024-56542 | drm/amd/display: fix a memleak issue when driver is removed | S | |
| CVE-2024-56543 | wifi: ath12k: Skip Rx TID cleanup for self peer | | |
| CVE-2024-56544 | udmabuf: change folios array from kmalloc to kvmalloc | S | |
| CVE-2024-56545 | HID: hyperv: streamline driver probe to avoid devres issues | | |
| CVE-2024-56546 | drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() | | |
| CVE-2024-56547 | rcu/nocb: Fix missed RCU barrier on deoffloading | | |
| CVE-2024-56548 | hfsplus: don't query the device logical block size multiple times | S | |
| CVE-2024-56549 | cachefiles: Fix NULL pointer dereference in object->file | S | |
| CVE-2024-56550 | s390/stacktrace: Use break instead of return statement | | |
| CVE-2024-56551 | drm/amdgpu: fix usage slab after free | S | |
| CVE-2024-56552 | drm/xe/guc_submit: fix race around suspend_pending | | |
| CVE-2024-56553 | binder: fix memleak of proc->delivered_freeze | S | |
| CVE-2024-56554 | binder: fix freeze UAF in binder_release_work() | S | |
| CVE-2024-56555 | binder: fix OOB in binder_add_freeze_work() | S | |
| CVE-2024-56556 | binder: fix node UAF in binder_add_freeze_work() | S | |
| CVE-2024-56557 | iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer | S | |
| CVE-2024-56558 | nfsd: make sure exp active before svc_export_show | S | |
| CVE-2024-56559 | mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation | | |
| CVE-2024-56560 | slab: Fix too strict alignment check in create_cache() | | |
| CVE-2024-56561 | PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() | S | |
| CVE-2024-56562 | i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() | | |
| CVE-2024-56563 | ceph: fix cred leak in ceph_mds_check_access() | | |
| CVE-2024-56564 | ceph: pass cred pointer to ceph_mds_auth_match() | | |
| CVE-2024-56565 | f2fs: fix to drop all discards after creating snapshot on lvm device | | |
| CVE-2024-56566 | mm/slub: Avoid list corruption when removing a slab from the full list | | |
| CVE-2024-56567 | ad7780: fix division by zero in ad7780_write_raw() | S | |
| CVE-2024-56568 | iommu/arm-smmu: Defer probe of clients after smmu device bound | S | |
| CVE-2024-56569 | ftrace: Fix regression with module command in stack_trace_filter | S | |
| CVE-2024-56570 | ovl: Filter invalid inodes with missing lookup function | | |
| CVE-2024-56571 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-56572 | media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() | S | |
| CVE-2024-56573 | efi/libstub: Free correct pointer on failure | | |
| CVE-2024-56574 | media: ts2020: fix null-ptr-deref in ts2020_probe() | S | |
| CVE-2024-56575 | media: imx-jpeg: Ensure power suppliers be suspended before detach them | S | |
| CVE-2024-56576 | media: i2c: tc358743: Fix crash in the probe error path when using polling | | |
| CVE-2024-56577 | media: mtk-jpeg: Fix null-ptr-deref during unload module | S | |
| CVE-2024-56578 | media: imx-jpeg: Set video drvdata before register video device | S | |
| CVE-2024-56579 | media: amphion: Set video drvdata before register video device | S | |
| CVE-2024-56580 | media: qcom: camss: fix error path on configuration of power domains | S | |
| CVE-2024-56581 | btrfs: ref-verify: fix use-after-free after invalid ref action | S | |
| CVE-2024-56582 | btrfs: fix use-after-free in btrfs_encoded_read_endio() | S | |
| CVE-2024-56583 | sched/deadline: Fix warning in migrate_enable for boosted tasks | | |
| CVE-2024-56584 | io_uring/tctx: work around xa_store() allocation error issue | | |
| CVE-2024-56585 | LoongArch: Fix sleeping in atomic context for PREEMPT_RT | | |
| CVE-2024-56586 | f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. | | |
| CVE-2024-56587 | leds: class: Protect brightness_show() with led_cdev->led_access mutex | S | |
| CVE-2024-56588 | scsi: hisi_sas: Create all dump files during debugfs initialization | S | |
| CVE-2024-56589 | scsi: hisi_sas: Add cond_resched() for no forced preemption model | | |
| CVE-2024-56590 | Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet | | |
| CVE-2024-56591 | Bluetooth: hci_conn: Use disable_delayed_work_sync | | |
| CVE-2024-56592 | bpf: Call free_htab_elem() after htab_unlock_bucket() | | |
| CVE-2024-56593 | wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() | S | |
| CVE-2024-56594 | drm/amdgpu: set the right AMDGPU sg segment limitation | | |
| CVE-2024-56595 | jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree | S | |
| CVE-2024-56596 | jfs: fix array-index-out-of-bounds in jfs_readdir | S | |
| CVE-2024-56597 | jfs: fix shift-out-of-bounds in dbSplit | | |
| CVE-2024-56598 | jfs: array-index-out-of-bounds fix in dtReadFirst | S | |
| CVE-2024-56599 | wifi: ath10k: avoid NULL pointer error during sdio remove | S | |
| CVE-2024-56600 | net: inet6: do not leave a dangling sk pointer in inet6_create() | S | |
| CVE-2024-56601 | net: inet: do not leave a dangling sk pointer in inet_create() | S | |
| CVE-2024-56602 | net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() | S | |
| CVE-2024-56603 | net: af_can: do not leave a dangling sk pointer in can_create() | S | |
| CVE-2024-56604 | Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() | S | |
| CVE-2024-56605 | Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() | S | |
| CVE-2024-56606 | af_packet: avoid erroring out after sock_init_data() in packet_create() | S | |
| CVE-2024-56607 | wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() | | |
| CVE-2024-56608 | drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' | S | |
| CVE-2024-56609 | wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb | | |
| CVE-2024-56610 | kcsan: Turn report_filterlist_lock into a raw_spinlock | | |
| CVE-2024-56611 | mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM | S | |
| CVE-2024-56612 | mm/gup: handle NULL pages in unpin_user_pages() | S | |
| CVE-2024-56613 | sched/numa: fix memory leak due to the overwritten vma->numab_state | S | |
| CVE-2024-56614 | xsk: fix OOB map writes when deleting elements | S | |
| CVE-2024-56615 | bpf: fix OOB devmap writes when deleting elements | S | |
| CVE-2024-56616 | drm/dp_mst: Fix MST sideband message body length check | | |
| CVE-2024-56617 | cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU | S | |
| CVE-2024-56618 | pmdomain: imx: gpcv2: Adjust delay after power up handshake | S | |
| CVE-2024-56619 | nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() | S | |
| CVE-2024-56620 | scsi: ufs: qcom: Only free platform MSIs when ESI is enabled | S | |
| CVE-2024-56621 | scsi: ufs: core: Cancel RTC work during ufshcd_remove() | S | |
| CVE-2024-56622 | scsi: ufs: core: sysfs: Prevent div by zero | S | |
| CVE-2024-56623 | scsi: qla2xxx: Fix use after free on unload | S | |
| CVE-2024-56624 | iommufd: Fix out_fput in iommufd_fault_alloc() | | |
| CVE-2024-56625 | can: dev: can_set_termination(): allow sleeping GPIOs | | |
| CVE-2024-56626 | ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write | S | |
| CVE-2024-56627 | ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read | S | |
| CVE-2024-56628 | LoongArch: Add architecture specific huge_pte_clear() | | |
| CVE-2024-56629 | HID: wacom: fix when get product name maybe null pointer | S | |
| CVE-2024-56630 | ocfs2: free inode when ocfs2_get_init_inode() fails | | |
| CVE-2024-56631 | scsi: sg: Fix slab-use-after-free read in sg_release() | S | |
| CVE-2024-56632 | nvme-tcp: fix the memleak while create new ctrl failed | S | |
| CVE-2024-56633 | tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg | | |
| CVE-2024-56634 | gpio: grgpio: Add NULL check in grgpio_probe | S | |
| CVE-2024-56635 | net: avoid potential UAF in default_operstate() | S | |
| CVE-2024-56636 | geneve: do not assume mac header is set in geneve_xmit_skb() | | |
| CVE-2024-56637 | netfilter: ipset: Hold module reference while requesting a module | | |
| CVE-2024-56638 | netfilter: nft_inner: incorrect percpu area handling under softirq | | |
| CVE-2024-56639 | net: hsr: must allocate more bytes for RedBox support | | |
| CVE-2024-56640 | net/smc: fix LGR and link use-after-free issue | S | |
| CVE-2024-56641 | net/smc: initialize close_work early to avoid warning | | |
| CVE-2024-56642 | tipc: Fix use-after-free of kernel socket in cleanup_bearer(). | S | |
| CVE-2024-56643 | dccp: Fix memory leak in dccp_feat_change_recv | S | |
| CVE-2024-56644 | net/ipv6: release expired exception dst cached in socket | | |
| CVE-2024-56645 | can: j1939: j1939_session_new(): fix skb reference counting | | |
| CVE-2024-56646 | ipv6: avoid possible NULL deref in modify_prefix_route() | S | |
| CVE-2024-56647 | net: Fix icmp host relookup triggering ip_rt_bug | S | |
| CVE-2024-56648 | net: hsr: avoid potential out-of-bound access in fill_frame_info() | S | |
| CVE-2024-56649 | net: enetc: Do not configure preemptible TCs if SIs do not support | S | |
| CVE-2024-56650 | netfilter: x_tables: fix LED ID check in led_tg_check() | S | |
| CVE-2024-56651 | can: hi311x: hi3110_can_ist(): fix potential use-after-free | S | |
| CVE-2024-56652 | drm/xe/reg_sr: Remove register pool | S | |
| CVE-2024-56653 | Bluetooth: btmtk: avoid UAF in btmtk_process_coredump | S | |
| CVE-2024-56654 | Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating | S | |
| CVE-2024-56655 | netfilter: nf_tables: do not defer rule destruction via call_rcu | S | |
| CVE-2024-56656 | bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips | S | |
| CVE-2024-56657 | ALSA: control: Avoid WARN() for symlink errors | S | |
| CVE-2024-56658 | net: defer final 'struct net' free in netns dismantle | S | |
| CVE-2024-56659 | net: lapb: increase LAPB_HEADER_LEN | S | |
| CVE-2024-56660 | net/mlx5: DR, prevent potential error pointer dereference | S | |
| CVE-2024-56661 | tipc: fix NULL deref in cleanup_bearer() | S | |
| CVE-2024-56662 | acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl | S | |
| CVE-2024-56663 | wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one | S | |
| CVE-2024-56664 | bpf, sockmap: Fix race between element replace and close() | S | |
| CVE-2024-56665 | bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog | S | |
| CVE-2024-56666 | drm/amdkfd: Dereference null return value | S | |
| CVE-2024-56667 | drm/i915: Fix NULL pointer dereference in capture_engine | S | |
| CVE-2024-56668 | iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain | S | |
| CVE-2024-56669 | iommu/vt-d: Remove cache tags before disabling ATS | S | |
| CVE-2024-56670 | usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer | S | |
| CVE-2024-56671 | gpio: graniterapids: Fix vGPIO driver crash | S | |
| CVE-2024-56672 | blk-cgroup: Fix UAF in blkcg_unpin_online() | S | |
| CVE-2024-56673 | riscv: mm: Do not call pmd dtor on vmemmap page table teardown | S | |
| CVE-2024-56674 | virtio_net: correct netdev_tx_reset_queue() invocation point | S | |
| CVE-2024-56675 | bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors | S | |
| CVE-2024-56676 | thermal: testing: Initialize some variables annoteded with _free() | | |
| CVE-2024-56677 | powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() | | |
| CVE-2024-56678 | powerpc/mm/fault: Fix kfence page fault reporting | S | |
| CVE-2024-56679 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c | | |
| CVE-2024-56680 | media: intel/ipu6: do not handle interrupts when device is disabled | | |
| CVE-2024-56681 | crypto: bcm - add error check in the ahash_hmac_init function | | |
| CVE-2024-56682 | irqchip/riscv-aplic: Prevent crash when MSI domain is missing | S | |
| CVE-2024-56683 | drm/vc4: hdmi: Avoid hang with debug registers when suspended | | |
| CVE-2024-56684 | mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() | | |
| CVE-2024-56685 | ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe | | |
| CVE-2024-56686 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-56687 | usb: musb: Fix hardware lockup on first Rx endpoint request | S | |
| CVE-2024-56688 | sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport | S | |
| CVE-2024-56689 | PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' | S | |
| CVE-2024-56690 | crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY | | |
| CVE-2024-56691 | mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device | | |
| CVE-2024-56692 | f2fs: fix to do sanity check on node blkaddr in truncate_node() | S | |
| CVE-2024-56693 | brd: defer automatic disk creation until module initialization succeeds | S | |
| CVE-2024-56694 | bpf: fix recursive lock when verdict program return SK_PASS | S | |
| CVE-2024-56695 | drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' | S | |
| CVE-2024-56696 | ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() | S | |
| CVE-2024-56697 | drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() | S | |
| CVE-2024-56698 | usb: dwc3: gadget: Fix looping of queued SG entries | S | |
| CVE-2024-56699 | s390/pci: Fix potential double remove of hotplug slot | | |
| CVE-2024-56700 | media: wl128x: Fix atomicity violation in fmc_send_cmd() | | |
| CVE-2024-56701 | powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore | | |
| CVE-2024-56702 | bpf: Mark raw_tp arguments with PTR_MAYBE_NULL | S | |
| CVE-2024-56703 | ipv6: Fix soft lockups in fib6_select_path under high next hop churn | S | |
| CVE-2024-56704 | 9p/xen: fix release of IRQ | S | |
| CVE-2024-56705 | media: atomisp: Add check for rgby_data memory allocation failure | | |
| CVE-2024-56706 | s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex | | |
| CVE-2024-56707 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c | | |
| CVE-2024-56708 | EDAC/igen6: Avoid segmentation fault on module unload | S | |
| CVE-2024-56709 | io_uring: check if iowq is killed before queuing | | |
| CVE-2024-56710 | ceph: fix memory leak in ceph_direct_read_write() | S | |
| CVE-2024-56711 | drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference | S | |
| CVE-2024-56712 | udmabuf: fix memory leak on last export_udmabuf() error path | S | |
| CVE-2024-56713 | net: netdevsim: fix nsim_pp_hold_write() | | |
| CVE-2024-56714 | ionic: no double destroy workqueue | | |
| CVE-2024-56715 | ionic: Fix netdev notifier unregister on failure | S | |
| CVE-2024-56716 | netdevsim: prevent bad user input in nsim_dev_health_break_write() | S | |
| CVE-2024-56717 | net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic() | S | |
| CVE-2024-56718 | net/smc: protect link down work from execute after lgr freed | S | |
| CVE-2024-56719 | net: stmmac: fix TSO DMA API usage causing oops | S | |
| CVE-2024-56720 | bpf, sockmap: Several fixes to bpf_msg_pop_data | S | |
| CVE-2024-56721 | x86/CPU/AMD: Terminate the erratum_1386_microcode array | S | |
| CVE-2024-56722 | RDMA/hns: Fix cpu stuck caused by printings during reset | S | |
| CVE-2024-56723 | mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices | S | |
| CVE-2024-56724 | mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device | S | |
| CVE-2024-56725 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c | S | |
| CVE-2024-56726 | octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c | S | |
| CVE-2024-56727 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c | S | |
| CVE-2024-56728 | octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c | S | |
| CVE-2024-56729 | smb: Initialize cfid->tcon before performing network ops | S | |
| CVE-2024-56730 | net/9p/usbg: fix handling of the failed kzalloc() memory allocation | S | |
| CVE-2024-56732 | HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer | | |
| CVE-2024-56733 | Password Pusher Allows Session Token Interception Leading to Potential Hijacking | | |
| CVE-2024-56734 | Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint | | |
| CVE-2024-56736 | Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss | | |
| CVE-2024-56737 | GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock da... | | |
| CVE-2024-56738 | GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and ... | | |
| CVE-2024-56739 | rtc: check if __rtc_read_time was successful in rtc_timer_do_work() | S | |
| CVE-2024-56740 | nfs/localio: must clear res.replen in nfs_local_read_done | S | |
| CVE-2024-56741 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-56742 | vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() | S | |
| CVE-2024-56743 | nfs_common: must not hold RCU while calling nfsd_file_put_local | S | |
| CVE-2024-56744 | f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() | S | |
| CVE-2024-56745 | PCI: Fix reset_method_store() memory leak | S | |
| CVE-2024-56746 | fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() | S | |
| CVE-2024-56747 | scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() | S | |
| CVE-2024-56748 | scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() | S | |
| CVE-2024-56749 | dlm: fix dlm_recover_members refcount on error | S | |
| CVE-2024-56750 | erofs: fix blksize < PAGE_SIZE for file-backed mounts | S | |
| CVE-2024-56751 | ipv6: release nexthop on device removal | S | |
| CVE-2024-56752 | drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() | S | |
| CVE-2024-56753 | drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module | S | |
| CVE-2024-56754 | crypto: caam - Fix the pointer passed to caam_qi_shutdown() | S | |
| CVE-2024-56755 | netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING | S | |
| CVE-2024-56756 | nvme-pci: fix freeing of the HMB descriptor table | S | |
| CVE-2024-56757 | Bluetooth: btusb: mediatek: add intf release flow when usb disconnect | S | |
| CVE-2024-56758 | btrfs: check folio mapping after unlock in relocate_one_folio() | S | |
| CVE-2024-56759 | btrfs: fix use-after-free when COWing tree bock and tracing is enabled | S | |
| CVE-2024-56760 | PCI/MSI: Handle lack of irqdomain gracefully | S | |
| CVE-2024-56761 | x86/fred: Clear WFE in missing-ENDBRANCH #CPs | S | |
| CVE-2024-56762 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-56763 | tracing: Prevent bad count for tracing_cpumask_write | S | |
| CVE-2024-56764 | ublk: detach gendisk from ublk device if add_disk() fails | S | |
| CVE-2024-56765 | powerpc/pseries/vas: Add close() callback in vas_vm_ops struct | S | |
| CVE-2024-56766 | mtd: rawnand: fix double free in atmel_pmecc_create_user() | S | |
| CVE-2024-56767 | dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset | S | |
| CVE-2024-56768 | bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP | S | |
| CVE-2024-56769 | media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg | S | |
| CVE-2024-56770 | net/sched: netem: account for backlog updates from child qdisc | S | |
| CVE-2024-56771 | mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information | S | |
| CVE-2024-56772 | kunit: string-stream: Fix a UAF bug in kunit_init_suite() | S | |
| CVE-2024-56773 | kunit: Fix potential null dereference in kunit_device_driver_test() | S | |
| CVE-2024-56774 | btrfs: add a sanity check for btrfs root in btrfs_search_slot() | S | |
| CVE-2024-56775 | drm/amd/display: Fix handling of plane refcount | S | |
| CVE-2024-56776 | drm/sti: avoid potential dereference of error pointers | S | |
| CVE-2024-56777 | drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check | S | |
| CVE-2024-56778 | drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check | S | |
| CVE-2024-56779 | nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur | S | |
| CVE-2024-56780 | quota: flush quota_release_work upon quota writeback | S | |
| CVE-2024-56781 | powerpc/prom_init: Fixup missing powermac #size-cells | S | |
| CVE-2024-56782 | ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() | S | |
| CVE-2024-56783 | netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level | S | |
| CVE-2024-56784 | drm/amd/display: Adding array index check to prevent memory corruption | S | |
| CVE-2024-56785 | MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a | S | |
| CVE-2024-56786 | bpf: put bpf_link's program when link is safe to be deallocated | S | |
| CVE-2024-56787 | soc: imx8m: Probe the SoC driver as platform driver | S | |
| CVE-2024-56788 | net: ethernet: oa_tc6: fix tx skb race condition between reference pointers | | |
| CVE-2024-56799 | Simofa Allows Unauthenticated Access to API Routes | | |
| CVE-2024-56800 | Firecrawl has SSRF Vulnerability via malicious scrape target | | |
| CVE-2024-56801 | Tasklists has Blind SQL Injection in /ajax/reorder.php | S | |
| CVE-2024-56802 | Tapir allows DeployKey exposure | | |
| CVE-2024-56803 | Ghostty improperly handles window title sequences which can lead to arbitrary command execution | | |
| CVE-2024-56810 | IBM EntireX information disclosure | | |
| CVE-2024-56811 | IBM EntireX information disclosure | | |
| CVE-2024-56812 | IBM EntireX information disclosure | | |
| CVE-2024-56826 | Openjpeg: heap buffer overflow in bin/common/color.c | | |
| CVE-2024-56827 | Openjpeg: heap buffer overflow in lib/openjp2/j2k.c | | |
| CVE-2024-56828 | File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determine... | E | |
| CVE-2024-56829 | Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp... | E | |
| CVE-2024-56830 | The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomiz... | | |
| CVE-2024-56841 | A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the... | | |
| CVE-2024-56882 | Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users w... | | |
| CVE-2024-56883 | Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based ac... | | |
| CVE-2024-56889 | Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management Syste... | E | |
| CVE-2024-56897 | Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file download... | E | |
| CVE-2024-56898 | Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulner... | | |
| CVE-2024-56901 | A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version... | | |
| CVE-2024-56902 | Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1... | | |
| CVE-2024-56903 | Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method w... | | |
| CVE-2024-56908 | In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affecte... | | |
| CVE-2024-56914 | D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.... | E | |
| CVE-2024-56921 | An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific... | E S | |
| CVE-2024-56923 | Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Fun... | E | |
| CVE-2024-56924 | A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows... | E | |
| CVE-2024-56938 | LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ... | E | |
| CVE-2024-56939 | LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ... | E | |
| CVE-2024-56940 | An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial... | | |
| CVE-2024-56946 | Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to pe... | | |
| CVE-2024-56947 | An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sens... | | |
| CVE-2024-56948 | An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive us... | | |
| CVE-2024-56949 | An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows a... | | |
| CVE-2024-56950 | An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive ... | | |
| CVE-2024-56951 | An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access s... | | |
| CVE-2024-56952 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 all... | | |
| CVE-2024-56953 | An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to acces... | | |
| CVE-2024-56954 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attacker... | | |
| CVE-2024-56955 | An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to acces... | | |
| CVE-2024-56957 | An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to ... | | |
| CVE-2024-56959 | An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive... | | |
| CVE-2024-56960 | An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attacker... | | |
| CVE-2024-56962 | An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sen... | | |
| CVE-2024-56963 | An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to... | | |
| CVE-2024-56964 | An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows ... | | |
| CVE-2024-56965 | An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to ac... | | |
| CVE-2024-56966 | An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9... | | |
| CVE-2024-56967 | An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access s... | | |
| CVE-2024-56968 | An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sens... | | |
| CVE-2024-56969 | An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to acce... | | |
| CVE-2024-56971 | An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3... | | |
| CVE-2024-56972 | An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user inf... | | |
| CVE-2024-56973 | Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allow... | E | |
| CVE-2024-56975 | InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code ex... | S | |
| CVE-2024-56990 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhi... | E | |
| CVE-2024-56997 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/ind... | E | |
| CVE-2024-56998 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profi... | E |