CVEs from 2024
Total
7,194
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.3%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-7593 | critical | 9.8 | 10.0 | 2y ago | Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. | |
| CVE-2024-1708 | high | 8.4 | 9.9 | 2y ago | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | |
| CVE-2024-53197 | high | — | 9.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations … | |
| CVE-2024-53104 | high | — | 9.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since fra… | |
| CVE-2024-44309 | high | — | 9.5 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2024-9680 | high | — | 9.5 | 2y ago | Important: firefox security update | |
| CVE-2024-36971 | high | — | 9.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleare… | |
| CVE-2024-38475 | high | — | 9.5 | 2y ago | Important: httpd security update | |
| CVE-2024-1086 | high | — | 9.5 | 2y ago | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as … | |
| CVE-2024-23222 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact … | |
| CVE-2024-53150 | medium | — | 7.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of ea… | |
| CVE-2024-50302 | medium | 5.5 | 7.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-… | |
| CVE-2024-42009 | unknown | — | 1.5 | 1y ago | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desani… | |
| CVE-2024-37383 | unknown | — | 1.5 | 2y ago | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | |
| CVE-2024-36401 | unknown | — | 1.5 | 2y ago | Remote Code Execution (RCE) vulnerability in geoserver | |
| CVE-2024-27348 | unknown | — | 1.5 | 2y ago | Apache HugeGraph-Server: Command execution in gremlin | |
| CVE-2024-23897 | unknown | — | 1.5 | 2y ago | Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE |