CVEs from 2024
Total
9,429
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.2%
% with KEV
1.7%
% with exploit
1.7%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-1708 | high | 8.4 | 9.9 | 2y ago | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | |
| CVE-2024-53197 | high | — | 9.5 | 1y ago | Important: kernel security update | |
| CVE-2024-53104 | high | — | 9.5 | 1y ago | Important: kernel security update | |
| CVE-2024-44309 | high | — | 9.5 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2024-9680 | high | — | 9.5 | 2y ago | Important: firefox security update | |
| CVE-2024-36971 | high | — | 9.5 | 2y ago | Important: kernel security update | |
| CVE-2024-38475 | high | — | 9.5 | 2y ago | Important: httpd security update | |
| CVE-2024-1086 | high | — | 9.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2024-23222 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact … | |
| CVE-2024-53150 | medium | — | 7.0 | 1y ago | Moderate: kernel security update | |
| CVE-2024-50302 | medium | 5.5 | 7.0 | 1y ago | Important: kernel security update | |
| CVE-2024-42009 | unknown | — | 1.5 | 1y ago | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desani… | |
| CVE-2024-37383 | unknown | — | 1.5 | 2y ago | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | |
| CVE-2024-36401 | unknown | — | 1.5 | 2y ago | Remote Code Execution (RCE) vulnerability in geoserver | |
| CVE-2024-27348 | unknown | — | 1.5 | 2y ago | Apache HugeGraph-Server: Command execution in gremlin | |
| CVE-2024-23897 | unknown | — | 1.5 | 2y ago | Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE |