CVEs from 2024
Total
7,377
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-7593 | critical | 9.8 | 10.0 | 2y ago | Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. | |
| CVE-2024-53150 | medium | — | 7.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of ea… | |
| CVE-2024-50302 | medium | 5.5 | 7.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-… | |
| CVE-2024-42009 | unknown | — | 1.5 | 1y ago | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desani… | |
| CVE-2024-37383 | unknown | — | 1.5 | 2y ago | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | |
| CVE-2024-36401 | unknown | — | 1.5 | 2y ago | Remote Code Execution (RCE) vulnerability in geoserver | |
| CVE-2024-27348 | unknown | — | 1.5 | 2y ago | Apache HugeGraph-Server: Command execution in gremlin | |
| CVE-2024-23897 | unknown | — | 1.5 | 2y ago | Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE |