CVEs from 2024
Total
9,633
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.2%
% with KEV
1.7%
% with exploit
1.7%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-35845 | critical | 9.1 | 9.1 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2024-35960 | critical | 9.1 | 9.1 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2024-34416 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | |
| CVE-2024-27053 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to th… | |
| CVE-2024-31266 | critical | 9.1 | 9.1 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommer… | |
| CVE-2024-32954 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |
| CVE-2024-32948 | critical | 9.1 | 9.1 | 2y ago | Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |
| CVE-2024-31345 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | |
| CVE-2024-31114 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | |
| CVE-2024-2890 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | |
| CVE-2024-3596 | critical | 9.0 | 9.0 | 2y ago | Important: freeradius security update | |
| CVE-2024-22144 | critical | 9.0 | 9.0 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Secu… | |
| CVE-2024-30227 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |
| CVE-2024-30226 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | |
| CVE-2024-31265 | low | 3.7 | 3.7 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | |
| CVE-2024-7083 | low | 3.5 | 3.5 | 1mo ago | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks… | |
| CVE-2024-6006 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The … | |
| CVE-2024-6005 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. … | |
| CVE-2024-6807 | low | 3.4 | 3.4 | 2y ago | A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/cla… | |
| CVE-2024-50044 | low | 3.3 | 3.3 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must ne… | |
| CVE-2024-35935 | low | 3.3 | 3.3 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path … | |
| CVE-2024-28085 | low | 3.3 | 3.3 | 2y ago | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from … | |
| CVE-2024-3932 | low | 3.1 | 3.1 | 2y ago | A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. I… | |
| CVE-2024-47272 | low | 2.7 | 2.7 | 21h ago | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to … | |
| CVE-2024-47270 | low | 2.7 | 2.7 | 21h ago | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra… | |
| CVE-2024-47267 | low | 2.7 | 2.7 | 21h ago | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows … | |
| CVE-2024-10492 | low | 2.7 | 2.7 | 2y ago | Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path | |
| CVE-2024-30507 | low | 2.7 | 2.7 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | |
| CVE-2024-2408 | low | — | 2.5 | — | The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that … | |
| CVE-2024-56433 | low | — | 2.5 | 7mo ago | Low: shadow-utils security update | |
| CVE-2024-54677 | low | — | 2.5 | 2y ago | Apache Tomcat Uncontrolled Resource Consumption vulnerability | |
| CVE-2024-7592 | low | — | 2.5 | 2y ago | Low: python3.12 security update | |
| CVE-2024-52800 | low | — | 2.5 | 2y ago | veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability | |
| CVE-2024-27043 | low | — | 2.5 | 2y ago | Low: kernel-rt:4.18.0 security update | |
| CVE-2024-4603 | low | — | 2.5 | 2y ago | Low: openssl security update | |
| CVE-2024-2314 | low | — | 2.5 | 2y ago | Low: bcc security update | |
| CVE-2024-6126 | low | — | 2.5 | 2y ago | Low: cockpit security update | |
| CVE-2024-6501 | low | — | 2.5 | 2y ago | Low: NetworkManager security update | |
| CVE-2024-4741 | low | — | 2.5 | 2y ago | Low: openssl security update | |
| CVE-2024-5742 | low | — | 2.5 | 2y ago | Low: nano security update | |
| CVE-2024-29038 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |
| CVE-2024-29039 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |
| CVE-2024-2313 | low | — | 2.5 | 2y ago | Low: bpftrace security update | |
| CVE-2024-36387 | low | — | 2.5 | 2y ago | Low: mod_http2 security update | |
| CVE-2024-5629 | low | — | 2.5 | 2y ago | Low: python36:3.6 security update | |
| CVE-2024-2609 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3852 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3859 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3864 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3857 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3854 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3302 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3861 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-6344 | low | 2.4 | 2.4 | 2y ago | A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of t… |