VIR Vulnerability Intelligence Relay

CVEs from 2024

6,698 normalized CVEs published or assigned in this year.

Total
6,698
critical
critical 138
high
high 1,059
medium
medium 2,045
low
low 49
% Critical
2.1%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • surveillance_station 12
  • checkmk 10
  • profilegrid 8
  • office 8
  • office_long_term_servicing_channel 6
  • glibc 5
  • virtual_traffic_manager 5
  • element_pack 5

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-23898 unknown 2y ago Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
CVE-2024-23903 unknown 2y ago Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
CVE-2024-23902 unknown 2y ago CSRF vulnerability in Jenkins GitLab Branch Source Plugin
CVE-2024-23905 unknown 2y ago Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
CVE-2024-22497 unknown 2y ago Cross-site Scripting in JFinal
CVE-2024-23636 unknown 2y ago Remote Command Execution in SOFARPC
CVE-2024-22490 unknown 2y ago Cross-site Scripting in beetl-bbs
CVE-2024-22496 unknown 2y ago Cross-site Scripting in JFinal
CVE-2024-22233 unknown 2y ago Spring Framework server Web DoS Vulnerability
CVE-2024-23686 unknown 2y ago Insertion of Sensitive Information into Log File in OWASP DependencyCheck
CVE-2024-23685 unknown 2y ago Hard-coded System User Credentials in Folio Data Export Spring module
CVE-2024-23683 unknown 2y ago Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares
CVE-2024-23689 unknown 2y ago ClickHouse vulnerable to client certificate password exposure in client exception
CVE-2024-23679 unknown 2y ago com.enonic.xp:lib-auth vulnerable to Session Fixation
CVE-2024-22421 unknown 2y ago JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Au…
CVE-2024-22420 unknown 2y ago JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicio…
CVE-2024-21733 unknown 2y ago Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL vers…
CVE-2024-22491 unknown 2y ago Stored Cross Site Scripting in beetl-bbs
CVE-2024-22493 unknown 2y ago Cross-site Scripting in JFinal
CVE-2024-22492 unknown 2y ago Cross-site Scripting in JFinal
CVE-2024-21651 unknown 2y ago XWiki vulnerable to Denial of Service attack through attachments
CVE-2024-21650 unknown 2y ago XWiki Remote Code Execution Vulnerability via User Registration
CVE-2024-21648 unknown 2y ago XWiki has no right protection on rollback action
CVE-2024-43806 unknown 3y ago Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Com…
CVE-2024-23687 unknown 3y ago Hard-coded System User Credentials in Folio Data Export Spring module
CVE-2024-23681 unknown 3y ago Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox
CVE-2024-23682 unknown 4y ago Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox
CVE-2024-23684 unknown 4y ago Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor
CVE-2024-23680 unknown 5y ago Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
CVE-2024-0758 unknown 5y ago JavaScript execution via malicious molfiles (XSS)
CVE-2024-23688 unknown 5y ago Discovery uses the same AES/GCM Nonce throughout the session