CVEs from 2024
Total
9,633
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.2%
% with KEV
1.7%
% with exploit
1.7%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-31265 | low | 3.7 | 3.7 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | |
| CVE-2024-7083 | low | 3.5 | 3.5 | 1mo ago | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks… | |
| CVE-2024-6006 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The … | |
| CVE-2024-6005 | low | 3.5 | 3.5 | 2y ago | A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. … | |
| CVE-2024-6807 | low | 3.4 | 3.4 | 2y ago | A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/cla… | |
| CVE-2024-50044 | low | 3.3 | 3.3 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must ne… | |
| CVE-2024-35935 | low | 3.3 | 3.3 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path … | |
| CVE-2024-28085 | low | 3.3 | 3.3 | 2y ago | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from … | |
| CVE-2024-3932 | low | 3.1 | 3.1 | 2y ago | A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. I… | |
| CVE-2024-47272 | low | 2.7 | 2.7 | 15h ago | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to … | |
| CVE-2024-47270 | low | 2.7 | 2.7 | 15h ago | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra… | |
| CVE-2024-47267 | low | 2.7 | 2.7 | 15h ago | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows … | |
| CVE-2024-10492 | low | 2.7 | 2.7 | 2y ago | Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path | |
| CVE-2024-30507 | low | 2.7 | 2.7 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | |
| CVE-2024-2408 | low | — | 2.5 | — | The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that … | |
| CVE-2024-56433 | low | — | 2.5 | 7mo ago | Low: shadow-utils security update | |
| CVE-2024-54677 | low | — | 2.5 | 2y ago | Apache Tomcat Uncontrolled Resource Consumption vulnerability | |
| CVE-2024-7592 | low | — | 2.5 | 2y ago | Low: python3.12 security update | |
| CVE-2024-52800 | low | — | 2.5 | 2y ago | veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability | |
| CVE-2024-27043 | low | — | 2.5 | 2y ago | Low: kernel-rt:4.18.0 security update | |
| CVE-2024-29039 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |
| CVE-2024-4741 | low | — | 2.5 | 2y ago | Low: openssl security update | |
| CVE-2024-6501 | low | — | 2.5 | 2y ago | Low: NetworkManager security update | |
| CVE-2024-5742 | low | — | 2.5 | 2y ago | Low: nano security update | |
| CVE-2024-29038 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |
| CVE-2024-2313 | low | — | 2.5 | 2y ago | Low: bpftrace security update | |
| CVE-2024-2314 | low | — | 2.5 | 2y ago | Low: bcc security update | |
| CVE-2024-6126 | low | — | 2.5 | 2y ago | Low: cockpit security update | |
| CVE-2024-4603 | low | — | 2.5 | 2y ago | Low: openssl security update | |
| CVE-2024-36387 | low | — | 2.5 | 2y ago | Low: mod_http2 security update | |
| CVE-2024-5629 | low | — | 2.5 | 2y ago | Low: python36:3.6 security update | |
| CVE-2024-3852 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3859 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3861 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3864 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-2609 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3302 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3854 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-3857 | low | — | 2.5 | 2y ago | Low: thunderbird security update | |
| CVE-2024-6344 | low | 2.4 | 2.4 | 2y ago | A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of t… |