Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-12970 |
|
OS Command Injection in CVE-2024-12970 (CVE-2024-12970)
OS command injection in CVE-2024-12970 (CVE-2024-12970). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-48197 |
|
Cross-Site Scripting (XSS) in CVE-2024-48197 (CVE-2024-48197)
cross-site scripting in CVE-2024-48197 (CVE-2024-48197). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-45497 |
|
Vulnerability in dos (CVE-2024-45497)
vulnerability in dos (CVE-2024-45497). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-3393 KEV |
|
[KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3393)
vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3393). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-56727 |
|
Vulnerability in c (CVE-2024-56727)
vulnerability in c (CVE-2024-56727). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-56703 |
|
Vulnerability in linux (CVE-2024-56703)
vulnerability in linux (CVE-2024-56703). Risk of unauthorized operations or information disclosure. Exploitable via ``bird``.
|
| CVE-2024-56732 |
|
Vulnerability in harfbuzz-project (CVE-2024-56732)
vulnerability in harfbuzz-project (CVE-2024-56732). Successful exploitation can lead to full system takeover.
|
| CVE-2024-56672 |
|
Use-After-Free in linux (CVE-2024-56672)
vulnerability in linux (CVE-2024-56672). Successful exploitation can lead to full system takeover.
|
| CVE-2024-56631 |
|
Use-After-Free in c (CVE-2024-56631)
vulnerability in c (CVE-2024-56631). Successful exploitation can lead to full system takeover.
|
| CVE-2024-53221 |
|
Vulnerability in linux (CVE-2024-53221)
vulnerability in linux (CVE-2024-53221). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53213 |
|
Vulnerability in linux (CVE-2024-53213)
vulnerability in linux (CVE-2024-53213). Successful exploitation can lead to full system takeover. Exploitable via ``buf``.
|
| CVE-2024-53170 |
|
Use-After-Free in c (CVE-2024-53170)
vulnerability in c (CVE-2024-53170). Successful exploitation can lead to full system takeover.
|
| CVE-2024-53166 |
|
Use-After-Free in linux (CVE-2024-53166)
vulnerability in linux (CVE-2024-53166). Successful exploitation can lead to full system takeover.
|
| CVE-2024-8950 |
|
SQL Injection in sqli (CVE-2024-8950)
SQL injection in sqli (CVE-2024-8950). Successful exploitation can lead to full system takeover.
|
| CVE-2024-12582 |
|
Vulnerability in dos (CVE-2024-12582)
vulnerability in dos (CVE-2024-12582). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-44207 KEV |
|
[KEV] Vulnerability in Acclaim systems acclaim-systems (CVE-2021-44207)
vulnerability in Acclaim systems acclaim-systems (CVE-2021-44207). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-10244 |
|
SQL Injection in sqli (CVE-2024-10244)
SQL injection in sqli (CVE-2024-10244). Successful exploitation can lead to full system takeover.
|
| CVE-2024-12356 KEV |
|
[KEV] Command Injection in Beyondtrust privileged-remote-access-pra-and-remote-support-rs (CVE-2024-12356)
command injection in Beyondtrust privileged-remote-access-pra-and-remote-support-rs (CVE-2024-12356). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-40407 KEV |
|
[KEV] OS Command Injection in Reolink rlc-410w-ip-camera (CVE-2021-40407)
OS command injection in Reolink rlc-410w-ip-camera (CVE-2021-40407). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-11001 KEV |
|
[KEV] OS Command Injection in Reolink multiple-ip-cameras (CVE-2019-11001)
OS command injection in Reolink multiple-ip-cameras (CVE-2019-11001). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-14933 KEV |
|
[KEV] OS Command Injection in Nuuo nvrmini-devices (CVE-2018-14933)
OS command injection in Nuuo nvrmini-devices (CVE-2018-14933). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-23227 KEV |
|
[KEV] Vulnerability in Nuuo nvrmini2-devices (CVE-2022-23227)
vulnerability in Nuuo nvrmini2-devices (CVE-2022-23227). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-8972 |
|
SQL Injection in sqli (CVE-2024-8972)
SQL injection in sqli (CVE-2024-8972). Successful exploitation can lead to full system takeover.
|
| CVE-2024-55956 KEV |
|
[KEV] Vulnerability in Cleo multiple-products (CVE-2024-55956)
vulnerability in Cleo multiple-products (CVE-2024-55956). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-37776 |
|
Cross-Site Scripting (XSS) in sunbirddcim (CVE-2024-37776)
cross-site scripting in sunbirddcim (CVE-2024-37776). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-37774 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-37774)
vulnerability in csrf (CVE-2024-37774). Successful exploitation can lead to full system takeover.
|
| CVE-2024-37775 |
|
Authorization Flaw in sunbirddcim (CVE-2024-37775)
vulnerability in sunbirddcim (CVE-2024-37775). Data can be tampered with by attackers.
|
| CVE-2024-37773 |
|
Code Injection in sunbirddcim (CVE-2024-37773)
code injection in sunbirddcim (CVE-2024-37773). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-20767 KEV |
|
[KEV] Vulnerability in Adobe coldfusion (CVE-2024-20767)
vulnerability in Adobe coldfusion (CVE-2024-20767). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-35250 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2024-35250)
vulnerability in Microsoft windows (CVE-2024-35250). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-50623 KEV |
|
[KEV] Unrestricted File Upload in Cleo multiple-products (CVE-2024-50623)
vulnerability in Cleo multiple-products (CVE-2024-50623). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-55875 |
|
Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
vulnerability in org.http4k:http4k-format-xml (CVE-2024-55875). Successful exploitation can lead to full system takeover. Exploitable via ``DocumentBuilderFactory``. Mitigation: upgrade to `6.50.0.0` or later.
|
| CVE-2024-54508 |
|
Out-of-Bounds Read in apple (CVE-2024-54508)
vulnerability in apple (CVE-2024-54508). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53481 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2024-53481)
cross-site scripting in phpgurukul (CVE-2024-53481). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53480 |
|
SQL Injection in sqli (CVE-2024-53480)
SQL injection in sqli (CVE-2024-53480). Successful exploitation can lead to full system takeover. Exploitable via ``login.php``.
|
| CVE-2024-53866 |
|
Vulnerability in pnpm (CVE-2024-53866)
vulnerability in pnpm (CVE-2024-53866). Successful exploitation can lead to full system takeover.
|
| CVE-2024-49138 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2024-49138)
vulnerability in Microsoft windows (CVE-2024-49138). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-40582 |
|
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
|
| CVE-2024-40583 |
|
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
|
| CVE-2024-8259 |
|
SQL Injection in sqli (CVE-2024-8259)
SQL injection in sqli (CVE-2024-8259). Successful exploitation can lead to full system takeover.
|
| CVE-2024-54216 |
|
Vulnerability in path-traversal (CVE-2024-54216)
vulnerability in path-traversal (CVE-2024-54216). Confidential information can be exposed externally.
|
| CVE-2024-11321 |
|
Cross-Site Scripting (XSS) in CVE-2024-11321 (CVE-2024-11321)
cross-site scripting in CVE-2024-11321 (CVE-2024-11321). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53614 |
|
Vulnerability in CVE-2024-53614 (CVE-2024-53614)
vulnerability in CVE-2024-53614 (CVE-2024-53614). Confidential information can be exposed externally.
|
| CVE-2024-7488 |
|
Vulnerability in CVE-2024-7488 (CVE-2024-7488)
vulnerability in CVE-2024-7488 (CVE-2024-7488). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51378 KEV |
|
[KEV] Vulnerability in Cyberpersons cyberpanel (CVE-2024-51378)
vulnerability in Cyberpersons cyberpanel (CVE-2024-51378). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-45727 KEV |
|
[KEV] XXE (XML External Entity) in North grid north-grid (CVE-2023-45727)
vulnerability in North grid north-grid (CVE-2023-45727). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11667 KEV |
|
[KEV] Path Traversal in Zyxel multiple-firewalls (CVE-2024-11667)
path traversal in Zyxel multiple-firewalls (CVE-2024-11667). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11680 KEV |
|
[KEV] Authentication Bypass in projectsend (CVE-2024-11680)
authentication bypass in projectsend (CVE-2024-11680). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-53364 |
|
SQL Injection in sqli (CVE-2024-53364)
SQL injection in sqli (CVE-2024-53364). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53124 |
|
Vulnerability in c (CVE-2024-53124)
vulnerability in c (CVE-2024-53124). Risk of unauthorized operations or information disclosure.
|