Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-37816 |
|
Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.
Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.
|
| CVE-2024-50942 |
|
SQL Injection in sqli (CVE-2024-50942)
SQL injection in sqli (CVE-2024-50942). Successful exploitation can lead to full system takeover.
|
| CVE-2024-52337 |
|
Vulnerability in CVE-2024-52337 (CVE-2024-52337)
vulnerability in CVE-2024-52337 (CVE-2024-52337). Data can be tampered with by attackers.
|
| CVE-2024-52336 |
|
Privilege Escalation in privilege-escalation (CVE-2024-52336)
vulnerability in privilege-escalation (CVE-2024-52336). Successful exploitation can lead to full system takeover. Exploitable via ``script_pre``.
|
| CVE-2024-53365 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2024-53365)
cross-site scripting in phpgurukul (CVE-2024-53365). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53597 |
|
SQL Injection in sqli (CVE-2024-53597)
SQL injection in sqli (CVE-2024-53597). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53101 |
|
Vulnerability in linux (CVE-2024-53101)
vulnerability in linux (CVE-2024-53101). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-28461 KEV |
|
[KEV] Vulnerability in Array networks array-networks (CVE-2023-28461)
vulnerability in Array networks array-networks (CVE-2023-28461). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-52723 |
|
OS Command Injection in totolink (CVE-2024-52723)
OS command injection in totolink (CVE-2024-52723). Successful exploitation can lead to full system takeover.
|
| CVE-2024-7882 |
|
SQL Injection in sqli (CVE-2024-7882)
SQL injection in sqli (CVE-2024-7882). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-7837 |
|
SQL Injection in sqli (CVE-2024-7837)
SQL injection in sqli (CVE-2024-7837). Confidential information can be exposed externally.
|
| CVE-2024-52615 |
|
Vulnerability in CVE-2024-52615 (CVE-2024-52615)
vulnerability in CVE-2024-52615 (CVE-2024-52615). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51364 |
|
Unrestricted File Upload in CVE-2024-51364 (CVE-2024-51364)
vulnerability in CVE-2024-51364 (CVE-2024-51364). Successful exploitation can lead to full system takeover.
|
| CVE-2024-51366 |
|
Unrestricted File Upload in CVE-2024-51366 (CVE-2024-51366)
vulnerability in CVE-2024-51366 (CVE-2024-51366). Successful exploitation can lead to full system takeover.
|
| CVE-2024-51367 |
|
Code Injection in CVE-2024-51367 (CVE-2024-51367)
code injection in CVE-2024-51367 (CVE-2024-51367). Successful exploitation can lead to full system takeover.
|
| CVE-2024-7130 |
|
Cross-Site Scripting (XSS) in CVE-2024-7130 (CVE-2024-7130)
cross-site scripting in CVE-2024-7130 (CVE-2024-7130). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-7026 |
|
SQL Injection in sqli (CVE-2024-7026)
SQL injection in sqli (CVE-2024-7026). Confidential information can be exposed externally.
|
| CVE-2024-7016 |
|
Cross-Site Scripting (XSS) in smarttek (CVE-2024-7016)
cross-site scripting in smarttek (CVE-2024-7016). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-44309 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Apple multiple-products (CVE-2024-44309)
cross-site scripting in Apple multiple-products (CVE-2024-44309). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21287 KEV |
|
[KEV] Authorization Flaw in Oracle agile-product-lifecycle-management-plm (CVE-2024-21287)
vulnerability in Oracle agile-product-lifecycle-management-plm (CVE-2024-21287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-12401 |
|
Vulnerability in github.com/cert-manager/cert-manager (CVE-2024-12401)
vulnerability in github.com/cert-manager/cert-manager (CVE-2024-12401). Risk of unauthorized operations or information disclosure. Exploitable via ``pem.Decode``. Mitigation: upgrade to `1.16.2` or later.
|
| CVE-2024-52725 |
|
SQL Injection in sqli (CVE-2024-52725)
SQL injection in sqli (CVE-2024-52725). Confidential information can be exposed externally.
|
| CVE-2024-11406 |
|
Cross-Site Scripting (XSS) in djangocms-attributes-field (CVE-2024-11406)
cross-site scripting in djangocms-attributes-field (CVE-2024-11406). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0` or later.
|
| CVE-2024-11404 |
|
Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.
|
| CVE-2024-38812 KEV |
|
[KEV] Vulnerability in Vmware vcenter-server (CVE-2024-38812)
vulnerability in Vmware vcenter-server (CVE-2024-38812). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38813 KEV |
|
[KEV] Vulnerability in Vmware vcenter-server (CVE-2024-38813)
vulnerability in Vmware vcenter-server (CVE-2024-38813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-52714 |
|
Vulnerability in tenda (CVE-2024-52714)
vulnerability in tenda (CVE-2024-52714). Successful exploitation can lead to full system takeover.
|
| CVE-2024-53057 |
|
Use-After-Free in c (CVE-2024-53057)
vulnerability in c (CVE-2024-53057). Successful exploitation can lead to full system takeover.
|
| CVE-2024-50803 |
|
Cross-Site Scripting (XSS) in redaxo (CVE-2024-50803)
cross-site scripting in redaxo (CVE-2024-50803). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-50301 |
|
Out-of-Bounds Read in c (CVE-2024-50301)
vulnerability in c (CVE-2024-50301). Confidential information can be exposed externally.
|
| CVE-2024-50299 |
|
Vulnerability in c (CVE-2024-50299)
vulnerability in c (CVE-2024-50299). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-50298 |
|
Vulnerability in linux (CVE-2024-50298)
vulnerability in linux (CVE-2024-50298). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-8781 |
|
Vulnerability in privilege-escalation (CVE-2024-8781)
vulnerability in privilege-escalation (CVE-2024-8781). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-3370 |
|
SQL Injection in sqli (CVE-2024-3370)
SQL injection in sqli (CVE-2024-3370). Confidential information can be exposed externally.
|
| CVE-2024-11319 |
|
Cross-Site Scripting (XSS) in django-cms (CVE-2024-11319)
cross-site scripting in django-cms (CVE-2024-11319). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2024-9474 KEV |
|
[KEV] Command Injection in Palo alto networks palo-alto-networks (CVE-2024-9474)
command injection in Palo alto networks palo-alto-networks (CVE-2024-9474). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-1212 KEV |
|
[KEV] OS Command Injection in Progress kemp-loadmaster (CVE-2024-1212)
OS command injection in Progress kemp-loadmaster (CVE-2024-1212). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2024-0012 KEV |
|
[KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2024-0012)
vulnerability in Palo alto networks palo-alto-networks (CVE-2024-0012). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-51330 |
|
Code Injection in ultimaker (CVE-2024-51330)
code injection in ultimaker (CVE-2024-51330). Data can be tampered with by attackers.
|
| CVE-2024-46383 |
|
Vulnerability in CVE-2024-46383 (CVE-2024-46383)
vulnerability in CVE-2024-46383 (CVE-2024-46383). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-3447 |
|
Vulnerability in dos (CVE-2024-3447)
vulnerability in dos (CVE-2024-3447). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-7787 |
|
Cross-Site Scripting (XSS) in CVE-2024-7787 (CVE-2024-7787)
cross-site scripting in CVE-2024-7787 (CVE-2024-7787). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-9465 KEV |
|
[KEV] SQL Injection in Palo alto networks palo-alto-networks (CVE-2024-9465)
SQL injection in Palo alto networks palo-alto-networks (CVE-2024-9465). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-9463 KEV |
|
[KEV] OS Command Injection in Palo alto networks palo-alto-networks (CVE-2024-9463)
OS command injection in Palo alto networks palo-alto-networks (CVE-2024-9463). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-9477 |
|
Cross-Site Scripting (XSS) in airties (CVE-2024-9477)
cross-site scripting in airties (CVE-2024-9477). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-8074 |
|
Vulnerability in CVE-2024-8074 (CVE-2024-8074)
vulnerability in CVE-2024-8074 (CVE-2024-8074). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-49394 |
|
Vulnerability in mutt (CVE-2024-49394)
vulnerability in mutt (CVE-2024-49394). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-49393 |
|
Vulnerability in mutt (CVE-2024-49393)
vulnerability in mutt (CVE-2024-49393). Confidential information can be exposed externally.
|
| CVE-2024-11079 |
|
Vulnerability in CVE-2024-11079 (CVE-2024-11079)
vulnerability in CVE-2024-11079 (CVE-2024-11079). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-2120 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Cisco adaptive-security-appliance-asa (CVE-2014-2120)
cross-site scripting in Cisco adaptive-security-appliance-asa (CVE-2014-2120). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|