Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-4671 KEV |
|
[KEV] Use-After-Free in Google chromium (CVE-2024-4671)
vulnerability in Google chromium (CVE-2024-4671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-7028 KEV |
|
[KEV] Vulnerability in gitlab (CVE-2023-7028)
vulnerability in gitlab (CVE-2023-7028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-33270 |
|
Out-of-Bounds Read in CVE-2024-33270 (CVE-2024-33270)
vulnerability in CVE-2024-33270 (CVE-2024-33270). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.4` or later.
|
| CVE-2024-29988 KEV |
|
[KEV] Vulnerability in Microsoft smartscreen-prompt (CVE-2024-29988)
vulnerability in Microsoft smartscreen-prompt (CVE-2024-29988). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-4040 KEV |
|
[KEV] Vulnerability in crushftp (CVE-2024-4040)
vulnerability in crushftp (CVE-2024-4040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20359 KEV |
|
[KEV] Code Injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359)
code injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20353 KEV |
|
[KEV] Vulnerability in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20353)
vulnerability in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20353). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-38028 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-38028)
vulnerability in Microsoft windows (CVE-2022-38028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-32206 |
|
Cross-Site Scripting (XSS) in wuzhicms (CVE-2024-32206)
cross-site scripting in wuzhicms (CVE-2024-32206). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-3400 KEV |
|
[KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3400)
vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3400). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-51141 |
|
Vulnerability in zkteco (CVE-2023-51141)
vulnerability in zkteco (CVE-2023-51141). Confidential information can be exposed externally.
|
| CVE-2023-51142 |
|
Information Disclosure in zkteco (CVE-2023-51142)
vulnerability in zkteco (CVE-2023-51142). Confidential information can be exposed externally.
|
| CVE-2024-3273 KEV |
|
[KEV] Command Injection in D-link multiple-nas-devices (CVE-2024-3273)
command injection in D-link multiple-nas-devices (CVE-2024-3273). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-3272 KEV |
|
[KEV] Vulnerability in D-link multiple-nas-devices (CVE-2024-3272)
vulnerability in D-link multiple-nas-devices (CVE-2024-3272). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-3566 |
|
Command Injection in node (CVE-2024-3566)
command injection in node (CVE-2024-3566). Successful exploitation can lead to full system takeover. Exploitable via ``cmd.exe``. Mitigation: upgrade to `18.19.0` or later.
|
| CVE-2024-29748 KEV |
|
[KEV] Vulnerability in Android pixel (CVE-2024-29748)
vulnerability in Android pixel (CVE-2024-29748). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-29745 KEV |
|
[KEV] Vulnerability in Android pixel (CVE-2024-29745)
vulnerability in Android pixel (CVE-2024-29745). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-28085 |
|
Vulnerability in kernel (CVE-2024-28085)
vulnerability in kernel (CVE-2024-28085). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-24955 KEV |
|
[KEV] Code Injection in Microsoft sharepoint-server (CVE-2023-24955)
code injection in Microsoft sharepoint-server (CVE-2023-24955). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-48788 KEV |
|
[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2023-48788)
SQL injection in Fortinet forticlient-ems (CVE-2023-48788). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-7256 KEV |
|
[KEV] OS Command Injection in Nice linear-emerge-e3-series (CVE-2019-7256)
OS command injection in Nice linear-emerge-e3-series (CVE-2019-7256). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44529 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)
code injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-29858 |
|
Vulnerability in misp-project (CVE-2024-29858)
vulnerability in misp-project (CVE-2024-29858). Successful exploitation can lead to full system takeover.
|
| CVE-2024-29859 |
|
Unrestricted File Upload in misp-project (CVE-2024-29859)
vulnerability in misp-project (CVE-2024-29859). Successful exploitation can lead to full system takeover.
|
| CVE-2024-24520 |
|
Code Injection in lepton-cms (CVE-2024-24520)
code injection in lepton-cms (CVE-2024-24520). Successful exploitation can lead to full system takeover.
|
| CVE-2023-42789 |
|
Out-of-Bounds Write in fortinet (CVE-2023-42789)
out-of-bounds write in fortinet (CVE-2023-42789). Successful exploitation can lead to full system takeover.
|
| CVE-2023-42790 |
|
Vulnerability in fortinet (CVE-2023-42790)
vulnerability in fortinet (CVE-2023-42790). Successful exploitation can lead to full system takeover.
|
| CVE-2024-27198 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27198)
vulnerability in Jetbrains teamcity (CVE-2024-27198). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-23225 KEV |
|
[KEV] Out-of-Bounds Write in Apple multiple-products (CVE-2024-23225)
out-of-bounds write in Apple multiple-products (CVE-2024-23225). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-23296 KEV |
|
[KEV] Out-of-Bounds Write in Apple multiple-products (CVE-2024-23296)
out-of-bounds write in Apple multiple-products (CVE-2024-23296). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21237 KEV |
|
[KEV] Information Disclosure in Android pixel (CVE-2023-21237)
vulnerability in Android pixel (CVE-2023-21237). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-36380 KEV |
|
[KEV] OS Command Injection in Sunhillo sureline (CVE-2021-36380)
OS command injection in Sunhillo sureline (CVE-2021-36380). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21338 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2024-21338)
vulnerability in Microsoft windows (CVE-2024-21338). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-29360 KEV |
|
[KEV] Vulnerability in Microsoft streaming-service (CVE-2023-29360)
vulnerability in Microsoft streaming-service (CVE-2023-29360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-22983 |
|
SQL Injection in sqli (CVE-2024-22983)
SQL injection in sqli (CVE-2024-22983). Confidential information can be exposed externally.
|
| CVE-2024-1709 KEV |
|
[KEV] Vulnerability in Connectwise screenconnect (CVE-2024-1709)
vulnerability in Connectwise screenconnect (CVE-2024-1709). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21410 KEV |
|
[KEV] Authentication Bypass in Microsoft exchange-server (CVE-2024-21410)
authentication bypass in Microsoft exchange-server (CVE-2024-21410). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-3259 KEV |
|
[KEV] Information Disclosure in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2020-3259)
vulnerability in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2020-3259). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20673 |
|
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
|
| CVE-2024-21412 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2024-21412)
vulnerability in Microsoft windows (CVE-2024-21412). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21351 KEV |
|
[KEV] Code Injection in Microsoft windows (CVE-2024-21351)
code injection in Microsoft windows (CVE-2024-21351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-43770 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Roundcube webmail (CVE-2023-43770)
cross-site scripting in Roundcube webmail (CVE-2023-43770). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-25675 |
|
Vulnerability in misp-project (CVE-2024-25675)
vulnerability in misp-project (CVE-2024-25675). Successful exploitation can lead to full system takeover.
|
| CVE-2024-21762 KEV |
|
[KEV] Out-of-Bounds Write in Fortinet fortios (CVE-2024-21762)
out-of-bounds write in Fortinet fortios (CVE-2024-21762). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-4762 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2023-4762)
vulnerability in Google chromium-v8 (CVE-2023-4762). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-48618 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2022-48618)
vulnerability in Apple multiple-products (CVE-2022-48618). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21893 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Ivanti connect-secure (CVE-2024-21893)
SSRF in Ivanti connect-secure (CVE-2024-21893). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-0727 |
|
Vulnerability in cryptography (CVE-2024-0727)
vulnerability in cryptography (CVE-2024-0727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `42.0.2` or later.
|
| CVE-2024-22922 |
|
Privilege Escalation in projectworlds (CVE-2024-22922)
vulnerability in projectworlds (CVE-2024-22922). Successful exploitation can lead to full system takeover.
|
| CVE-2023-51702 |
|
Vulnerability in apache (CVE-2023-51702)
vulnerability in apache (CVE-2023-51702). Confidential information can be exposed externally.
|