Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-26988 |
|
Out-of-Bounds Write in c (CVE-2024-26988)
out-of-bounds write in c (CVE-2024-26988). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26934 |
|
Vulnerability in c (CVE-2024-26934)
vulnerability in c (CVE-2024-26934). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26951 |
|
Use-After-Free in linux (CVE-2024-26951)
vulnerability in linux (CVE-2024-26951). Successful exploitation can lead to full system takeover.
|
| CVE-2023-7028 KEV |
|
[KEV] Vulnerability in gitlab (CVE-2023-7028)
vulnerability in gitlab (CVE-2023-7028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-33270 |
|
Out-of-Bounds Read in CVE-2024-33270 (CVE-2024-33270)
vulnerability in CVE-2024-33270 (CVE-2024-33270). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.4` or later.
|
| CVE-2024-29988 KEV |
|
[KEV] Vulnerability in Microsoft smartscreen-prompt (CVE-2024-29988)
vulnerability in Microsoft smartscreen-prompt (CVE-2024-29988). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-28327 |
|
Vulnerability in CVE-2024-28327 (CVE-2024-28327)
vulnerability in CVE-2024-28327 (CVE-2024-28327). Successful exploitation can lead to full system takeover.
|
| CVE-2024-4040 KEV |
|
[KEV] Vulnerability in crushftp (CVE-2024-4040)
vulnerability in crushftp (CVE-2024-4040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20359 KEV |
|
[KEV] Code Injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359)
code injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20353 KEV |
|
[KEV] Vulnerability in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20353)
vulnerability in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20353). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-38028 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-38028)
vulnerability in Microsoft windows (CVE-2022-38028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-28699 |
|
Code Injection in CVE-2024-28699 (CVE-2024-28699)
code injection in CVE-2024-28699 (CVE-2024-28699). Successful exploitation can lead to full system takeover.
|
| CVE-2024-32409 |
|
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
|
| CVE-2024-2961 |
|
Out-of-Bounds Write in c (CVE-2024-2961)
out-of-bounds write in c (CVE-2024-2961). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-26884 |
|
Buffer Overflow in linux (CVE-2024-26884)
vulnerability in linux (CVE-2024-26884). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26898 |
|
Use-After-Free in dos (CVE-2024-26898)
vulnerability in dos (CVE-2024-26898). Successful exploitation can lead to full system takeover. Exploitable via ``skbtxq``.
|
| CVE-2024-26907 |
|
Use-After-Free in c (CVE-2024-26907)
vulnerability in c (CVE-2024-26907). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26882 |
|
Vulnerability in c (CVE-2024-26882)
vulnerability in c (CVE-2024-26882). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26885 |
|
Buffer Overflow in linux (CVE-2024-26885)
vulnerability in linux (CVE-2024-26885). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26883 |
|
Buffer Overflow in debian (CVE-2024-26883)
vulnerability in debian (CVE-2024-26883). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26895 |
|
Use-After-Free in csharp (CVE-2024-26895)
vulnerability in csharp (CVE-2024-26895). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26852 |
|
Use-After-Free in c (CVE-2024-26852)
vulnerability in c (CVE-2024-26852). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26872 |
|
Use-After-Free in linux (CVE-2024-26872)
vulnerability in linux (CVE-2024-26872). Successful exploitation can lead to full system takeover.
|
| CVE-2024-3400 KEV |
|
[KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3400)
vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3400). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-51142 |
|
Information Disclosure in zkteco (CVE-2023-51142)
vulnerability in zkteco (CVE-2023-51142). Confidential information can be exposed externally.
|
| CVE-2024-3273 KEV |
|
[KEV] Command Injection in D-link multiple-nas-devices (CVE-2024-3273)
command injection in D-link multiple-nas-devices (CVE-2024-3273). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-3272 KEV |
|
[KEV] Vulnerability in D-link multiple-nas-devices (CVE-2024-3272)
vulnerability in D-link multiple-nas-devices (CVE-2024-3272). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-23077 |
|
Vulnerability in jfree (CVE-2024-23077)
vulnerability in jfree (CVE-2024-23077). Confidential information can be exposed externally.
|
| CVE-2023-52070 |
|
Out-of-Bounds Read in jfree (CVE-2023-52070)
vulnerability in jfree (CVE-2023-52070). Successful exploitation can lead to full system takeover.
|
| CVE-2024-23076 |
|
Vulnerability in jfree (CVE-2024-23076)
vulnerability in jfree (CVE-2024-23076). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-26257 |
|
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
|
| CVE-2024-23084 |
|
Vulnerability in mikkotommila (CVE-2024-23084)
vulnerability in mikkotommila (CVE-2024-23084). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-23085 |
|
Vulnerability in mikkotommila (CVE-2024-23085)
vulnerability in mikkotommila (CVE-2024-23085). Confidential information can be exposed externally.
|
| CVE-2024-27620 |
|
SSRF (Server-Side Request Forgery) in CVE-2024-27620 (CVE-2024-27620)
SSRF in CVE-2024-27620 (CVE-2024-27620). Confidential information can be exposed externally.
|
| CVE-2023-6523 |
|
Vulnerability in CVE-2023-6523 (CVE-2023-6523)
vulnerability in CVE-2023-6523 (CVE-2023-6523). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6522 |
|
Vulnerability in CVE-2023-6522 (CVE-2023-6522)
vulnerability in CVE-2023-6522 (CVE-2023-6522). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-29748 KEV |
|
[KEV] Vulnerability in Android pixel (CVE-2024-29748)
vulnerability in Android pixel (CVE-2024-29748). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-29745 KEV |
|
[KEV] Vulnerability in Android pixel (CVE-2024-29745)
vulnerability in Android pixel (CVE-2024-29745). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-29477 |
|
Code Injection in dolibarr (CVE-2024-29477)
code injection in dolibarr (CVE-2024-29477). Successful exploitation can lead to full system takeover.
|
| CVE-2024-27619 |
|
Vulnerability in CVE-2024-27619 (CVE-2024-27619)
vulnerability in CVE-2024-27619 (CVE-2024-27619). Data can be tampered with by attackers.
|
| CVE-2024-28960 |
|
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
|
| CVE-2024-28714 |
|
SQL Injection in sqli (CVE-2024-28714)
SQL injection in sqli (CVE-2024-28714). Confidential information can be exposed externally.
|
| CVE-2023-51148 |
|
Vulnerability in trendnet (CVE-2023-51148)
vulnerability in trendnet (CVE-2023-51148). Successful exploitation can lead to full system takeover.
|
| CVE-2023-24955 KEV |
|
[KEV] Code Injection in Microsoft sharepoint-server (CVE-2023-24955)
code injection in Microsoft sharepoint-server (CVE-2023-24955). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-7256 KEV |
|
[KEV] OS Command Injection in Nice linear-emerge-e3-series (CVE-2019-7256)
OS command injection in Nice linear-emerge-e3-series (CVE-2019-7256). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44529 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)
code injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-48788 KEV |
|
[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2023-48788)
SQL injection in Fortinet forticlient-ems (CVE-2023-48788). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-24520 |
|
Code Injection in lepton-cms (CVE-2024-24520)
code injection in lepton-cms (CVE-2024-24520). Successful exploitation can lead to full system takeover.
|
| CVE-2024-28735 |
|
Authentication Bypass in unit4 (CVE-2024-28735)
authentication bypass in unit4 (CVE-2024-28735). Confidential information can be exposed externally.
|
| CVE-2024-22257 |
|
Vulnerability in CVE-2024-22257 (CVE-2024-22257)
vulnerability in CVE-2024-22257 (CVE-2024-22257). Confidential information can be exposed externally.
|