2024 CVE Vulnerabilities
39,152 CVEs published in 2024.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-6156 | LOW | 3.8 | 0.2% | Dec 6, 2024 | Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was prese... |
| CVE-2024-54140 | LOW | 2.1 | 0.2% | Dec 5, 2024 | sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient ver... |
| CVE-2024-38829 | LOW | 3.7 | 0.4% | Dec 4, 2024 | A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from ... |
| CVE-2024-12056 | LOW | 2.3 | 0.3% | Dec 4, 2024 | The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacke... |
| CVE-2024-53502 | LOW | 3.8 | 0.3% | Dec 3, 2024 | Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. |
| CVE-2024-53921 | LOW | 2.8 | 0.2% | Dec 3, 2024 | An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders ... |
| CVE-2024-25036 | LOW | 3.3 | 0.2% | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security all... |
| CVE-2024-49417 | LOW | 3.3 | 0.1% | Dec 3, 2024 | Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch... |
| CVE-2024-49414 | LOW | 2.4 | 0.2% | Dec 3, 2024 | Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to t... |
| CVE-2024-53988 | LOW | 2.3 | 0.4% | Dec 2, 2024 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnera... |
| CVE-2024-53987 | LOW | 2.3 | 0.4% | Dec 2, 2024 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnera... |
| CVE-2024-53986 | LOW | 2.3 | 0.5% | Dec 2, 2024 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnera... |
| CVE-2024-53985 | LOW | 2.3 | 0.6% | Dec 2, 2024 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnera... |
| CVE-2024-53989 | LOW | 2.3 | 0.5% | Dec 2, 2024 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnera... |
| CVE-2024-11856 | LOW | 3.7 | 0.3% | Dec 2, 2024 | A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. |
| CVE-2024-52800 | LOW | 2.3 | 1.1% | Nov 29, 2024 | veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI in... |
| CVE-2024-46939 | LOW | 2.4 | 0.2% | Nov 28, 2024 | The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameter... |
| CVE-2024-36464 | LOW | 2.7 | 0.5% | Nov 27, 2024 | When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type... |
| CVE-2024-42333 | LOW | 2.7 | 0.6% | Nov 27, 2024 | The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read... |
| CVE-2024-42332 | LOW | 3.7 | 0.6% | Nov 27, 2024 | The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with addit... |
| CVE-2024-42331 | LOW | 3.3 | 0.3% | Nov 27, 2024 | In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript... |
| CVE-2024-42329 | LOW | 3.3 | 0.2% | Nov 27, 2024 | The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function... |
| CVE-2024-52008 | LOW | 2 | 0.5% | Nov 26, 2024 | Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password... |
| CVE-2024-22117 | LOW | 2.2 | 0.5% | Nov 26, 2024 | When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the s... |
| CVE-2024-8160 | LOW | 2.7 | 0.6% | Nov 26, 2024 | Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficie... |
Check if your code is affected by 2024 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now