2024 CVE Vulnerabilities
39,152 CVEs published in 2024.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-35777 | LOW | 3.5 | 0.4% | Jul 9, 2024 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Auto... |
| CVE-2024-38372 | LOW | 2 | 0.5% | Jul 8, 2024 | Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch(... |
| CVE-2024-6580 | LOW | 2.3 | 0.1% | Jul 8, 2024 | The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path re... |
| CVE-2024-37234 | LOW | 3.5 | 0.3% | Jul 6, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Acad... |
| CVE-2024-40594 | LOW | 2.3 | 0.1% | Jul 6, 2024 | The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a l... |
| CVE-2024-32754 | LOW | 3.1 | 0.2% | Jul 4, 2024 | Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast i... |
| CVE-2024-29508 | LOW | 3.3 | 0.4% | Jul 3, 2024 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in th... |
| CVE-2024-6126 | LOW | 3.2 | 0.3% | Jul 3, 2024 | A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pa... |
| CVE-2024-39353 | LOW | 2.7 | 0.3% | Jul 3, 2024 | Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them ... |
| CVE-2024-39324 | LOW | 3.8 | 0.4% | Jul 2, 2024 | aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2... |
| CVE-2024-34600 | LOW | 3.3 | 0.1% | Jul 2, 2024 | Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows loc... |
| CVE-2024-34599 | LOW | 3.3 | 0.1% | Jul 2, 2024 | Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Ti... |
| CVE-2024-34597 | LOW | 3.3 | 0.2% | Jul 2, 2024 | Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary docume... |
| CVE-2024-34586 | LOW | 3.3 | 0.1% | Jul 2, 2024 | Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure ... |
| CVE-2024-34583 | LOW | 3.3 | 0.1% | Jul 2, 2024 | Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifi... |
| CVE-2024-20900 | LOW | 3.3 | 0.1% | Jul 2, 2024 | Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode with... |
| CVE-2024-36278 | LOW | 3.3 | 0.1% | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. |
| CVE-2024-31071 | LOW | 3.3 | 0.1% | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. |
| CVE-2024-36995 | LOW | 3.5 | 0.2% | Jul 1, 2024 | In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9... |
| CVE-2024-39846 | LOW | 3.5 | 0.2% | Jun 29, 2024 | NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthoriz... |
| CVE-2024-39307 | LOW | 3.5 | 0.5% | Jun 28, 2024 | Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside... |
| CVE-2024-39302 | LOW | 3.7 | 0.5% | Jun 28, 2024 | BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be... |
| CVE-2024-3995 | LOW | 2 | 0.6% | Jun 28, 2024 | In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. |
| CVE-2024-38531 | LOW | 3.6 | 0.1% | Jun 28, 2024 | Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A bui... |
| CVE-2024-29038 | LOW | 3.3 | 0.4% | Jun 28, 2024 | tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate ar... |
Check if your code is affected by 2024 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now