2024 CVE Vulnerabilities
39,152 CVEs published in 2024.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-35039 | LOW | 3.8 | 0.2% | May 16, 2024 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. |
| CVE-2024-4976 | LOW | 2.1 | 0.2% | May 15, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference. |
| CVE-2024-3823 | LOW | 2.4 | 0.2% | May 15, 2024 | The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is mi... |
| CVE-2024-3629 | LOW | 2.4 | 0.2% | May 15, 2024 | The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which co... |
| CVE-2024-32020 | LOW | 3.3 | 0.5% | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local cl... |
| CVE-2024-34713 | LOW | 3.5 | 0.4% | May 14, 2024 | sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. P... |
| CVE-2024-33007 | LOW | 3.5 | 0.3% | May 14, 2024 | PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. I... |
| CVE-2024-33000 | LOW | 3.5 | 0.3% | May 14, 2024 | SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalati... |
| CVE-2024-34218 | LOW | 3.8 | 17.6% | May 14, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTP... |
| CVE-2024-34203 | LOW | 3.8 | 0.6% | May 14, 2024 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguage... |
| CVE-2024-34079 | LOW | 3.7 | 0.6% | May 14, 2024 | octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike ... |
| CVE-2024-27839 | LOW | 3.3 | 0.2% | May 14, 2024 | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iP... |
| CVE-2024-27837 | LOW | 3.3 | 0.2% | May 14, 2024 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A l... |
| CVE-2024-27835 | LOW | 2.4 | 0.3% | May 14, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker... |
| CVE-2024-27803 | LOW | 2.4 | 0.3% | May 14, 2024 | A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker... |
| CVE-2024-22343 | LOW | 3.3 | 0.2% | May 14, 2024 | IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the syste... |
| CVE-2024-3628 | LOW | 3.8 | 0.4% | May 7, 2024 | The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high p... |
| CVE-2024-20872 | LOW | 3.3 | 0.1% | May 7, 2024 | Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attack... |
| CVE-2024-20860 | LOW | 3.3 | 0.1% | May 7, 2024 | Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows lo... |
| CVE-2024-20855 | LOW | 2.4 | 0.2% | May 7, 2024 | Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attacker... |
| CVE-2024-31636 | LOW | 3.9 | 0.3% | May 3, 2024 | An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_re... |
| CVE-2024-3480 | LOW | 2.8 | 0.1% | May 3, 2024 | An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-r... |
| CVE-2024-3479 | LOW | 2.8 | 0.1% | May 3, 2024 | An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterpr... |
| CVE-2024-34063 | LOW | 2.5 | 0.1% | May 3, 2024 | vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secre... |
| CVE-2024-32882 | LOW | 2.7 | 0.5% | May 2, 2024 | Wagtail is an open source content management system built on Django. In affected versions if a model has been made avail... |
Check if your code is affected by 2024 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now