2024 CVE Vulnerabilities
39,152 CVEs published in 2024.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-58253 | LOW | 2.9 | 0.1% | May 2, 2025 | In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to inva... |
| CVE-2024-30146 | LOW | 2.7 | 0.2% | Apr 30, 2025 | Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server... |
| CVE-2024-47784 | LOW | 2.1 | 0.2% | Apr 30, 2025 | Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in th... |
| CVE-2024-12273 | LOW | 3.5 | 0.2% | Apr 29, 2025 | The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could... |
| CVE-2024-12706 | LOW | 2.1 | 0.2% | Apr 28, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital ... |
| CVE-2024-9771 | LOW | 3.5 | 0.2% | Apr 28, 2025 | The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow hig... |
| CVE-2024-57375 | LOW | 2.4 | 0.2% | Apr 25, 2025 | Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to c... |
| CVE-2024-30127 | LOW | 3.2 | 0.1% | Apr 24, 2025 | Missing "no cache" headers in HCL Leap permits sensitive data to be cached. |
| CVE-2024-58251 | LOW | 2.5 | 0.2% | Apr 23, 2025 | In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI t... |
| CVE-2024-11924 | LOW | 3.5 | 0.2% | Apr 17, 2025 | The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape som... |
| CVE-2024-58249 | LOW | 3.7 | 0.4% | Apr 16, 2025 | In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. |
| CVE-2024-58248 | LOW | 3.5 | 0.3% | Apr 16, 2025 | nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate red... |
| CVE-2024-42193 | LOW | 2.1 | 0.2% | Apr 15, 2025 | HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate valid... |
| CVE-2024-49709 | LOW | 2.3 | 0.2% | Apr 14, 2025 | Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attack... |
| CVE-2024-58131 | LOW | 3.7 | 0.2% | Apr 6, 2025 | FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a ma... |
| CVE-2024-42208 | LOW | 3.5 | 0.2% | Apr 4, 2025 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive in... |
| CVE-2024-42325 | LOW | 2.1 | 0.3% | Apr 2, 2025 | Zabbix API user.get returns all users that share common group with the calling user. This includes media and other infor... |
| CVE-2024-36469 | LOW | 2.3 | 0.3% | Apr 2, 2025 | Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. |
| CVE-2024-40864 | LOW | 2.7 | 0.6% | Mar 31, 2025 | The issue was addressed with improved handling of protocols. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequ... |
| CVE-2024-39311 | LOW | 1.8 | 0.2% | Mar 28, 2025 | Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions... |
| CVE-2024-55070 | LOW | 3.1 | 0.2% | Mar 27, 2025 | A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allo... |
| CVE-2024-12683 | LOW | 3.5 | 0.2% | Mar 26, 2025 | The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could ... |
| CVE-2024-13123 | LOW | 3.5 | 0.2% | Mar 25, 2025 | The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privi... |
| CVE-2024-13122 | LOW | 3.5 | 0.2% | Mar 25, 2025 | The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privi... |
| CVE-2024-12769 | LOW | 3.5 | 0.2% | Mar 25, 2025 | The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow hi... |
Check if your code is affected by 2024 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now