2024 CVE Vulnerabilities
39,152 CVEs published in 2024.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-10106 | LOW | 3.7 | 0.4% | Jan 9, 2025 | A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's... |
| CVE-2024-37372 | LOW | 3.6 | 0.4% | Jan 9, 2025 | The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignor... |
| CVE-2024-54010 | LOW | 3.4 | 0.2% | Jan 8, 2025 | A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an un... |
| CVE-2024-53995 | LOW | 1.9 | 0.9% | Jan 8, 2025 | SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter tak... |
| CVE-2024-12425 | LOW | 2.4 | 0.3% | Jan 7, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation ... |
| CVE-2024-10562 | LOW | 2.7 | 0.4% | Jan 7, 2025 | The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could ... |
| CVE-2024-10102 | LOW | 2.7 | 0.5% | Jan 7, 2025 | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some ... |
| CVE-2024-10527 | LOW | 3.1 | 0.3% | Jan 7, 2025 | The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mo... |
| CVE-2024-48455 | LOW | 2.7 | 6.2% | Jan 6, 2025 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi ... |
| CVE-2024-51472 | LOW | 3.1 | 0.2% | Jan 6, 2025 | IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vuln... |
| CVE-2024-12970 | LOW | 3.9 | 1.3% | Jan 6, 2025 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILG... |
| CVE-2024-56324 | LOW | 2.1 | 0.8% | Jan 3, 2025 | GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edi... |
| CVE-2024-56322 | LOW | 2.1 | 0.7% | Jan 3, 2025 | GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hi... |
| CVE-2024-56321 | LOW | 3.8 | 0.5% | Jan 3, 2025 | GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the ... |
| CVE-2024-49422 | LOW | 3.9 | 0.2% | Dec 31, 2024 | Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen... |
| CVE-2024-56512 | LOW | 2.1 | 3.0% | Dec 28, 2024 | Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Cont... |
| CVE-2024-56433 | LOW | 3.6 | 0.4% | Dec 26, 2024 | shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535... |
| CVE-2024-56430 | LOW | 2.9 | 0.4% | Dec 25, 2024 | OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. |
| CVE-2024-12014 | LOW | 2 | 0.3% | Dec 20, 2024 | Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow ... |
| CVE-2024-44298 | LOW | 3.3 | 0.2% | Dec 20, 2024 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia... |
| CVE-2024-52589 | LOW | 2.7 | 0.2% | Dec 19, 2024 | Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin ... |
| CVE-2024-12801 | LOW | 2.4 | 0.2% | Dec 19, 2024 | Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on t... |
| CVE-2024-9101 | LOW | 2.1 | 0.5% | Dec 19, 2024 | A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the l... |
| CVE-2024-49820 | LOW | 3.7 | 0.2% | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensiti... |
| CVE-2024-42194 | LOW | 3.1 | 0.3% | Dec 17, 2024 | An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access ... |
Check if your code is affected by 2024 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now