2024 CVE Vulnerabilities
39,152 CVEs published in 2024.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-9654 | LOW | 3.7 | 0.3% | Dec 17, 2024 | The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. T... |
| CVE-2024-56082 | LOW | 3.5 | 0.4% | Dec 15, 2024 | ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disab... |
| CVE-2024-12300 | LOW | 3.7 | 0.4% | Dec 13, 2024 | The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing ca... |
| CVE-2024-10043 | LOW | 3.1 | 0.4% | Dec 12, 2024 | An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting... |
| CVE-2024-54493 | LOW | 3.3 | 0.2% | Dec 12, 2024 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicator... |
| CVE-2024-54491 | LOW | 3.3 | 0.2% | Dec 12, 2024 | The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be ... |
| CVE-2024-54485 | LOW | 2.4 | 0.3% | Dec 12, 2024 | The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macO... |
| CVE-2024-53274 | LOW | 2 | 0.4% | Dec 12, 2024 | Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scrip... |
| CVE-2024-44290 | LOW | 3.3 | 0.2% | Dec 12, 2024 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18... |
| CVE-2024-44200 | LOW | 3.3 | 0.2% | Dec 12, 2024 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18... |
| CVE-2024-11053 | LOW | 3.4 | 1.4% | Dec 11, 2024 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used f... |
| CVE-2024-55655 | LOW | 2.7 | 0.2% | Dec 10, 2024 | sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer tha... |
| CVE-2024-54133 | LOW | 2.3 | 1.0% | Dec 10, 2024 | Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) v... |
| CVE-2024-52831 | LOW | 3.5 | 0.9% | Dec 10, 2024 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that cou... |
| CVE-2024-43755 | LOW | 3.5 | 0.9% | Dec 10, 2024 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that cou... |
| CVE-2024-55550 | LOW | 2.7 | 37.5% | Dec 10, 2024 | Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local fi... |
| CVE-2024-47577 | LOW | 2.7 | 0.2% | Dec 10, 2024 | Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability.... |
| CVE-2024-47576 | LOW | 3.3 | 0.2% | Dec 10, 2024 | SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Win... |
| CVE-2024-12174 | LOW | 2.7 | 0.2% | Dec 9, 2024 | An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged at... |
| CVE-2024-12057 | LOW | 1.8 | 0.1% | Dec 9, 2024 | User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a W... |
| CVE-2024-53947 | LOW | 2.3 | 0.8% | Dec 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. S... |
| CVE-2024-50403 | LOW | 2.1 | 0.5% | Dec 6, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system ver... |
| CVE-2024-50402 | LOW | 2.1 | 0.5% | Dec 6, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system ver... |
| CVE-2024-48866 | LOW | 2.3 | 0.4% | Dec 6, 2024 | An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating sys... |
| CVE-2024-6219 | LOW | 3.8 | 0.2% | Dec 6, 2024 | Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust... |
Check if your code is affected by 2024 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now