CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-50056 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50058 In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, par... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50059 In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add fun... | 7.0 | HIGH | — | 0 |
| CVE-2024-3996 The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac... | 3.5 | LOW | — | 0 |
| CVE-2024-50060 In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empt... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50061 In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe f... | 7.0 | HIGH | — | 0 |
| CVE-2024-50062 In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-srv: Avoid null pointer deref during path establishment For RTRS path establishment, RTRS client initiates and completes... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50063 In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached f... | 7.8 | HIGH | — | 0 |
| CVE-2023-52918 In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in t... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into... | 7.8 | HIGH | — | 0 |
| CVE-2024-31880 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a special... | 5.3 | MEDIUM | — | 0 |
| CVE-2006-0799 Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, ... | N/A | NONE | — | 0 |
| CVE-2025-68514 Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-48932 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-10350 A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-10408 A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argume... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-25050 An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially cra... | 8.8 | HIGH | — | 0 |
| CVE-2024-10409 A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argume... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-10415 A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of t... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-10416 A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-10417 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the a... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-10418 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php.... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-10419 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The m... | 3.5 | LOW | — | 0 |
| CVE-2025-68526 Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1. | 8.8 | HIGH | — | 0 |
| CVE-2005-4870 Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitra... | N/A | NONE | — | 0 |
| CVE-2024-50067 In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring ... | 7.8 | HIGH | — | 0 |
| CVE-2024-10448 A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.ph... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-45802 Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resourc... | 7.5 | HIGH | — | 0 |
| CVE-2024-49761 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). T... | 7.5 | HIGH | — | 0 |
| CVE-2024-40867 A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | 9.6 | CRITICAL | — | 0 |
| CVE-2024-50073 In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm... | 7.8 | HIGH | — | 0 |
| CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability | 8.8 | HIGH | KEV | 0 |
| CVE-2024-44175 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-43968 Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-44235 The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | 4.6 | MEDIUM | — | 0 |
| CVE-2025-31094 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Car... | N/A | NONE | — | 0 |
| CVE-2024-44251 This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | 2.4 | LOW | — | 0 |
| CVE-2026-22363 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rh... | 8.1 | HIGH | — | 0 |
| CVE-2024-9380 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 7.2 | HIGH | KEV | 0 |
| CVE-2024-44261 This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted co... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44262 This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44263 A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2006-0800 Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" c... | N/A | NONE | — | 0 |
| CVE-2006-0801 SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language paramete... | N/A | NONE | — | 0 |
| CVE-2006-0802 Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via... | N/A | NONE | — | 0 |
| CVE-2006-0804 Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | N/A | NONE | — | 0 |
| CVE-2025-31096 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.1.2... | N/A | NONE | — | 0 |
| CVE-2025-24919 A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafte... | 8.1 | HIGH | — | 0 |
| CVE-2024-50069 In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned valu... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50072 In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was execut... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.