CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-12089 A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute a... | 8.7 | HIGH | — | 0 |
| CVE-2024-12090 A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser... | 8.7 | HIGH | — | 0 |
| CVE-2024-12091 A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute a... | 8.7 | HIGH | — | 0 |
| CVE-2024-12092 A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser... | 8.7 | HIGH | — | 0 |
| CVE-2009-2671 The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the ac... | N/A | NONE | — | 0 |
| CVE-2024-49336 IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ... | 6.5 | MEDIUM | — | 0 |
| CVE-2009-2672 The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untruste... | N/A | NONE | — | 0 |
| CVE-2009-2673 The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access rest... | N/A | NONE | — | 0 |
| CVE-2024-50379 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (n... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54677 Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-12670 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, ... | 7.8 | HIGH | — | 0 |
| CVE-2024-53144 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-48889 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, ve... | 7.2 | HIGH | — | 0 |
| CVE-2025-25472 A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | 5.3 | MEDIUM | — | 0 |
| CVE-2009-2674 Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted ... | N/A | NONE | — | 0 |
| CVE-2024-53580 iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. | 7.5 | HIGH | — | 0 |
| CVE-2024-35141 IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | 7.8 | HIGH | — | 0 |
| CVE-2024-47093 Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 8.8 | HIGH | — | 0 |
| CVE-2024-12790 A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads... | 3.5 | LOW | — | 0 |
| CVE-2023-7005 A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlo... | 7.5 | HIGH | — | 0 |
| CVE-2025-68549 Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1. | 9.9 | CRITICAL | — | 0 |
| CVE-2024-56337 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 throug... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-51463 IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network en... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-51464 IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remote... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-56378 libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-56326 Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to ... | 7.8 | HIGH | — | 0 |
| CVE-2024-53240 In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-53241 In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hyperca... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53145 In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53146 In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an int... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53148 In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pag... | 5.5 | MEDIUM | — | 0 |
| CVE-2009-2675 Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain priv... | N/A | NONE | — | 0 |
| CVE-2024-53151 In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > stru... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53154 In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference err... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53155 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value ... | 7.1 | HIGH | — | 0 |
| CVE-2024-53156 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-in... | 7.8 | HIGH | — | 0 |
| CVE-2024-53157 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI f... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53158 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53161 In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12969 A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of ... | 7.3 | HIGH | — | 0 |
| CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | 7.5 | HIGH | — | 0 |
| CVE-2024-56520 An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed. | 7.3 | HIGH | — | 0 |
| CVE-2024-56522 An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. | 7.5 | HIGH | — | 0 |
| CVE-2024-56527 An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | 7.5 | HIGH | — | 0 |
| CVE-2024-12983 A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the compone... | 2.4 | LOW | — | 0 |
| CVE-2022-49034 In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cp... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22365 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects So... | 8.1 | HIGH | — | 0 |
| CVE-2024-53164 In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a ca... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53165 In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever re... | 7.8 | HIGH | — | 0 |
| CVE-2024-53166 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bf... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.