CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-6139 A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system an... | N/A | NONE | β | 0 |
| CVE-2024-31802 DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code. | 6.3 | MEDIUM | β | 0 |
| CVE-2024-38523 Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, ... | 7.5 | HIGH | β | 0 |
| CVE-2024-39130 A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. | 7.5 | HIGH | β | 0 |
| CVE-2024-39207 lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. | 8.2 | HIGH | β | 0 |
| CVE-2024-39208 luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22276 VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-31074 Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-2973 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass ... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-36072 Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server appli... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36073 Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent whic... | 7.2 | HIGH | β | 0 |
| CVE-2024-36074 Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock de... | 7.2 | HIGH | β | 0 |
| CVE-2024-36075 The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39132 A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39209 luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. | 6.3 | MEDIUM | β | 0 |
| CVE-2024-36059 Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol. | 9.4 | CRITICAL | β | 0 |
| CVE-2024-39016 che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) v... | 8.1 | HIGH | β | 0 |
| CVE-2024-39705 NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perc... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-4395 The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. | 7.8 | HIGH | β | 0 |
| CVE-2024-6071 PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-39708 An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to ... | 7.0 | HIGH | β | 0 |
| CVE-2024-39017 agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Servi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9010 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-38531 Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. ... | 3.6 | LOW | β | 0 |
| CVE-2024-9015 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-9181 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-2795 The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-5735 Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.Β This issue affects AdmirorFrames: ... | 7.5 | HIGH | β | 0 |
| CVE-2024-38521 Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and... | 8.8 | HIGH | β | 0 |
| CVE-2024-39018 harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Ser... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-5736 Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.Β This issue affe... | 7.5 | HIGH | β | 0 |
| CVE-2024-5737 Script afGdStream.php inΒ AdmirorFrames Joomla! extension doesnβt specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is ren... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-37741 OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-3801 Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSSΒ via including scripts in one of GET header parameters.Β Only a part of observed services is vulnerable, but since ven... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-3816 Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar.Β Only a part of observed services is vulnerable, but since vendor has not inve... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21462 Transient DOS while loading the TA ELF file. | 7.1 | HIGH | β | 0 |
| CVE-2024-38522 Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this reposito... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6402 A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-6403 A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulat... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-31912 IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | 7.5 | HIGH | β | 0 |
| CVE-2024-31919 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is us... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-35155 IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information cou... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-38374 The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML... | 7.5 | HIGH | β | 0 |
| CVE-2022-38383 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the sy... | 4.0 | MEDIUM | β | 0 |
| CVE-2024-25031 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-27629 An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of co... | 7.8 | HIGH | β | 0 |
| CVE-2024-35116 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-9185 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-9196 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-35156 IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further a... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.