CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-2383 A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. T... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-2548 A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/sec... | 7.5 | HIGH | — | 0 |
| CVE-2024-2624 A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lol... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-2928 A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure t... | 7.5 | HIGH | — | 0 |
| CVE-2024-5225 An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special eleme... | 7.2 | HIGH | — | 0 |
| CVE-2024-2965 A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing site... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-30373 Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power ... | 7.8 | HIGH | — | 0 |
| CVE-2024-32873 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to antic... | 3.5 | LOW | — | 0 |
| CVE-2024-37153 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local stat... | 7.5 | HIGH | — | 0 |
| CVE-2024-37154 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-37364 Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), a... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-30064 Windows Kernel Elevation of Privilege Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-30065 Windows Themes Denial of Service Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | 8.0 | HIGH | — | 0 |
| CVE-2024-30068 Windows Kernel Elevation of Privilege Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 | MEDIUM | — | 0 |
| CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | 8.0 | HIGH | — | 0 |
| CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2024-30076 Windows Container Manager Service Elevation of Privilege Vulnerability | 6.8 | MEDIUM | — | 0 |
| CVE-2024-30077 Windows OLE Remote Code Execution Vulnerability | 8.0 | HIGH | — | 0 |
| CVE-2024-30082 Win32k Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-34406 Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30087 Win32k Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2023-4727 A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with... | 7.5 | HIGH | — | 0 |
| CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2024-30091 Win32k Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30093 Windows Storage Elevation of Privilege Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2023-52117 Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30096 Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-4145 The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi... | 7.2 | HIGH | — | 0 |
| CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2024-30100 Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-30102 Microsoft Office Remote Code Execution Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-36574 A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) | 6.3 | MEDIUM | — | 0 |
| CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-32146 Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.