2024 CVEs

39152 CVEs published in 2024. 3688 critical, 12752 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2024
CVESeverityScorePublishedSummary
CVE-2024-58338Critical10.02025-12-30Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute comm…
CVE-2024-57521Critical10.02025-12-23SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
CVE-2024-56731Critical10.02025-06-24Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote comman…
CVE-2024-46506Critical10.02025-05-13NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authenticat…
CVE-2024-11186Critical10.02025-05-08On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS dev…
CVE-2024-41794Critical10.02025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the…
CVE-2024-10442Critical10.02025-03-19Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified…
CVE-2024-56346Critical10.02025-03-18IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.
CVE-2024-50707Critical10.02025-03-04Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-…
CVE-2024-50704Critical10.02025-03-04Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially craf…
CVE-2024-13152Critical10.02025-02-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allo…
CVE-2024-48841Critical10.02025-01-27Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
CVE-2024-55971Critical10.02025-01-23SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on…
CVE-2024-39761Critical10.02025-01-14Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT…
CVE-2024-39760Critical10.02025-01-14Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT…
CVE-2024-39759Critical10.02025-01-14Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT…
CVE-2024-39754Critical10.02025-01-14A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to ro…
CVE-2024-39608Critical10.02025-01-14A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitr…
CVE-2024-36290Critical10.02025-01-14A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can l…
CVE-2024-36258Critical10.02025-01-14A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially cr…