2024 CVEs
39152 CVEs published in 2024. 3688 critical, 12752 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-58338 | Critical | 10.0 | 2025-12-30 | Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute comm… |
CVE-2024-57521 | Critical | 10.0 | 2025-12-23 | SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java. |
CVE-2024-56731 | Critical | 10.0 | 2025-06-24 | Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote comman… |
CVE-2024-46506 | Critical | 10.0 | 2025-05-13 | NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authenticat… |
CVE-2024-11186 | Critical | 10.0 | 2025-05-08 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS dev… |
CVE-2024-41794 | Critical | 10.0 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the… |
CVE-2024-10442 | Critical | 10.0 | 2025-03-19 | Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified… |
CVE-2024-56346 | Critical | 10.0 | 2025-03-18 | IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls. |
CVE-2024-50707 | Critical | 10.0 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-… |
CVE-2024-50704 | Critical | 10.0 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially craf… |
CVE-2024-13152 | Critical | 10.0 | 2025-02-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allo… |
CVE-2024-48841 | Critical | 10.0 | 2025-01-27 | Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. |
CVE-2024-55971 | Critical | 10.0 | 2025-01-23 | SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on… |
CVE-2024-39761 | Critical | 10.0 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT… |
CVE-2024-39760 | Critical | 10.0 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT… |
CVE-2024-39759 | Critical | 10.0 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT… |
CVE-2024-39754 | Critical | 10.0 | 2025-01-14 | A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to ro… |
CVE-2024-39608 | Critical | 10.0 | 2025-01-14 | A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitr… |
CVE-2024-36290 | Critical | 10.0 | 2025-01-14 | A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can l… |
CVE-2024-36258 | Critical | 10.0 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially cr… |