CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1740 matches found

Cvelist•added 2024/07/01 12:0 a.m.•18 views

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

0.10123EPSS

Exploits1References1

Microsoft CVE•added 2024/06/30 2:0 p.m.•1 views

Containers/image: digest type does not guarantee valid type

...

8.3CVSS6.6AI score0.00663EPSS

Exploits0

OSV•added 2024/06/27 4:15 p.m.•1 views

ALPINE-CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

6.3CVSS7.7AI score0.00216EPSS

Exploits0References1

OSV•added 2024/06/24 2:15 p.m.•0 views

DEBIAN-CVE-2024-34027

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover reserve,releasecompressblocks w/ cprwsem lock It needs to cover reserve,releasecompressblocks w/ cprwsem lock to avoid racing with checkpoint, otherwise, filesystem metadata including blkaddr in dnode...

7CVSS5.5AI score0.00021EPSS

Exploits0References1

Cvelist•added 2024/06/24 1:56 p.m.•25 views

CVE-2024-34027 f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock

0.00021EPSS

Exploits0References6

UbuntuCve•added 2024/06/21 11:15 a.m.•20 views

CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list 1, kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 test gap zone support with F2FS failed runtime...

5.5CVSS5.8AI score0.00033EPSS

Exploits0References13

OSV•added 2024/06/21 10:18 a.m.•7 views

CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address

5.5CVSS6AI score0.00033EPSS

Exploits0References7

Veracode•added 2024/06/21 8:1 a.m.•5 views

Information Disclosure

typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection render...

7.2AI score

Exploits0

SUSE CVE•added 2024/06/21 3:6 a.m.•1 views

SUSE CVE-2024-38615

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...

4.4CVSS6.8AI score0.00027EPSS

Exploits0References14

OSV•added 2024/06/19 2:15 p.m.•0 views

DEBIAN-CVE-2024-38580

In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfspoll with a file pointer that may race with the last 'fput'. That would make fcount go down to zero, and while the ep-mtx locking means that the resulting file pointe...

4.7CVSS5.4AI score0.00016EPSS

Exploits0References1

OSV•added 2024/06/19 2:15 p.m.•1 views

UBUNTU-CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...

5.5CVSS6.5AI score0.00018EPSS

Exploits0References11

OSV•added 2024/06/19 1:56 p.m.•14 views

CVE-2024-38615 cpufreq: exit() callback is optional

5.5CVSS6AI score0.00027EPSS

Exploits0References11

NVD•added 2024/06/18 2:15 p.m.•9 views

CVE-2024-5750

Rejected reason: REJECT Not a valid security issue...

Exploits0

Cvelist•added 2024/06/18 5:44 a.m.•23 views

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not...

0.00945EPSS

Exploits0References2

Vulnrichment•added 2024/06/18 5:44 a.m.•21 views

CVE-2024-34024

7.4AI score0.00945EPSS

Exploits0References2

Hive Pro Threat Advisories•added 2024/06/14 8:34 p.m.•5 views

Veeam Recovery Orchestrator Flaw Enables Forge of Valid JWT Tokens

...

7.3AI score

Exploits0

CVE•added 2024/06/12 5:12 p.m.•58 views

CVE-2024-2747

CVE-2024-2747 affects Schneider Electric Easergy Studio. The root cause is CWE-428: an unquoted search path/element, allowing a local attacker with low privileges to escalate privileges by replacing a trusted file name and rebooting the system. Impact is described as high for confidentiality, int...

7.8CVSS7.9AI score0.00112EPSS

Exploits0References1Affected Software1

OSV•added 2024/06/11 2:43 p.m.•31 views

CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...

5.3CVSS6.6AI score0.00278EPSS

Exploits0References8