Improper Input Validation
CWE-20

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-38201Azure Stack Hub Elevation of Privilege Vulnerability
CVSS 7Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38194<p>An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.</p>
CVSS 8.4Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38189Microsoft Project Remote Code Execution Vulnerability
CVSS 8.8Microsoft

Exploit

Patched

Trending graph for this CVE
CVE-2024-38105Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVSS 6.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38095Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exists when System.Formats.Asn1 in .NET parses an X.509 certificate or collection of certificates, a malicious certificate can result in excessive CPU consumption on all platforms result in Denial of Service.
CVSS 7.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38055Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVSS 5.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38052Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVSS 7.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38047PowerShell Elevation of Privilege Vulnerability
CVSS 7.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38046PowerShell Elevation of Privilege Vulnerability
CVSS 7.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38043PowerShell Elevation of Privilege Vulnerability
CVSS 7.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38033PowerShell Elevation of Privilege Vulnerability
CVSS 7.3Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38021Microsoft Office Remote Code Execution Vulnerability
CVSS 8.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-37965Microsoft SQL Server Elevation of Privilege Vulnerability
CVSS 8.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-37794Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2024-37406In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.
CVSS 7.5Brave

-

-

Trending graph for this CVE
CVE-2024-37373Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVSS 7.2Ivanti

-

Patched

Trending graph for this CVE
CVE-2024-37365A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.
CVSS 7.3Rockwellautomation

-

-

Trending graph for this CVE
CVE-2024-37346There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.
CVSS 4.9Sandisk, et al

-

Patched

Trending graph for this CVE
CVE-2024-37061Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.
CVSS 8.8Lfprojects

-

Patched

Trending graph for this CVE
CVE-2024-37027Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
CVSS 6.1Intel

-

-

Trending graph for this CVE
CVE-2024-3676The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
CVSS 7.5Proofpoint

-

-

Trending graph for this CVE
CVE-2024-36742An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.
CVSS 7.5Oneflow

-

-

Trending graph for this CVE
CVE-2024-36740An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.
CVSS 7.5Oneflow

-

-

Trending graph for this CVE
CVE-2024-36737Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.
CVSS 7.5Oneflow

-

-

Trending graph for this CVE
CVE-2024-36734Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.
CVSS 7.5Oneflow

-

-

Trending graph for this CVE
CVE-2024-3657A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
CVSS 7.5Port389

-

Patched

Trending graph for this CVE
CVE-2024-36482Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS 8.2Intel

-

-

Trending graph for this CVE
CVE-2024-36471Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.  Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
CVSS 7.5Apache

-

-

Trending graph for this CVE
CVE-2024-3646A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS 8Github

-

-

Trending graph for this CVE
CVE-2024-36390MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
CVSS 7.5Milesight

-

-

Trending graph for this CVE
CVE-2024-36284Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVSS 5.5

-

-

Trending graph for this CVE
CVE-2024-36282Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS 8.2Intel

-

-

Trending graph for this CVE
CVE-2024-36226 Impact: Security feature bypass Severity: Critical Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Security feature bypass Severity: Moderate Impact: Security feature bypass Severity: Moderate Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Arbitrary code execution Severity: Important Impact: Security feature bypass Severity: Moderate
CVSS 4.1Adobe

-

Patched

Trending graph for this CVE
CVE-2024-36053In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file.
CVSS 9

-

-

Trending graph for this CVE
CVE-2024-3584qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
CVSS LowQdrant

-

Patched

Trending graph for this CVE
CVE-2024-35296Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
CVSS 8.2Apache

-

Patched

Trending graph for this CVE
CVE-2024-35227Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability.
CVSS 7.5Discourse

-

-

Trending graph for this CVE
CVE-2024-35213An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
CVSS 9

-

-

Trending graph for this CVE
CVE-2024-35212A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries.
CVSS 7.5Siemens

-

Patched

Trending graph for this CVE
CVE-2024-35161Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
CVSS 7.5Apache

-

Patched

Trending graph for this CVE
CVE-2024-3493 A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
CVSS 8.6Rockwellautomation

-

Patched

Trending graph for this CVE
CVE-2024-3488File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
CVSS 5.6Opentext

-

-

Trending graph for this CVE
CVE-2024-34693Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.
CVSS 6.8Apache

Exploit

Patched

Trending graph for this CVE
CVE-2024-34545Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVSS 5.7Intel

-

Patched

Trending graph for this CVE
CVE-2024-34365** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Low

-

Patched

Trending graph for this CVE
CVE-2024-34163Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
CVSS 8.2Intel

-

Patched

Trending graph for this CVE
CVE-2024-34118Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS 5.5Adobe

-

Patched

Trending graph for this CVE
CVE-2024-34109Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.
CVSS 7.2Adobe

-

Patched

Trending graph for this CVE
CVE-2024-34108Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required
CVSS 7.2Adobe

-

Patched

Trending graph for this CVE
CVE-2024-34098 Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical Impact: Arbitrary code execution Severity: Critical
CVSS 7.8Adobe

-

Patched

Trending graph for this CVE
CVE-2024-3408man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server.
CVSS 9.8Man

Exploit

Patched

Trending graph for this CVE
CVE-2024-34009Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2024-3400A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
CVSS 10Paloaltonetworks

Exploit

Patched

Trending graph for this CVE
CVE-2024-33999The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-33996Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
CVSS 6.2

-

-

Trending graph for this CVE
CVE-2024-3385A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls
CVSS 7.5Paloaltonetworks

-

-

Trending graph for this CVE
CVE-2024-33792A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tracert page.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-3372Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.
CVSS 7.5Aptis-solutions, et al

-

Patched

Trending graph for this CVE
CVE-2024-33700The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption.
CVSS 7.5

Exploit

-

Trending graph for this CVE
CVE-2024-33657This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.
CVSS 7.8Ami

-

-

Trending graph for this CVE
CVE-2024-33624Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS 4.3Intel

-

-

Trending graph for this CVE
CVE-2024-33611Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access.
CVSS 3.4Intel

-

-

Trending graph for this CVE
CVE-2024-33066Memory corruption while redirecting log file to any file location with any file name.
CVSS 9.8Qualcomm

-

Patched

Trending graph for this CVE
CVE-2024-33065Memory corruption while taking snapshot when an offset variable is set by camera driver.
CVSS 7.8Qualcomm

-

Patched

Trending graph for this CVE
CVE-2024-33031Memory corruption while processing the update SIM PB records request.
CVSS 6.7Qualcomm

-

Patched

Trending graph for this CVE
CVE-2024-32992Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2024-32990Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability.
CVSS 6.1

-

-

Trending graph for this CVE
CVE-2024-32989Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability.
CVSS 3.3

-

-

Trending graph for this CVE
CVE-2024-32907In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8Google

-

Patched

Trending graph for this CVE
CVE-2024-32903In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8Google

-

Patched

Trending graph for this CVE
CVE-2024-32860Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS 8.2Dell

-

Patched

Trending graph for this CVE
CVE-2024-32859Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS 8.2Dell

-

Patched

Trending graph for this CVE
CVE-2024-32858Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS 8.2Dell

-

Patched

Trending graph for this CVE
CVE-2024-32856Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS 6Dell

-

Patched

Trending graph for this CVE
CVE-2024-32755Under certain circumstances the web interface will accept characters unrelated to the expected input.
CVSS 9.1Johnsoncontrols

-

-

Trending graph for this CVE
CVE-2024-32672A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0.
CVSS 5.3

-

-

Trending graph for this CVE
CVE-2024-32669 Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0.
CVSS 5.3Samsung

-

-

Trending graph for this CVE
CVE-2024-32653jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.
CVSS 6.1Jadx project

-

-

Trending graph for this CVE
CVE-2024-32646Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.
CVSS 5.3

-

Patched

Trending graph for this CVE
CVE-2024-32645Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.
CVSS 5.3

-

Patched

Trending graph for this CVE
CVE-2024-32498An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered during image upload or when attaching images to virtual machines. During this process, the affected OpenStack services could be tricked into reading or writing to the host with the equivalent privileges of QEMU. This bypasses isolation restrictions, significantly reducing the security of an affected compute host, and could enable arbitrary code execution, a denial of service, or leaking of secrets. If exploited, the immediate impact is limited to an individual compute host. However, if the attacker has access to multiple hosts and enough time to repeat it, they could potentially spread across all compute hosts.
CVSS 6.5Openstack

-

Patched

Trending graph for this CVE
CVE-2024-32485Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.
CVSS 3.9Intel

-

-

Trending graph for this CVE
CVE-2024-32371An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.
CVSS 7.5

Exploit

-

Trending graph for this CVE
CVE-2024-32048Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS 6.5Intel

-

-

Trending graph for this CVE
CVE-2024-32007An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 
CVSS 7.5Apache

-

Patched

Trending graph for this CVE
CVE-2024-31965A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information.
CVSS 4.2Mitel

-

-

Trending graph for this CVE
CVE-2024-31959An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution.
CVSS 8.4Samsung

-

-

Trending graph for this CVE
CVE-2024-31867Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS LowApache

-

Patched

Trending graph for this CVE
CVE-2024-31865Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS 6.5Apache

-

Patched

Trending graph for this CVE
CVE-2024-31862Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
CVSS 5.3Apache

-

Patched

Trending graph for this CVE
CVE-2024-31860Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
CVSS 6.5Apache

-

Patched

Trending graph for this CVE
CVE-2024-31841An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
CVSS 7.5Italtel

-

-

Trending graph for this CVE
CVE-2024-3181Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
CVSS 3.1Concretecms

-

Patched

Trending graph for this CVE
CVE-2024-3180Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
CVSS 3.1Concretecms

-

Patched

Trending graph for this CVE
CVE-2024-3179Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
CVSS 3.1Concretecms

-

Patched

Trending graph for this CVE
CVE-2024-3178Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .  
CVSS 3.1Concretecms

-

Patched

Trending graph for this CVE
CVE-2024-3177A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
CVSS 2.7Kubernetes

Exploit

Patched

Trending graph for this CVE
CVE-2024-3173Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
CVSS 8.8Google

Exploit

Patched

Trending graph for this CVE
CVE-2024-3152mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. These issues are due to the application's failure to properly validate user input before passing it to `prisma` functions and other critical operations. Affected versions include the latest version prior to 1.0.0.
CVSS 8.8Mintplexlabs

Exploit

Patched

Trending graph for this CVE