265 CVEs published in 2024. 163 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
265 fix guides from 2024 ⚠ 163 actively exploited (CISA KEV)CVE-2024-0012 is an authentication bypass in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-11120 is an OS command injection in GV-VS12. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-11680 is an authentication bypass in ProjectSend. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-1212 is an OS command injection in LoadMaster. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-12356 is an OS command injection in Remote Support. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2024-13159 is one of three matched Ivanti EPM path traversals fixed in the January 2025 Security Update. Same patch as CVE-2024-13161.
CVE-2024-13160 is one of three matched Ivanti EPM path traversals fixed in the January 2025 Security Update. Same patch as CVE-2024-13161.
CVE-2024-13161 is an absolute path traversal in Ivanti EPM. Part of the January 2025 Security Update bundle. Patch level and verification.
CVE-2024-1709 is an authentication bypass in ScreenConnect. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2024-20439 lets an unauthenticated attacker use static admin credentials in Cisco Smart Licensing Utility (CSLU). Patch and credential r
CVE-2024-21410 improper authentication in Microsoft Exchange Server 2016 Cumulative Update 23. Runnable upgrade commands and verification st
CVE-2024-21413 - Improper Input Validation in Microsoft Office 2019. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-21762 is the FortiOS sslvpnd out-of-bounds write affecting hundreds of thousands of FortiGates. Patched versions and SSL VPN disabl
CVE-2024-21887 is an OS command injection in ICS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-23113 is the FortiOS format string flaw in the fgfmd daemon that allows unauthenticated RCE. Affected versions, patched builds, IoC
CVE-2024-23692: a server-side template injection in HTTP File Server. Patched version and vendor advisory inside.
CVE-2024-27198 is an authentication bypass in TeamCity. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-28986 is the SolarWinds Web Help Desk Java deserialization flaw, the first of the SolarWinds WHD trio. Hotfix and verification step
CVE-2024-28987 is a hard-coded credentials in Web Help Desk. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2024-29824 is an unauth SQL injection in Ivanti Endpoint Manager Core server. Public PoC exists. Patched build per the Ivanti advisory.
CVE-2024-3272 is a hard-coded credentials in DNS-320L. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2024-3400 is the Palo Alto PAN-OS GlobalProtect zero-day that allowed unauthenticated command injection. Patch versions, hotfix steps, a
CVE-2024-34102 (CosmicSting) is the Adobe Commerce / Magento XXE that chains to unauthenticated RCE. Affected versions, patch and Cosmic Sti
CVE-2024-36401 is a code injection in geoserver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-37079 is a vulnerability in VMware vCenter Server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2024-38812 is a path traversal in VMware vCenter Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2024-4040 is a server-side template injection in CrushFTP. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2024-40711 lets unauthenticated attackers run code on Veeam Backup & Replication. Used by Akira and Fog ransomware. Patched build and ve
CVE-2024-41713 is a path traversal flaw in MiCollab. Verified patched version and mitigations from the official advisory.
CVE-2024-42009 is a cross-site scripting flaw in Webmail. Verified patched version and mitigations from the official advisory.
CVE-2024-43468 - SQL Injection in Microsoft Configuration Manager. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2024-4358 is an authentication bypass in Telerik Report Server. Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-45519 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-4577 is an OS command injection in PHP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-47575 (FortiJump) lets an attacker register a rogue FortiGate to FortiManager and execute code. Patch versions and forensic IoC ste
CVE-2024-4879 is an authentication bypass in Now Platform. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-4885 is a path traversal in WhatsUp Gold. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-50603 is an OS command injection in Controller. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-50623 is an unrestricted file upload flaw in In Cleo Harmony. Verified patched version and mitigations from the official advisory.
CVE-2024-51378 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-51567 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-5217 is a vulnerability in Now Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-54085 is an authentication bypass in MegaRAC-SPx. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-55591 lets unauthenticated attackers gain super-admin via the FortiOS/FortiProxy WebSocket node.js module. Patched builds and hunt
CVE-2024-55956 is a security vulnerability flaw in In Cleo Harmony. Verified patched version and mitigations from the official advisory.
CVE-2024-56145 is a code injection in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-57726 is a security vulnerability flaw in SimpleHelp remote support. Verified patched version and mitigations from the official adv
CVE-2024-57727 is a path traversal flaw in SimpleHelp remote support. Verified patched version and mitigations from the official advisory.
CVE-2024-57968 is an unrestricted file upload in VeraCore. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-58136 is an authentication bypass in Yii. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-5910 is an authentication bypass in Expedition. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-6047 is an OS command injection in GV_DSP_LPR_V2. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-6670 is a SQL injection in WhatsUp Gold. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-7262 is a path traversal in WPS Office. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-7593 lets an unauthenticated attacker bypass auth on Ivanti Virtual Traffic Manager (vTM) admin and create a new admin user. Patche
CVE-2024-8956 is an authentication bypass in PT30X-SDI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-8963 is a path traversal in CSA (Cloud Services Appliance). Verified patched version, official vendor advisory, and how to confirm
CVE-2024-9463 lets an unauthenticated attacker run OS commands on Palo Alto Networks Expedition migration tool. Patch and isolation steps.
CVE-2024-9465 is a SQL injection in Expedition. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-9537 is a vulnerability in SL1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-9680 is a memory corruption flaw in Firefox, Firefox ESR, Thunderbird. Verified patched version and mitigations from the official a
CVE-2024-1086 is an use-after-free in Kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-11667 is a Path Traversal flaw in Zyxel ATP series firmware. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-1708 is a Path Traversal flaw in Connectwise ScreenConnect. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-20353: a denial of service in Cisco Adaptive Security Appliance (ASA) . Patched version and vendor advisory inside.
CVE-2024-20767 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2024-20953 - Insecure Deserialization in Agile PLM Framework. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-21287 - Security Vulnerability in Oracle Agile PLM Framework. Runnable patch commands, mitigation snippets, and verification steps
CVE-2024-21338 is a untrusted pointer dereference in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify
CVE-2024-21351 improper control of generation of code ('code injection') in Windows 11 Version 23H2. Runnable upgrade commands and verificat
CVE-2024-21412 is a protection mechanism failure in Windows 11 Version 21H2. Patched version, runnable upgrade commands, and how to verify t
CVE-2024-21893 is a vulnerability in ICS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-24919: an information disclosure in Check Point Quantum Gateway. Patched version and vendor advisory inside.
CVE-2024-26169 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-27199 is a Path Traversal flaw in Jetbrains TeamCity. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-28995 is a path traversal in SolarWinds Serv-U. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-29059 - Information Disclosure in Microsoft .NET Framework 4.8. Runnable patch commands, mitigation snippets, and verification step
CVE-2024-29988 is a protection mechanism failure in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify t
CVE-2024-30040 is a improper input validation in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2024-30051 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2024-30088 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-3273 is a Command Injection flaw in D-link DNS-320L. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-3393 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-35250 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38014 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38080 - Integer Overflow in Windows Server 2022. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2024-38094 - Insecure Deserialization in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this p
CVE-2024-38106 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38107 - Use-After-Free in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2024-38112 - Spoofing Vulnerability in Windows 10 Version 22H2. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-38178 - Memory Corruption in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2024-38189 - Improper Input Validation in Microsoft Office 2019. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-38193 - Use-After-Free in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2024-38226 - Security Vulnerability in Microsoft Office 2019. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38813: Improper Check for Dropped Privileges in N/a VMware Cloud Foundation. Patched builds and fix steps.
CVE-2024-40890 is an OS command injection in VMG4325-B10A firmware. Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-40891 is an OS command injection in VMG4325-B10A firmware. Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-43047 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-43461 - Spoofing Vulnerability in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-43572 - Remote Code Execution in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2024-4610 is an use-after-free flaw in Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver. Verified patched version and mitigations fr
CVE-2024-48248 is a path traversal in Backup & Replication Director. Verified patched version, official vendor advisory, and how to confirm
CVE-2024-49035 - Privilege Escalation in Microsoft Partner Center. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2024-49039 - Authentication Bypass in Windows Server 2025. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2024-49138 - Heap Buffer Overflow in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-4978 is a Embedded Malicious Code flaw in Justice Av Solutions Viewer. Actively exploited per CISA KEV. Verified patched builds and
CVE-2024-57728 is a path traversal flaw in SimpleHelp remote support. Verified patched version and mitigations from the official advisory.
CVE-2024-7399 is a path traversal in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-7694: Unrestricted File Upload in Teamt5 ThreatSonar Anti-Ransomware. Patched builds and fix steps.
CVE-2024-8190: an OS command injection in CSA (Cloud Services Appliance). Patched version and vendor advisory inside.
CVE-2024-8957 is a OS Command Injection flaw in Ptzoptics PT30X-NDI. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-9380: an OS command injection in CSA (Cloud Services Appliance). Patched version and vendor advisory inside.
CVE-2024-0769 is a Path Traversal flaw in D-link DIR-859. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-11182 is a Cross-Site Scripting flaw in Mdaemon Email Server. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2024-12686: OS Command Injection in Beyondtrust Remote Support(RS) & Privileged Remote Access(PRA). Patched builds and fix steps.
CVE-2024-12987 is a OS Command Injection flaw in Draytek Vigor2960. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-20359: a code injection in Cisco Adaptive Security Appliance (ASA) . Patched version and vendor advisory inside.
CVE-2024-20399 is an OS command injection in Cisco NX-OS Software. Verified patched version, official vendor advisory, and how to confirm th
CVE-2024-20481: an OS command injection in Cisco Adaptive Security Appliance (ASA) . Patched version and vendor advisory inside.
CVE-2024-27443 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2024-37085 is a Authentication Bypass flaw in N/a VMware Cloud Foundation. Actively exploited per CISA KEV. Verified patched builds and
CVE-2024-37383 is a cross-site scripting flaw in Roundcube Webmail. Verified patched version and mitigations from the official advisory.
CVE-2024-38213 - Security Bypass in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pa
CVE-2024-38217 - Security Vulnerability in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-39717 is a Security Vulnerability flaw in Versa Director. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-39891 is a Security Vulnerability flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-41710 is a security vulnerability flaw in SIP Phones. Verified patched version and mitigations from the official advisory.
CVE-2024-43451 - Spoofing Vulnerability in Windows Server 2025. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2024-43573 - Cross-Site Scripting in Windows 10 Version 22H2. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-55550 is a remote code execution flaw in Mitel MiCollab through. Verified patched version and mitigations from the official advisor
CVE-2024-8068 is a Privilege Escalation flaw in Citrix Citrix Session Recording. Actively exploited per CISA KEV. Verified patched builds an
CVE-2024-8069: Insecure Deserialization in Citrix Session Recording Citrix Session Recording. Patched builds and fix steps.
CVE-2024-9379 is a SQL injection in CSA (Cloud Services Appliance). Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-9474 is an OS command injection in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-0519 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-23222 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-23225 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-23296 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-23897 is a Security Vulnerability flaw in Jenkins Project Jenkins. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2024-27348: Command Execution Vulnerability in Apache Software Foundation Apache HugeGraph-Server. Patched builds and fix steps.
CVE-2024-29745 is a Information Disclosure flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-29748 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-32113 is a Path Traversal flaw in Apache Software Foundation Apache OFBiz. Actively exploited per CISA KEV. Verified patched builds
CVE-2024-32896 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-36971 is a Remote Code Execution flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-38475: Improper Encoding or Escaping of Output in Apache Software Foundation Apache HTTP Server. Patched builds and fix steps.
CVE-2024-38856: Incorrect Authorization in Apache Software Foundation Apache OFBiz. Patched builds and fix steps.
CVE-2024-40766 is a Improper Access Control flaw in Sonicwall SonicOS. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2024-43093 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-44308 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-44309 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-45195 is a Direct Request flaw in Apache Software Foundation Apache OFBiz. Actively exploited per CISA KEV. Verified patched builds
CVE-2024-4671 is a Use-After-Free flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-4761 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-4947 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-50302 is a Security Vulnerability flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-5274 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53104 is a Out-of-Bounds Memory Access flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53150 is a Out-of-Bounds Memory Access flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53197 is a Out-of-Bounds Memory Access flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53704 is a Authentication Bypass flaw in Sonicwall SonicOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-7965 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-7971 is a Type Confusion flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-0138 is a vulnerability in NVIDIA Base Command Manager. CVSS 9.8 Critical. Verified patch steps and mitigations.
CWE-22 in GitLab. Critical severity. Verified patched versions and remediation steps.
CVE-2024-10811 is a vulnerability in Ivanti Endpoint Manager. CVSS 9.8 Critical. Verified patch steps and mitigations.
Authentication Bypass in Cloud Services Application (Ivanti). Critical severity. Verified patched versions and remediation steps.
CVE-2024-20252: Cisco TelePresence Video Communication Server (VCS) Expressway flaw. CVSS 9.6 Critical. Verified patch and mitigation steps
Deserialization of Untrusted Data in Cisco Packaged Contact Center Enterprise. Critical severity. Verified patched versions and remediation
CVE-2024-20254: Cisco TelePresence Video Communication Server (VCS) Expressway flaw. CVSS 9.6 Critical. Verified patch and mitigation steps
Improper Neutralization of Expression/Command Delimiters in Cisco Adaptive Security Appliance (ASA) Software. Critical severity. Verified pa
CVE-2024-20401 is a vulnerability in Cisco Secure Email. CVSS 9.8 Critical. Verified patch steps and mitigations.
Command Injection in Cisco Aironet Access Point Software (IOS XE Controller). Critical severity. Verified patched versions and remediation s
Unverified Password Change in Cisco Smart Software Manager On-Prem. Critical severity. Verified patched versions and remediation steps.
CWE-78 in Cisco Firepower Management Center. Critical severity. Verified patched versions and remediation steps.
Command Injection in Cisco Data Center Network Manager. Critical severity. Verified patched versions and remediation steps.
CVE-2024-20450 is a vulnerability in Cisco Small Business IP Phones. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-20454 is a vulnerability in Cisco Small Business IP Phones. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-20738 is a vulnerability in Adobe Framemaker Publishing Server. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-21646 is a vulnerability in Azure azure-uamqp-c. CVSS 9.8 Critical. Verified patch steps and mitigations.
Improper Verification of Cryptographic Signature in aries-cloudagent-python (Hyperledger). Critical severity. Verified patched versions and
CVE-2024-21795 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-21812 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
Out-of-bounds Read in Nest Wifi Pro (Google). Critical severity. Verified patched versions and remediation steps.
CVE-2024-22097 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
Improper Control of Generation of Code ('Code Injection' in Zabbix. Critical severity. Verified patched versions and remediation steps.
CVE-2024-22245 is a vulnerability in Vmware VMware Enhanced Authentication Plug-in (EAP). CVSS 9.6 Critical. Verified patch steps and mitiga
CVE-2024-22320 is a vulnerability in IBM Operational Decision Manager. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-23108 is a vulnerability in Fortinet FortiSIEM. CVSS 9.7 Critical. Verified patch steps and mitigations.
CVE-2024-23109 is a vulnerability in Fortinet FortiSIEM. CVSS 9.7 Critical. Verified patch steps and mitigations.
CVE-2024-23305 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-23310 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-23313 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-23466 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23467 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23469 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23470 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23471 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23472 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23475 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23476 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-23479 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
SQL Injection in Apache Fineract (Apache Software Foundation). Critical severity. Verified patched versions and remediation steps.
CVE-2024-23606 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-23619 is a vulnerability in IBM Merge Healthcare eFilm Workstation . CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in eFilm Workstation (Ibm Merge Healthcare). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in eFilm Workstation (Ibm Merge Healthcare). Critical severity. Verified patched versions and remediation steps.
CVE-2024-23809 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-24996 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-25110 is a vulnerability in Azure azure-uamqp-c. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-27099 is a vulnerability in Azure azure-uamqp-c. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-28074 is a vulnerability in Solarwinds Access Rights Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-28878 is a vulnerability in Iosix IO-1020 Micro ELD. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-28988 is a vulnerability in Solarwinds Web Help Desk. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-29204 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in Service Provider Console (Veeam). Critical severity. Verified patched versions and remediation steps.
CVE-2024-29822 is a vulnerability in Ivanti EPM. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-29823 is a vulnerability in Ivanti EPM. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-29825 is a vulnerability in Ivanti EPM. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-29826 is a vulnerability in Ivanti EPM. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-29827 is a vulnerability in Ivanti EPM. CVSS 9.6 Critical. Verified patch steps and mitigations.
Remote Code Execution in EPM (Ivanti). Critical severity. Verified patched versions and remediation steps.
CVE-2024-29849 is a vulnerability in Veeam Backup & Replication. CVSS 9.8 Critical. Verified patch steps and mitigations.
Privilege Escalation in Adobe Framemaker Publishing Server. Critical severity. Verified patched versions and remediation steps.
CVE-2024-30300 is a vulnerability in Adobe Framemaker Publishing Server. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-3229 is a vulnerability in Wordpresschef Salon Booking System – Free Version. CVSS 9.8 Critical. Verified patch steps and mitigatio
CVE-2024-33006: SAP Se SAP NetWeaver Application Server ABAP and ABAP Platform flaw. CVSS 9.6 Critical. Verified patch and mitigation steps
CVE-2024-36130 is a vulnerability in Ivanti EPMM. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-37084 is a vulnerability in Spring Spring Cloud Data Flow. CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in Kibana (Elastic). Critical severity. Verified patched versions and remediation steps.
Authentication Bypass in Veeam Service Provider Console. Critical severity. Verified patched versions and remediation steps.
CVE-2024-38824 is a vulnerability in Vmware SALT. CVSS 9.6 Critical. Verified patch steps and mitigations.
Remote Code Execution in Veeam Service Provider Console. Critical severity. Verified patched versions and remediation steps.
CVE-2024-41730 is a vulnerability in SAP Se SAP BusinessObjects Business Intelligence Platform. CVSS 9.8 Critical. Verified patch steps and
CVE-2024-41779 is a vulnerability in IBM Engineering Systems Design Rhapsody - Model Manager. CVSS 9.8 Critical. Verified patch steps and mi
CVE-2024-41787 is a vulnerability in IBM Engineering Requirements Management DOORS Next. CVSS 9.8 Critical. Verified patch steps and mitigat
CVE-2024-41874 is a vulnerability in Adobe ColdFusion. CVSS 9.8 Critical. Verified patch steps and mitigations.
SQL Injection in Zabbix. Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in Service Provider Console (Veeam). Critical severity. Verified patched versions and remediation steps.
CVE-2024-43153 is a vulnerability in Wofficeio Woffice. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-43234 is a vulnerability in Wofficeio Woffice. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-4466 is a vulnerability in Centros Digitales Gescen. CVSS 9.8 Critical. Verified patch steps and mitigations.
Unrestricted Upload of File with Dangerous Type in webMethods Integration (Ibm). Critical severity. Verified patched versions and remediatio
CVE-2024-45115 is a vulnerability in Adobe Commerce. CVSS 9.8 Critical. Verified patch steps and mitigations.
SQL Injection in Apache Traffic Control (Apache Software Foundation). Critical severity. Verified patched versions and remediation steps.
CVE-2024-45656 is a vulnerability in IBM Flexible Service Processor. CVSS 9.8 Critical. Verified patch steps and mitigations.
Out-of-bounds Write in Android (Google). Critical severity. Verified patched versions and remediation steps.
Information Disclosure in Android (Google). Critical severity. Verified patched versions and remediation steps.
Use After Free in Android (Google). Critical severity. Verified patched versions and remediation steps.
CVE-2024-48904 is a vulnerability in Trend Micro, Inc. Trend Micro Cloud Edge. CVSS 9.8 Critical. Verified patch steps and mitigations.
Arbitrary File Upload in Affiliator (Vasileios Kerasiotis). Critical severity. Verified patched versions and remediation steps.
CVE-2024-49803 is a vulnerability in IBM Security Verify Access. CVSS 9.8 Critical. Verified patch steps and mitigations.
Authentication Bypass in Enterprise Server (Github). Critical severity. Verified patched versions and remediation steps.
CVE-2024-50330 is a vulnerability in Ivanti Endpoint Manager. CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in Apache MINA (Apache Software Foundation). Critical severity. Verified patched versions and remediation steps.
SQL Injection in TAX SERVICE Electronic HDM (Hk Digital Agency Llc). Critical severity. Verified patched versions and remediation steps.
CVE-2024-5514 is a vulnerability in Minmax Digital Technology MinMax CMS. CVSS 9.8 Critical. Verified patch steps and mitigations.
Process Control in AIX (Ibm). Critical severity. Verified patched versions and remediation steps.
CVE-2024-56347 is a vulnerability in IBM AIX. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-5655 is a vulnerability in Gitlab GitLab. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2024-6385 is a vulnerability in Gitlab GitLab. CVSS 9.6 Critical. Verified patch steps and mitigations.
Authentication Bypass by Spoofing in GitLab. Critical severity. Verified patched versions and remediation steps.
Cross-Site Scripting in Gitea Open Source Git Server. Critical severity. Verified patched versions and remediation steps.
CVE-2024-8584 is a vulnerability in Learning Digital Orca HCM. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2024-9486 is a vulnerability in Kubernetes Image Builder. CVSS 9.8 Critical. Verified patch steps and mitigations.