U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-44160 - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
    Published: September 16, 2024; 8:15:50 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-44167 - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.
    Published: September 16, 2024; 8:15:51 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-44169 - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause une... read CVE-2024-44169
    Published: September 16, 2024; 8:15:51 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-44202 - An authentication issue was addressed with improved state management. This issue is fixed in iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.
    Published: September 16, 2024; 8:15:52 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-38860 - Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
    Published: September 17, 2024; 10:15:17 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-38861 - Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.
    Published: September 27, 2024; 5:15:02 AM -0400

    V3.1: 7.4 HIGH

  • CVE-2024-44193 - A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
    Published: October 02, 2024; 11:15:14 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-12353 - A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument n... read CVE-2024-12353
    Published: December 08, 2024; 9:15:18 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-12354 - A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is ... read CVE-2024-12354
    Published: December 08, 2024; 9:15:19 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-12355 - A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper inp... read CVE-2024-12355
    Published: December 08, 2024; 9:15:19 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-12357 - A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inc... read CVE-2024-12357
    Published: December 09, 2024; 12:15:06 AM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2024-12358 - A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initi... read CVE-2024-12358
    Published: December 09, 2024; 12:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-12359 - A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scriptin... read CVE-2024-12359
    Published: December 09, 2024; 12:15:07 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-12360 - A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql inject... read CVE-2024-12360
    Published: December 09, 2024; 12:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-12352 - A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer ... read CVE-2024-12352
    Published: December 08, 2024; 9:15:18 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-12344 - A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the ... read CVE-2024-12344
    Published: December 08, 2024; 6:15:04 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-12343 - A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionT... read CVE-2024-12343
    Published: December 08, 2024; 5:15:04 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-12234 - A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql ... read CVE-2024-12234
    Published: December 05, 2024; 12:15:11 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-12233 - A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argumen... read CVE-2024-12233
    Published: December 05, 2024; 12:15:11 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-2059 - A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo le... read CVE-2024-2059
    Published: March 01, 2024; 7:15:48 AM -0500

    V3.1: 7.2 HIGH

Created September 20, 2022 , Updated August 27, 2024