Vulnerabilities (CVE)

Filtered by CWE-20
Total 11571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23198 1 Intel 14 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 11 more 2026-06-17 N/A 6.6 MEDIUM
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-22476 2026-06-17 N/A 10.0 CRITICAL
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
CVE-2024-22429 1 Dell 100 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 5000 and 97 more 2026-06-17 N/A 7.5 HIGH
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2024-22390 2026-06-17 N/A 4.4 MEDIUM
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.
CVE-2024-22382 2026-06-17 N/A 7.5 HIGH
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-22360 1 Ibm 1 Db2 2026-06-17 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.
CVE-2024-22338 1 Ibm 1 Security Verify Access Oidc Provider 2026-06-17 N/A 4.0 MEDIUM
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.
CVE-2024-22271 2026-06-17 N/A 8.2 HIGH
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published.
CVE-2024-22199 1 Gofiber 1 Django 2026-06-17 N/A 9.3 CRITICAL
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks.
CVE-2024-22120 1 Zabbix 1 Zabbix 2026-06-17 N/A 9.1 CRITICAL
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
CVE-2024-22117 1 Zabbix 1 Zabbix 2026-06-17 N/A 2.2 LOW
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.
CVE-2024-22095 2026-06-17 N/A 7.2 HIGH
Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-22065 1 Zte 2 Mf258k Pro, Mf258k Pro Firmware 2026-06-17 N/A 6.8 MEDIUM
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2024-22054 2026-06-17 N/A 7.5 HIGH
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
CVE-2024-22027 1 Ays-pro 1 Quiz Maker 2026-06-17 N/A 6.5 MEDIUM
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.
CVE-2024-22015 2026-06-17 N/A 6.5 MEDIUM
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access.
CVE-2024-21978 1 Amd 172 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 169 more 2026-06-17 N/A 6.0 MEDIUM
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
CVE-2024-21976 2026-06-17 N/A 8.8 HIGH
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21975 1 Amd 1 Ryzen Ai Software 2026-06-17 N/A 8.8 HIGH
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21974 1 Amd 1 Ryzen Ai Software 2026-06-17 N/A 8.8 HIGH
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.