Vulnerabilities (CVE)

Filtered by CWE-20
Total 11572 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21975 1 Amd 1 Ryzen Ai Software 2026-06-17 N/A 8.8 HIGH
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21974 1 Amd 1 Ryzen Ai Software 2026-06-17 N/A 8.8 HIGH
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21949 1 Amd 1 Ryzen Ai Software 2026-06-17 N/A 5.5 MEDIUM
Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.
CVE-2024-21944 2026-06-17 N/A 5.3 MEDIUM
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
CVE-2024-21925 2026-06-17 N/A 8.2 HIGH
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
CVE-2024-21871 2026-06-17 N/A 7.5 HIGH
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21829 2026-06-17 N/A 7.5 HIGH
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21810 2026-06-17 N/A 8.8 HIGH
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21781 2026-06-17 N/A 7.2 HIGH
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.
CVE-2024-21625 1 Sidequestvr 1 Sidequest 2026-06-17 N/A 8.8 HIGH
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.
CVE-2024-21590 1 Juniper 1 Junos Os Evolved 2026-06-17 N/A 5.3 MEDIUM
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.
CVE-2024-21549 2026-06-17 N/A 8.6 HIGH
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745).
CVE-2024-21544 2026-06-17 N/A 8.6 HIGH
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.
CVE-2024-21519 1 Opencart 1 Opencart 2026-06-17 N/A 6.6 MEDIUM
This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.
CVE-2024-21476 1 Qualcomm 96 Aqt1000, Aqt1000 Firmware, Ar8035 and 93 more 2026-06-17 N/A 7.8 HIGH
Memory corruption when the channel ID passed by user is not validated and further used.
CVE-2024-21473 1 Qualcomm 254 Ar8035, Ar8035 Firmware, Ar9380 and 251 more 2026-06-17 N/A 9.8 CRITICAL
Memory corruption while redirecting log file to any file location with any file name.
CVE-2024-21453 1 Qualcomm 26 C-v2x 9150, C-v2x 9150 Firmware, Qcs410 and 23 more 2026-06-17 N/A 7.5 HIGH
Transient DOS while decoding message of size that exceeds the available system memory.
CVE-2024-21452 1 Qualcomm 12 C-v2x 9150, C-v2x 9150 Firmware, Qca6584au and 9 more 2026-06-17 N/A 7.3 HIGH
Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.
CVE-2024-21448 1 Microsoft 1 Teams 2026-06-17 N/A 5.0 MEDIUM
Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2024-21413 1 Microsoft 4 365 Apps, Office 2016, Office 2019 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Microsoft Outlook Remote Code Execution Vulnerability