Vulnerabilities (CVE)

Filtered by CWE-20
Total 11538 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37917 1 Pexip 1 Pexip Infinity 2026-06-17 N/A 7.5 HIGH
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
CVE-2024-37794 2026-06-17 N/A 7.5 HIGH
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.
CVE-2024-37777 1 Zoneland 1 O2oa 2026-06-17 N/A 8.8 HIGH
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
CVE-2024-37406 2026-06-17 N/A 7.5 HIGH
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.
CVE-2024-37373 1 Ivanti 1 Avalanche 2026-06-17 N/A 7.2 HIGH
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVE-2024-37365 1 Rockwellautomation 1 Factorytalk View 2026-06-17 N/A 7.3 HIGH
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.
CVE-2024-37346 1 Absolute 1 Secure Access 2026-06-17 N/A 4.9 MEDIUM
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.
CVE-2024-37027 1 Intel 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler 2026-06-17 N/A 6.1 MEDIUM
Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-36745 1 Oneflow 1 Oneflow 2026-06-17 N/A 7.5 HIGH
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.
CVE-2024-36742 1 Oneflow 1 Oneflow 2026-06-17 N/A 7.5 HIGH
An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.
CVE-2024-36740 1 Oneflow 1 Oneflow 2026-06-17 N/A 7.5 HIGH
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.
CVE-2024-36737 1 Oneflow 1 Oneflow 2026-06-17 N/A 7.5 HIGH
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.
CVE-2024-36734 1 Oneflow 1 Oneflow 2026-06-17 N/A 7.5 HIGH
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.
CVE-2024-36482 1 Intel 1 Computing Improvement Program 2026-06-17 N/A 8.2 HIGH
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-36471 1 Apache 1 Allura 2026-06-17 N/A 7.5 HIGH
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.  Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
CVE-2024-36390 2 Canonical, Milesight 2 Ubuntu Linux, Devicehub 2026-06-17 N/A 7.5 HIGH
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
CVE-2024-36284 2026-06-17 N/A 5.5 MEDIUM
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-36282 2026-06-17 N/A 8.2 HIGH
Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-36226 1 Adobe 1 Experience Manager 2026-06-17 N/A 3.5 LOW
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
CVE-2024-36053 2026-06-17 N/A 9.0 CRITICAL
In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file.