Vulnerabilities (CVE)

Filtered by CWE-20
Total 11538 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-36047 1 Infoblox 1 Nios 2026-06-17 N/A 9.8 CRITICAL
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.
CVE-2024-35384 1 Cesanta 1 Mjs 2026-06-17 N/A 5.5 MEDIUM
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.
CVE-2024-35296 1 Apache 1 Traffic Server 2026-06-17 N/A 8.2 HIGH
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
CVE-2024-35227 1 Discourse 1 Discourse 2026-06-17 N/A 7.5 HIGH
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability.
CVE-2024-35212 1 Siemens 1 Sinec Traffic Analyzer 2026-06-17 N/A 6.2 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries.
CVE-2024-34693 1 Apache 1 Superset 2026-06-17 N/A 6.8 MEDIUM
Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.
CVE-2024-34545 1 Intel 1 Raid Web Console 2026-06-17 N/A 5.2 MEDIUM
Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2024-34473 2026-06-17 N/A 5.3 MEDIUM
An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components.
CVE-2024-34365 1 Apache 1 Karaf Cave 2026-06-17 N/A 9.1 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-34163 1 Intel 18 Nuc X15 Laptop Kit Lapac71g, Nuc X15 Laptop Kit Lapac71g Firmware, Nuc X15 Laptop Kit Lapac71h and 15 more 2026-06-17 N/A 7.5 HIGH
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
CVE-2024-34118 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2026-06-17 N/A 5.5 MEDIUM
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34109 1 Adobe 3 Commerce, Commerce Webhooks, Magento 2026-06-17 N/A 7.2 HIGH
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.
CVE-2024-34108 1 Adobe 3 Commerce, Commerce Webhooks, Magento 2026-06-17 N/A 9.1 CRITICAL
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed.
CVE-2024-34098 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2026-06-17 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34009 1 Moodle 1 Moodle 2026-06-17 N/A 7.5 HIGH
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVE-2024-33999 1 Moodle 1 Moodle 2026-06-17 N/A 9.8 CRITICAL
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVE-2024-33996 1 Moodle 1 Moodle 2026-06-17 N/A 6.2 MEDIUM
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
CVE-2024-33792 1 Netis-systems 2 Mex605, Mex605 Firmware 2026-06-17 N/A 9.8 CRITICAL
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.
CVE-2024-33700 1 Level1 2 Wbr-6012, Wbr-6012 Firmware 2026-06-17 N/A 7.5 HIGH
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption.
CVE-2024-33659 1 Ami 1 Aptio V 2026-06-17 N/A 8.8 HIGH
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.