LiveActive security incident?Get immediate response
CVE archive

2024 CVE Archive

Browse CVE records published in 2024 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 38376 matching CVEs · Page 1 of 768.

High · CVSS 7.5

CVE-2024-21523: All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected in...

All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.

Published Jul 10, 2024 · Updated Jul 9, 2026

Medium · CVSS 4.2

CVE-2024-41597: Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comm...

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.

Published Jul 19, 2024 · Updated Jul 9, 2026

Critical · CVSS 9.8

CVE-2024-36543: Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an...

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.

Published Jun 17, 2024 · Updated Jul 9, 2026