Home / 2024 Advisories Archive

2024 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Industry Reference	Description
High	29 Aug 2024	14 May 2026	CPAI-2024-0686	CVE-2024-6366	WordPress User Profile Builder Plugin Arbitrary File Upload (CVE-2024-6366)
High	27 Oct 2024	7 May 2026	CPAI-2026-4163	CVE-2024-9264 CVE-2026-27876	Grafana SQL Injection (CVE-2024-9264; CVE-2026-27876)
Critical	15 Sep 2024	5 May 2026	CPAI-2025-12680	CVE-2024-28986 CVE-2024-28988 CVE-2025-26399 CVE-2025-40553	SolarWinds Web Help Desk Insecure Deserialization (CVE-2024-28986; CVE-2024-28988; CVE-2025-26399; CVE-2025-40553)
High	16 May 2024	4 May 2026	CPAI-2024-6177	CVE-2024-3721	TBK DVR Command Injection (CVE-2024-3721)
High	26 Feb 2024	29 Apr 2026	CPAI-2024-6143	CVE-2024-1708	ConnectWise ScreenConnect Remote Code Execution (CVE-2024-1708)
Critical	20 Feb 2024	23 Apr 2026	CPAI-2017-1803	CVE-2017-7921	Hikvision Multiple Products Improper Authentication (CVE-2017-7921)
Critical	2 Apr 2024	20 Apr 2026	CPAI-2023-3408	CVE-2022-32039 CVE-2022-32040 CVE-2022-32043 CVE-2023-37710 CVE-2023-37714 CVE-2023-37715 CVE-2023-37716 CVE-2023-37717 CVE-2023-37718 CVE-2023-37719 CVE-2023-37721 CVE-2023-37722 CVE-2023-37723 CVE-2023-51093	Tenda Multiple Products Stack Overflow (CVE-2022-32039; CVE-2022-32040; CVE-2022-32043; CVE-2023-37710; CVE-2023-37714; CVE-2023-37715; CVE-2023-37716; CVE-2023-37717; CVE-2023-37718; CVE-2023-37719; CVE-2023-37721; CVE-2023-37722; CVE-2023-37723; CVE-2023-51093)
Critical	4 Dec 2024	14 Apr 2026	CPAI-2026-2908	CVE-2024-39226 CVE-2026-26791 CVE-2026-26792 CVE-2026-26793 CVE-2026-26795	GL-iNet Multiple Products Command Injection (CVE-2024-39226; CVE-2026-26791; CVE-2026-26792; CVE-2026-26793; CVE-2026-26795)
Critical	24 Dec 2024	26 Mar 2026	CPAI-2024-5649	CVE-2024-56145	Craft CMS Remote Code Execution (CVE-2024-56145)
Critical	29 Aug 2024	26 Mar 2026	CPAI-2021-2978	CVE-2021-33044	Dahua Security Multiple Products Authentication Bypass (CVE-2021-33044)
Critical	11 Dec 2024	23 Mar 2026	CPAI-2024-1150	CVE-2024-45216	Apache Solr Authentication Bypass (CVE-2024-45216)
High	19 Dec 2024	22 Mar 2026	CPAI-2024-5589	CVE-2024-53376	CyberPanel Command Injection (CVE-2024-53376)
High	29 Feb 2024	19 Mar 2026	CPAI-2026-1857		TOTOLINK LR1200GB Authentication Bypass
Critical	5 Aug 2024	15 Mar 2026	CPAI-2024-5517	CVE-2024-31809 CVE-2024-42736 CVE-2024-42737 CVE-2024-42738 CVE-2024-42739 CVE-2024-42740 CVE-2024-42741 CVE-2024-42742 CVE-2024-42743 CVE-2024-42744 CVE-2024-42745 CVE-2024-42747 CVE-2024-42748 CVE-2024-43533	TOTOLINK Multiple Routers Command Injection (CVE-2024-31809; CVE-2024-42736; CVE-2024-42737; CVE-2024-42738; CVE-2024-42739; CVE-2024-42740; CVE-2024-42741; CVE-2024-42742; CVE-2024-42743; CVE-2024-42744; CVE-2024-42745; CVE-2024-42747; CVE-2024-42748; CVE-2024-43533)
Critical	25 Mar 2024	12 Mar 2026	CPAI-2023-1601	CVE-2023-23333	Contec Solarview Compact Firmware Command Injection (CVE-2023-23333)
Critical	29 Oct 2024	9 Mar 2026	CPAI-2025-12937	CVE-2024-8573 CVE-2024-8575 CVE-2024-8576 CVE-2024-8577 CVE-2024-8578 CVE-2024-8579 CVE-2025-5734 CVE-2025-5735 CVE-2025-5736 CVE-2025-5737 CVE-2025-5738 CVE-2025-5739 CVE-2025-5785 CVE-2025-5786	TOTOLINK Multiple Products Buffer Overflow (CVE-2024-8573; CVE-2024-8575; CVE-2024-8576; CVE-2024-8577; CVE-2024-8578; CVE-2024-8579; CVE-2025-5734; CVE-2025-5735; CVE-2025-5736; CVE-2025-5737; CVE-2025-5738; CVE-2025-5739; CVE-2025-5785; CVE-2025-5786)
High	11 Mar 2024	9 Mar 2026	CPAI-2022-3161	CVE-2022-35870	Inductive Automation Ignition Insecure Deserialization (CVE-2022-35870)
Critical	23 Dec 2024	8 Mar 2026	CPAI-2022-2160	CVE-2022-23227	NUUO NVRmini Authentication Bypass (CVE-2022-23227)
Critical	2 Apr 2024	2 Mar 2026	CPAI-2023-3244	CVE-2022-32039 CVE-2022-32040 CVE-2022-32043 CVE-2023-37710 CVE-2023-37714 CVE-2023-37715 CVE-2023-37716 CVE-2023-37717 CVE-2023-37718 CVE-2023-37719 CVE-2023-37721 CVE-2023-37722 CVE-2023-37723 CVE-2023-51093	Tenda Multiple Products Stack Overflow (CVE-2022-32039; CVE-2022-32040; CVE-2022-32043; CVE-2023-37710; CVE-2023-37714; CVE-2023-37715; CVE-2023-37716; CVE-2023-37717; CVE-2023-37718; CVE-2023-37719; CVE-2023-37721; CVE-2023-37722; CVE-2023-37723; CVE-2023-51093)
Critical	5 Nov 2024	2 Mar 2026	CPAI-2024-1036	CVE-2024-51567 CVE-2024-51568	CyberPanel Command Injection (CVE-2024-51567; CVE-2024-51568)
Critical	10 Jul 2024	1 Mar 2026	CPAI-2025-12690	CVE-2023-33831 CVE-2025-69985	Frangoteam FUXA Remote Code Execution (CVE-2023-33831; CVE-2025-69985)
High	29 Feb 2024	25 Feb 2026	CPAI-2025-12580	CVE-2023-50445 CVE-2025-67089	GL.iNet Devices Command Injection (CVE-2023-50445; CVE-2025-67089)
High	4 Jun 2024	24 Feb 2026	CPAI-2024-0352	CVE-2024-21683	Atlassian Confluence Remote Code Execution (CVE-2024-21683)
High	23 Dec 2024	19 Feb 2026	CPAI-2024-5506	CVE-2023-6909 CVE-2024-1483 CVE-2024-2928	LF Projects MLflow Path Traversal (CVE-2023-6909; CVE-2024-1483; CVE-2024-2928)
Critical	17 Jun 2024	17 Feb 2026	CPAI-2024-5470	CVE-2024-27348	Apache HugeGraph Remote Code Execution (CVE-2024-27348)
High	12 Aug 2024	15 Feb 2026	CPAI-2021-2929	CVE-2021-35215	SolarWinds Orion Platform Insecure Deserialization (CVE-2021-35215)
Critical	24 Nov 2024	9 Feb 2026	CPAI-2024-1048		ALFA Webshell Over HTTP
High	26 Sep 2024	9 Feb 2026	CPAI-2022-2132	CVE-2022-25369	DynamicWeb Authentication Bypass (CVE-2022-25369)
High	3 Sep 2024	9 Feb 2026	CPAI-2024-0737	CVE-2024-32766	myQNAPcloud Command Injection (CVE-2024-32766)
Critical	29 Jul 2024	9 Feb 2026	CPAI-2018-2779	CVE-2018-1000517	BusyBox Buffer Overflow (CVE-2018-1000517)
High	2 Dec 2024	9 Feb 2026	CPAI-2009-0623	CVE-2009-2754	Informix Storage Manager Buffer Overflow (CVE-2009-2754)
High	6 Jun 2024	9 Feb 2026	CPAI-2024-0348	CVE-2024-4367	PDF.js Cross-Site Scripting (CVE-2024-4367)
High	17 Jun 2024	9 Feb 2026	CPAI-2022-2061	CVE-2022-40152	FasterXML Woodstox XML Parser Buffer Overflow (CVE-2022-40152)
High	19 May 2024	9 Feb 2026	CPAI-2024-0264		Judge0 Command Injection
Medium	8 May 2024	9 Feb 2026	CPAI-2024-0258	CVE-2024-1883	PaperCut NG Reflected Cross-Site Scripting (CVE-2024-1883)
High	9 May 2024	9 Feb 2026	CPAI-2024-0237		Centreon Command Injection
Critical	1 Apr 2024	9 Feb 2026	CPAI-2024-0116		XStream Insecure Deserialization
Medium	26 Mar 2024	9 Feb 2026	CPAI-2018-2714	CVE-2018-8738	AirTies 5444 Firmware Cross-Site Scripting (CVE-2018-8738)
High	15 Jan 2024	9 Feb 2026	CPAI-2023-1450	CVE-2023-39677	Prestashop Module Information Disclosure (CVE-2023-39677)
Critical	29 Oct 2024	5 Feb 2026	CPAI-2025-10995	CVE-2024-8573 CVE-2024-8575 CVE-2024-8576 CVE-2024-8577 CVE-2024-8578 CVE-2024-8579 CVE-2025-5734 CVE-2025-5735 CVE-2025-5736 CVE-2025-5737 CVE-2025-5738 CVE-2025-5739 CVE-2025-5785 CVE-2025-5786	TOTOLINK Multiple Products Buffer Overflow (CVE-2024-8573; CVE-2024-8575; CVE-2024-8576; CVE-2024-8577; CVE-2024-8578; CVE-2024-8579; CVE-2025-5734; CVE-2025-5735; CVE-2025-5736; CVE-2025-5737; CVE-2025-5738; CVE-2025-5739; CVE-2025-5785; CVE-2025-5786)
Critical	28 Jul 2024	5 Feb 2026	CPAI-2026-0676	CVE-2023-37145 CVE-2023-37146 CVE-2023-37148 CVE-2023-37149 CVE-2024-36783 CVE-2026-1149 CVE-2026-1150	TOTOLINK LR350 Command Injection (CVE-2023-37145; CVE-2023-37146; CVE-2023-37148; CVE-2023-37149; CVE-2024-36783; CVE-2026-1149; CVE-2026-1150)
High	10 Oct 2024	2 Feb 2026	CPAI-2024-5326	CVE-2024-37404	Ivanti Remote Code Execution (CVE-2024-37404)
Critical	14 Mar 2024	29 Jan 2026	CPAI-2026-0563	CVE-2022-0944 CVE-2023-29827 CVE-2024-21534 CVE-2025-1302 CVE-2026-1470	Node.js Server-Side Template Injection (CVE-2022-0944; CVE-2023-29827; CVE-2024-21534; CVE-2025-1302; CVE-2026-1470)
Critical	4 Sep 2024	25 Jan 2026	CPAI-2024-5267	CVE-2024-37079	VMWare vCenter Server Integer Underflow (CVE-2024-37079)
High	5 May 2024	25 Jan 2026	CPAI-2024-0220	CVE-2024-27356	GL.iNET Devices Authentication Bypass (CVE-2024-27356)
Critical	21 Jul 2024	22 Jan 2026	CPAI-2024-0589	CVE-2024-4879 CVE-2024-5178 CVE-2024-5217	ServiceNow Server-Side Template Injection (CVE-2024-4879; CVE-2024-5178; CVE-2024-5217)
Critical	19 Mar 2024	22 Jan 2026	CPAI-2025-11153	CVE-2023-26612 CVE-2023-26616 CVE-2023-44831 CVE-2023-44833 CVE-2023-44838 CVE-2025-60331	D-Link DIR-823G Buffer Overflow (CVE-2023-26612; CVE-2023-26616; CVE-2023-44831; CVE-2023-44833; CVE-2023-44838; CVE-2025-60331)
Medium	28 Feb 2024	21 Jan 2026	CPAI-2020-4529	CVE-2020-14179 CVE-2020-36289	Atlassian Multiple Products Information Disclosure (CVE-2020-14179; CVE-2020-36289)
High	1 Jul 2024	20 Jan 2026	CPAI-2024-0509	CVE-2024-29848	Ivanti Avalanche Arbitrary File Upload (CVE-2024-29848)
Medium	12 May 2024	20 Jan 2026	CPAI-2016-1301	CVE-2016-0777	Sophos Unified Threat Management Software Information Disclosure (CVE-2016-0777)