Skip to main content
CVE-2024-21380 HIGH PATCH This Week

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Dynamics 365 Business Central
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2024-20673 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-21384 HIGH PATCH This Week

Microsoft Office OneNote Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-21379 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft 365 Apps Office +2
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2024-21363 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-21354 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-21346 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 Windows Server 2022 23h2
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2024-21315 HIGH PATCH This Week

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Defender For Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-24925 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24924 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24923 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24922 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24921 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24920 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23804 HIGH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23803 HIGH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23802 HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23798 HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23797 HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23796 HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23795 HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22042 HIGH This Week

A vulnerability has been identified in Unicam FX (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Unicam Fx
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21396 HIGH PATCH This Week

Dynamics 365 Sales Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.2%
CVE-2024-21394 HIGH PATCH This Week

Dynamics 365 Field Service Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.1%
CVE-2024-21393 HIGH PATCH This Week

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.2%
CVE-2024-21389 HIGH PATCH This Week

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.2%
CVE-2024-21351 HIGH KEV PATCH THREAT This Week

Windows SmartScreen Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.6
EPSS
30.3%
CVE-2024-21328 HIGH PATCH This Week

Dynamics 365 Sales Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2024-21327 HIGH PATCH This Week

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2024-22129 HIGH This Week

SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Companion
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-21406 HIGH PATCH This Week

Windows Printing Service Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-21348 HIGH PATCH This Week

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Denial Of Service Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-21347 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-21343 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-21342 HIGH PATCH This Week

Windows DNS Client Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 11 22h2 Windows 11 23h2 Windows Server 2022 23h2
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-20667 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Azure Devops Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-24781 HIGH This Week

An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service F30 03X Yy Com Firmware F30 03X Yy Cpu Firmware F35 03X Yy Com Firmware F35 03X Yy Cpu Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1309 HIGH This Week

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.8.1, before Niagara 4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Denial Of Service Microsoft Niagara Framework
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-24743 HIGH This Week

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-25407 HIGH This Week

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steve
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25642 HIGH This Week

Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure SAP Cloud Connector
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-21329 HIGH PATCH This Week

Azure Connected Machine Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Microsoft Azure Connected Machine Agent
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2024-22445 HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Dell Powerprotect Data Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-22131 HIGH This Week

In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE SAP Abap Platform
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-25121 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-21402 HIGH PATCH This Week

Microsoft Outlook Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Authentication Bypass Microsoft 365 Apps
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-23440 HIGH This Week

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vba32
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-23439 HIGH This Week

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vba32
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-21405 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-21371 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
10.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy