Skip to main content
CVE-2024-24245 HIGH This Week

An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Clamxav
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24694 HIGH This Week

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft Zoom
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-29061 HIGH PATCH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-29052 HIGH PATCH This Week

Windows Storage Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-29050 HIGH This Week

Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-28920 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +5
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-28907 HIGH This Week

Microsoft Brokering File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-28905 HIGH This Week

Microsoft Brokering File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-28904 HIGH This Week

Microsoft Brokering File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-26245 HIGH This Week

Windows SMB Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-26241 HIGH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-26239 HIGH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-26237 HIGH This Week

Windows Defender Credential Guard Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-26235 HIGH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-26230 HIGH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
24.3%
CVE-2024-26229 HIGH This Week

Windows CSC Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
9.4%
CVE-2024-26228 HIGH This Week

Windows Cryptographic Services Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-26218 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
12.9%
CVE-2024-26211 HIGH This Week

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2024-26175 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 21h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-26158 HIGH This Week

Microsoft Install Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
12.3%
CVE-2024-21447 HIGH This Week

Windows Authentication Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +4
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2024-20693 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-2501 HIGH This Week

The Hubbub Lite - Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-31457 HIGH PATCH This Week

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
7.7
EPSS
0.9%
CVE-2024-1794 HIGH PATCH This Week

The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Forminator
NVD VulDB
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-1792 HIGH This Week

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-7046 HIGH This Week

The WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1934 HIGH PATCH This Week

The WP Compress - Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Compress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31978 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-1308 HIGH This Week

The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-0952 HIGH PATCH This Week

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Erp
NVD VulDB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-1852 HIGH This Week

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Members
NVD VulDB
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-29045 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-28896 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-26254 HIGH This Week

Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2024-26248 HIGH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-26219 HIGH This Week

HTTP.sys Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2024-26215 HIGH This Week

DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-26212 HIGH This Week

DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
7.5
EPSS
62.6%
CVE-2024-23662 HIGH This Week

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-3046 HIGH This Week

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kura
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2975 HIGH This Week

A race condition was identified through which privilege escalation was possible in certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-1774 HIGH This Week

The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-26194 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-1812 HIGH PATCH This Week

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Everest Forms
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-26232 HIGH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-26216 HIGH This Week

Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-26275 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions <. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Jt2Go Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-1233 HIGH This Week

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
Prev Page 3 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy