Skip to main content
CVE-2024-29066 HIGH This Week

Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-29055 HIGH PATCH This Week

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Defender For Iot
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-29054 HIGH PATCH This Week

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Defender For Iot
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-26208 HIGH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-26202 HIGH This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2024-26195 HIGH This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2024-21324 HIGH This Week

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Defender For Iot
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-21322 HIGH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Microsoft Defender For Iot
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2024-27901 HIGH This Week

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-31367 HIGH This Week

Missing Authorization vulnerability in PenciDesign Soledad.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Soledad
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-2654 MEDIUM PATCH This Month

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal File Manager
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2024-31366 HIGH This Week

Missing Authorization vulnerability in Themify Post Type Builder (PTB).0.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-30262 HIGH PATCH This Week

Contao is an open source content management system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation Information Disclosure Contao
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-29062 HIGH PATCH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-20689 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Windows Server 2012
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2024-20688 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Windows Server 2012
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2024-31365 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-25115 HIGH This Week

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Redis
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-26243 HIGH This Week

Windows USB Print Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-26242 HIGH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2024-26236 HIGH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-26213 HIGH This Week

Microsoft Brokering File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2024-0376 MEDIUM PATCH This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Premium Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
3.0%
CVE-2024-27242 MEDIUM This Month

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Denial Of Service Zoom
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-28897 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-26253 MEDIUM This Month

Windows rndismp6.sys Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-26252 MEDIUM This Month

Windows rndismp6.sys Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-26168 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-2093 MEDIUM PATCH This Month

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Vk All In One Expansion Unit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27247 MEDIUM This Month

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Jwt Attack Zoom
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-28924 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-28921 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-28919 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-28903 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-26250 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-26234 MEDIUM This Month

Proxy Driver Spoofing Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.7
EPSS
4.9%
CVE-2024-26171 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20669 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20665 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-2325 MEDIUM PATCH This Month

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Link Library
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2024-1412 MEDIUM This Month

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Memberpress
NVD VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2023-6695 MEDIUM This Month

The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Beaver Themer
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-26233 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.6%
CVE-2024-26231 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2024-26227 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2024-26224 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.6%
CVE-2024-26223 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.6%
CVE-2024-26222 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2024-26221 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2024-1352 MEDIUM This Month

The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Classified Listing
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
Prev Page 4 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy