Skip to main content
CVE-2024-38152 HIGH PATCH This Week

Windows OLE Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-38150 HIGH PATCH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 21h2 +7
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2024-38147 HIGH PATCH This Week

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 21h2 +7
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2024-38142 HIGH PATCH This Week

Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-38141 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2024-38135 HIGH PATCH This Week

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38134 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38133 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38127 HIGH PATCH This Week

Windows Hyper-V Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2024-38125 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
5.9%
CVE-2024-38117 HIGH PATCH This Week

NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38107 HIGH KEV PATCH THREAT This Week

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2024-38098 HIGH PATCH This Week

Azure Connected Machine Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Azure Connected Machine Agent
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-38084 HIGH PATCH This Week

Microsoft OfficePlus Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Officeplus
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-21757 HIGH This Week

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38787 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.26.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-41905 HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Sinec Traffic Analyzer
NVD
CVSS 4.0
7.6
EPSS
0.3%
CVE-2024-38198 HIGH PATCH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-38178 HIGH KEV PATCH THREAT This Week

Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Buffer Overflow Memory Corruption Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
39.2%
CVE-2024-38148 HIGH PATCH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 11 21H2 +5
NVD
CVSS 3.1
7.5
EPSS
31.8%
CVE-2024-38146 HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-38145 HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-38138 HIGH PATCH This Week

Windows Deployment Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-38132 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-38126 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-37968 HIGH PATCH This Week

Windows DNS Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-35124 HIGH This Week

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-43131 HIGH This Week

Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Docket
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-40697 HIGH This Week

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Brute Force Information Disclosure Common Licensing
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38749 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Olive One Click Demo Import
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38747 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38699 HIGH This Week

Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.5.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37935 HIGH This Week

Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41903 HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Sinec Traffic Analyzer
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-37015 HIGH This Week

An issue was discovered in Ada Web Server 20.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2022-23817 HIGH This Week

Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address. Rated high severity (CVSS 7.3). No vendor patch available.

Amd Privilege Escalation
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-43128 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.5.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Woocommerce Product Table
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-41977 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
7.3
EPSS
0.4%
CVE-2024-41908 HIGH This Week

A vulnerability has been identified in NX (All versions < V2406.3000). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-37287 HIGH This Week

A flaw allowing arbitrary code execution was discovered in Kibana. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Elastic RCE Kibana
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-43121 HIGH This Week

Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.3.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38170 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +1
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-5849 HIGH This Week

An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icdm Rx Tcp Socketserver Firmware Profinet Firmware Profinet Modbus Firmware Modbus Router Firmware +4
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-38502 HIGH This Week

An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icdm Rx Tcp Socketserver Firmware Profinet Firmware Profinet Modbus Firmware Modbus Router Firmware +4
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-38724 HIGH This Week

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-41978 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-38201 HIGH PATCH This Week

Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Microsoft Azure Stack Hub
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2024-38158 HIGH PATCH This Week

Azure IoT SDK Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Azure Iot Hub Device Client Sdk
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-38157 HIGH PATCH This Week

Azure IoT SDK Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0).

RCE Microsoft Azure Iot Hub Device Client Sdk
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2024-38137 HIGH PATCH This Week

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 21h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy