Skip to main content
CVE-2024-9412 HIGH This Week

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2024-43584 HIGH PATCH This Week

Windows Scripting Engine Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 +3
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-43574 HIGH PATCH This Week

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 21h2 +7
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2024-47822 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-46539 HIGH This Week

Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-9124 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Powerflex 6000T Firmware
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-43582 HIGH PATCH This Week

Remote Desktop Protocol Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2024-43573 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.1
EPSS
44.4%
CVE-2024-43604 HIGH PATCH This Week

Outlook for Android Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Google Microsoft Outlook
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2024-45880 HIGH This Week

A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-43590 HIGH PATCH This Week

Visual C++ Redistributable Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Visual C Redistributable Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-43616 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43601 HIGH PATCH This Week

Visual Studio Code for Linux Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-43576 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43572 HIGH KEV PATCH THREAT This Week

Microsoft Management Console Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
61.0%
CVE-2024-43563 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43560 HIGH PATCH This Week

Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2024-43556 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43551 HIGH PATCH This Week

Windows Storage Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43528 HIGH PATCH This Week

Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43527 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 11 24h2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43516 HIGH PATCH This Week

Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43514 HIGH PATCH This Week

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43509 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43505 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43504 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2024-43503 HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43501 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43497 HIGH PATCH This Week

DeepSpeed Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Deepspeed
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38261 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-37982 HIGH PATCH This Week

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-37979 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-9167 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Velocity License Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7612 HIGH This Week

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager Mobile
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8422 HIGH This Week

of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Zelio Soft 2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34662 HIGH This Week

Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-25885 HIGH This Week

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-43575 HIGH PATCH This Week

Windows Hyper-V Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows Server 2016 Windows Server 2019 Windows Server 2022 +1
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-43567 HIGH PATCH This Week

Windows Hyper-V Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-43565 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-43562 HIGH PATCH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-43545 HIGH PATCH This Week

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-43544 HIGH PATCH This Week

Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-43541 HIGH PATCH This Week

Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-43521 HIGH PATCH This Week

Windows Hyper-V Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2024-43515 HIGH PATCH This Week

Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-43512 HIGH PATCH This Week

Windows Standards-Based Storage Management Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-43506 HIGH PATCH This Week

BranchCache Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-38262 HIGH PATCH This Week

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-38149 HIGH PATCH This Week

BranchCache Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.5
EPSS
2.2%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy