Skip to main content
CVE-2024-49032 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-49031 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49030 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49029 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49028 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49027 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49026 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-49021 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Sql Server 2016 +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49019 HIGH PATCH This Week

Active Directory Certificate Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2024-43646 HIGH PATCH This Week

Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43645 HIGH PATCH This Week

Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43644 HIGH PATCH This Week

Windows Client-Side Caching Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43641 HIGH PATCH This Week

Windows Registry Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43640 HIGH PATCH This Week

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43636 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43631 HIGH PATCH This Week

Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43630 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Microsoft Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2024-43629 HIGH PATCH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2024-43626 HIGH PATCH This Week

Windows Telephony Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43623 HIGH PATCH This Week

Windows NT OS Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2024-43530 HIGH PATCH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-21975 HIGH This Week

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ryzen Ai Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21974 HIGH This Week

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ryzen Ai Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21938 HIGH This Week

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Microsoft Management Plugin For Sccm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21937 HIGH This Week

Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Radeon Software Radeon Software For Hip
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7571 HIGH This Week

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49528 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49526 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-49514 HIGH This Week

Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-50323 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-50322 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2024-47906 HIGH This Week

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49560 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-49558 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49557 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-48837 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49521 HIGH This Week

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2024-49040 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.5
EPSS
7.7%
CVE-2024-49033 HIGH PATCH This Week

Microsoft Word Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-43642 HIGH PATCH This Week

Windows SMB Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 11 22h2 +5
NVD
CVSS 3.1
7.5
EPSS
62.3%
CVE-2024-43499 HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Visual Studio 2022
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-43452 HIGH PATCH This Week

Windows Registry Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.5
EPSS
24.3%
CVE-2024-43450 HIGH PATCH This Week

Windows DNS Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +4
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8495 HIGH This Week

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Connect Secure Policy Secure
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-52297 HIGH PATCH This Week

Tolgee is an open-source localization platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tolgee
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-50331 HIGH This Week

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50321 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50320 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
31.2%
CVE-2024-50319 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50318 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy