Skip to main content
CVE-2024-43626 HIGH PATCH This Week

Windows Telephony Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43623 HIGH PATCH This Week

Windows NT OS Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2024-43530 HIGH PATCH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-21975 HIGH This Week

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ryzen Ai Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21974 HIGH This Week

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ryzen Ai Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21938 HIGH This Week

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Microsoft Management Plugin For Sccm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21937 HIGH This Week

Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Radeon Software Radeon Software For Hip
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7571 HIGH This Week

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49528 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49526 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-49514 HIGH This Week

Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-50323 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-50322 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2024-47906 HIGH This Week

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49560 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-49558 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49557 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-48837 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49521 HIGH This Week

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2024-49040 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.5
EPSS
7.7%
CVE-2024-49033 HIGH PATCH This Week

Microsoft Word Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-43642 HIGH PATCH This Week

Windows SMB Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 11 22h2 +5
NVD
CVSS 3.1
7.5
EPSS
62.3%
CVE-2024-43499 HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Visual Studio 2022
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-43452 HIGH PATCH This Week

Windows Registry Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.5
EPSS
24.3%
CVE-2024-43450 HIGH PATCH This Week

Windows DNS Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +4
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8495 HIGH This Week

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Connect Secure Policy Secure
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-52297 HIGH PATCH This Week

Tolgee is an open-source localization platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tolgee
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-50331 HIGH This Week

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50321 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50320 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
31.2%
CVE-2024-50319 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50318 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50317 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-47907 HIGH This Week

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti Denial Of Service Connect Secure
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-51564 HIGH This Week

A guest can trigger an infinite loop in the hda audio driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45289 HIGH This Week

The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-51721 HIGH This Week

A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other. Rated high severity (CVSS 7.3). No vendor patch available.

Code Injection
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-33505 HIGH This Week

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Fortinet Privilege Escalation Fortianalyzer +2
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-21958 HIGH This Week

Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Provisioning Console
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-21957 HIGH This Week

Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Management Console
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-21946 HIGH This Week

Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Ryzen Master Utility For Overclocking Control
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-21945 HIGH This Week

Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Ryzen Master Monitoring Software Development Kit
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-21939 HIGH This Week

Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Cloud Manageability Service
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-47941 HIGH This Week

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge Se2024
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-47940 HIGH This Week

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge Se2024
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-49042 HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft Azure Database For Postgresql Flexible Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-43613 HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft Azure Database For Postgresql Flexible Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-11006 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-11005 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-50328 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
Prev Page 4 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy