Skip to main content
CVE-2024-50327 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50326 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
25.8%
CVE-2024-50324 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
18.2%
CVE-2024-11007 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-49049 HIGH PATCH This Week

Visual Studio Code Remote Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Authentication Bypass Remote Ssh
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-8539 HIGH This Week

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-10944 HIGH This Week

A Remote Code Execution vulnerability exists in the affected product. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-47595 HIGH This Week

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Host Agent
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-7516 HIGH This Week

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-10945 HIGH This Week

A Local Privilege Escalation vulnerability exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-37365 HIGH This Week

A remote code execution vulnerability exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Factorytalk View
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-47942 HIGH This Week

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Solid Edge Se2024
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-50313 MEDIUM This Month

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions <. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mendix
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-46892 MEDIUM This Month

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Ins
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-46891 MEDIUM This Month

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sinec Ins
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-46889 MEDIUM This Month

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sinec Ins
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-43643 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43638 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43637 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43634 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43449 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-2315 MEDIUM This Month

APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Aptio V
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-8881 MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-40592 MEDIUM This Month

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Jwt Attack Information Disclosure Fortinet Forticlient
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-32118 MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-31496 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow Fortianalyzer Fortianalyzer Big Data +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-49044 MEDIUM PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable.

Authentication Bypass Visual Studio 2022
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-28728 MEDIUM This Month

Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link XSS
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2024-49393 MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11110 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43633 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-43451 MEDIUM KEV PATCH THREAT This Month

NTLM Hash Disclosure Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
6.5
EPSS
81.8%
CVE-2024-9999 MEDIUM This Month

In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52296 MEDIUM PATCH This Month

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51566 MEDIUM This Month

The NVMe driver queue processing is vulernable to guest-induced infinite loops. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51565 MEDIUM This Month

The hda driver is vulnerable to a buffer over-read from a guest-controlled value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51563 MEDIUM This Month

The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51562 MEDIUM This Month

The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42372 MEDIUM This Month

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51722 MEDIUM This Month

A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10179 MEDIUM This Month

The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11168 MEDIUM This Month

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-11004 MEDIUM This Month

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-9357 MEDIUM This Month

The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-10685 MEDIUM PATCH This Month

The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form 7 Redirect Thank You Page
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2207 MEDIUM This Month

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated medium severity (CVSS 6.0). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-32116 MEDIUM This Month

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-38264 MEDIUM PATCH This Month

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +2
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2024-8535 MEDIUM This Month

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
5.8
EPSS
0.4%
CVE-2024-11079 MEDIUM PATCH This Month

A flaw was found in Ansible-Core.

RCE
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy