Skip to main content
CVE-2024-28139 HIGH This Week

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53290 HIGH This Week

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Thinos
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2024-9845 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8496 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11598 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Application Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11597 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Performance Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10251 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47758 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.6
EPSS
0.4%
CVE-2024-47761 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.5
EPSS
0.5%
CVE-2024-47760 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.5
EPSS
0.5%
CVE-2024-48912 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.2
EPSS
0.4%
CVE-2024-11840 HIGH This Week

The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi WordPress
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-12363 HIGH This Week

Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-53289 HIGH This Week

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Dell Thinos
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy