| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38178 | 0.14 | — | 0.39 | KEV | Aug 13, 2024 | Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2024-7399 | Hig | 0.78 | 8.8 | 0.92 | KEV | Aug 12, 2024 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | |
| CVE-2024-7694 | 0.12 | — | 0.02 | KEV | Aug 12, 2024 | ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | ||
| CVE-2024-41710 | 0.14 | — | 0.42 | KEV | Aug 12, 2024 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to… | ||
| CVE-2024-27443 | 0.15 | — | 0.20 | KEV | Aug 12, 2024 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An… | ||
| CVE-2024-38856 | 0.16 | — | 0.99 | KEV | Aug 5, 2024 | Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some… | ||
| CVE-2024-42009 | 0.19 | — | 0.83 | KEV | Aug 5, 2024 | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | ||
| CVE-2023-45249 | 0.22 | — | 0.54 | KEV | Jul 24, 2024 | Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis… | ||
| CVE-2024-21182 | Hig | 0.68 | 7.5 | 0.50 | KEV | Jul 16, 2024 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to… | |
| CVE-2024-5910 | 0.22 | — | 0.92 | KEV | Jul 10, 2024 | Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration… | ||
| CVE-2024-5217 | 0.20 | — | 1.00 | KEV | Jul 10, 2024 | ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The… | ||
| CVE-2024-4879 | 0.23 | — | 1.00 | KEV | Jul 10, 2024 | ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an… | ||
| CVE-2024-38094 | 0.24 | — | 0.55 | KEV | Jul 9, 2024 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2024-38112 | 0.19 | — | 0.84 | KEV | Jul 9, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-38080 | 0.13 | — | 0.07 | KEV | Jul 9, 2024 | Windows Hyper-V Elevation of Privilege Vulnerability | ||
| CVE-2024-39891 | 0.13 | — | 0.01 | KEV | Jul 2, 2024 | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing… | ||
| CVE-2024-38475 | 0.20 | — | 1.00 | KEV | Jul 1, 2024 | Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or… | ||
| CVE-2024-20399 | 0.12 | — | 0.04 | KEV | Jul 1, 2024 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation… | ||
| CVE-2024-36401 | 0.16 | — | 1.00 | KEV | Jul 1, 2024 | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a… | ||
| CVE-2024-4885 | 0.20 | — | 0.99 | KEV | Jun 25, 2024 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | ||
| CVE-2024-37085 | 0.24 | — | 0.27 | KEV | Jun 25, 2024 | VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vs… | ||
| CVE-2024-37079 | 0.19 | — | 0.22 | KEV | Jun 18, 2024 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||
| CVE-2024-6047 | 0.18 | — | 0.10 | KEV | Jun 17, 2024 | Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. | ||
| CVE-2024-32896 | 0.12 | — | 0.03 | KEV | Jun 13, 2024 | there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2024-34102 | 0.16 | — | 1.00 | KEV | Jun 13, 2024 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted… | ||
| CVE-2024-30088 | 0.25 | — | 0.68 | KEV | Jun 11, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2024-35250 | 0.19 | — | 0.25 | KEV | Jun 11, 2024 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-36971 | 0.12 | — | 0.03 | KEV | Jun 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear… | ||
| CVE-2024-4577 | 0.29 | — | 1.00 | KEV | Jun 9, 2024 | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions.… | ||
| CVE-2024-4610 | 0.12 | — | 0.01 | KEV | Jun 7, 2024 | Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from… | ||
| CVE-2024-37383 | 0.13 | — | 0.73 | KEV | Jun 7, 2024 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | ||
| CVE-2024-28995 | 0.23 | — | 1.00 | KEV | Jun 6, 2024 | SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | ||
| CVE-2024-29824 | 0.23 | — | 1.00 | KEV | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||
| CVE-2024-23692 | 0.16 | — | 0.99 | KEV | May 31, 2024 | Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of… | ||
| CVE-2024-4358 | 0.23 | — | 0.97 | KEV | May 29, 2024 | In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | ||
| CVE-2024-24919 | 0.29 | — | 1.00 | KEV | May 28, 2024 | Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. | ||
| CVE-2024-5274 | 0.13 | — | 0.10 | KEV | May 28, 2024 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-4978 | 0.13 | — | 0.27 | KEV | May 23, 2024 | Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands. | ||
| CVE-2024-4947 | 0.12 | — | 0.15 | KEV | May 15, 2024 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-30051 | 0.22 | — | 0.06 | KEV | May 14, 2024 | Windows DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2024-30040 | 0.14 | — | 0.04 | KEV | May 14, 2024 | Windows MSHTML Platform Security Feature Bypass Vulnerability | ||
| CVE-2024-4761 | 0.13 | — | 0.11 | KEV | May 14, 2024 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-4671 | 0.12 | — | 0.08 | KEV | May 9, 2024 | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-32113 | 0.23 | — | 0.99 | KEV | May 8, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | ||
| CVE-2023-50224 | 0.12 | — | 0.17 | KEV | May 3, 2024 | TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit… | ||
| CVE-2024-20359 | 0.12 | — | 0.17 | KEV | Apr 24, 2024 | A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to… | ||
| CVE-2024-20353 | 0.14 | — | 0.63 | KEV | Apr 24, 2024 | A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of… | ||
| CVE-2024-4040 | 0.23 | — | 1.00 | KEV | Apr 22, 2024 | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and… | ||
| CVE-2024-27348 | 0.16 | — | 0.99 | KEV | Apr 22, 2024 | RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | ||
| CVE-2024-3400 | 0.29 | — | 1.00 | KEV | Apr 12, 2024 | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root… |
- risk 0.14cvss —epss 0.39
Scripting Engine Memory Corruption Vulnerability
- risk 0.78cvss 8.8epss 0.92
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
- risk 0.12cvss —epss 0.02
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
- risk 0.14cvss —epss 0.42
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to…
- risk 0.15cvss —epss 0.20
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An…
- risk 0.16cvss —epss 0.99
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some…
- risk 0.19cvss —epss 0.83
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
- risk 0.22cvss —epss 0.54
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis…
- risk 0.68cvss 7.5epss 0.50
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to…
- risk 0.22cvss —epss 0.92
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration…
- risk 0.20cvss —epss 1.00
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The…
- risk 0.23cvss —epss 1.00
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an…
- risk 0.24cvss —epss 0.55
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.19cvss —epss 0.84
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.13cvss —epss 0.07
Windows Hyper-V Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.01
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing…
- risk 0.20cvss —epss 1.00
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or…
- risk 0.12cvss —epss 0.04
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation…
- risk 0.16cvss —epss 1.00
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a…
- risk 0.20cvss —epss 0.99
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
- risk 0.24cvss —epss 0.27
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vs…
- risk 0.19cvss —epss 0.22
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
- risk 0.18cvss —epss 0.10
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
- risk 0.12cvss —epss 0.03
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- risk 0.16cvss —epss 1.00
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted…
- risk 0.25cvss —epss 0.68
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.19cvss —epss 0.25
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.03
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear…
- risk 0.29cvss —epss 1.00
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions.…
- risk 0.12cvss —epss 0.01
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from…
- risk 0.13cvss —epss 0.73
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
- risk 0.23cvss —epss 1.00
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
- risk 0.23cvss —epss 1.00
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- risk 0.16cvss —epss 0.99
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of…
- risk 0.23cvss —epss 0.97
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
- risk 0.29cvss —epss 1.00
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
- risk 0.13cvss —epss 0.10
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.13cvss —epss 0.27
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
- risk 0.12cvss —epss 0.15
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.22cvss —epss 0.06
Windows DWM Core Library Elevation of Privilege Vulnerability
- risk 0.14cvss —epss 0.04
Windows MSHTML Platform Security Feature Bypass Vulnerability
- risk 0.13cvss —epss 0.11
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- risk 0.12cvss —epss 0.08
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- risk 0.23cvss —epss 0.99
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
- risk 0.12cvss —epss 0.17
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit…
- risk 0.12cvss —epss 0.17
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to…
- risk 0.14cvss —epss 0.63
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of…
- risk 0.23cvss —epss 1.00
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and…
- risk 0.16cvss —epss 0.99
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
- risk 0.29cvss —epss 1.00
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root…