| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-4776 | Hig | 0.53 | 8.2 | 0.00 | May 14, 2024 | A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. | ||
| CVE-2024-4773 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. | ||
| CVE-2024-4771 | Hig | 0.56 | 8.6 | 0.01 | May 14, 2024 | A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126. | ||
| CVE-2024-4770 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||
| CVE-2024-4765 | Hig | 0.53 | 8.1 | 0.00 | May 14, 2024 | Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for… | ||
| CVE-2024-4367 | Hig | 0.59 | 8.8 | 0.73 | May 14, 2024 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||
| CVE-2024-27110 | Hig | 0.55 | 8.4 | 0.00 | May 14, 2024 | Elevation of privilege vulnerability in GE HealthCare EchoPAC products | ||
| CVE-2024-31491 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | ||
| CVE-2024-30051 | Hig | 0.69 | 7.8 | 0.06 | KEV | May 14, 2024 | Windows DWM Core Library Elevation of Privilege Vulnerability | |
| CVE-2024-30049 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | ||
| CVE-2024-30048 | Hig | 0.49 | 7.6 | 0.01 | May 14, 2024 | Dynamics 365 Customer Insights Spoofing Vulnerability | ||
| CVE-2024-30047 | Hig | 0.49 | 7.6 | 0.01 | May 14, 2024 | Dynamics 365 Customer Insights Spoofing Vulnerability | ||
| CVE-2024-30044 | Hig | 0.54 | 7.2 | 0.84 | May 14, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-30042 | Hig | 0.51 | 7.8 | 0.02 | May 14, 2024 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2024-30040 | Hig | 0.70 | 8.8 | 0.04 | KEV | May 14, 2024 | Windows MSHTML Platform Security Feature Bypass Vulnerability | |
| CVE-2024-30038 | Hig | 0.54 | 7.8 | 0.03 | May 14, 2024 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2024-30035 | Hig | 0.51 | 7.8 | 0.04 | May 14, 2024 | Windows DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2024-30033 | Hig | 0.46 | 7.0 | 0.01 | May 14, 2024 | Windows Search Service Elevation of Privilege Vulnerability | ||
| CVE-2024-30032 | Hig | 0.51 | 7.8 | 0.05 | May 14, 2024 | Windows DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2024-30031 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2024 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | ||
| CVE-2024-30030 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2024-30029 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30028 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2024-30027 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | NTFS Elevation of Privilege Vulnerability | ||
| CVE-2024-30025 | Hig | 0.51 | 7.8 | 0.04 | May 14, 2024 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-30024 | Hig | 0.49 | 7.5 | 0.02 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30023 | Hig | 0.49 | 7.5 | 0.02 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30022 | Hig | 0.49 | 7.5 | 0.02 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30020 | Hig | 0.53 | 8.1 | 0.01 | May 14, 2024 | Windows Cryptographic Services Remote Code Execution Vulnerability | ||
| CVE-2024-30018 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2024-30017 | Hig | 0.57 | 8.8 | 0.02 | May 14, 2024 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2024-30015 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30014 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30010 | Hig | 0.57 | 8.8 | 0.02 | May 14, 2024 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2024-30009 | Hig | 0.57 | 8.8 | 0.02 | May 14, 2024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||
| CVE-2024-30007 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | Microsoft Brokering File System Elevation of Privilege Vulnerability | ||
| CVE-2024-30006 | Hig | 0.57 | 8.8 | 0.02 | May 14, 2024 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||
| CVE-2024-29996 | Hig | 0.51 | 7.8 | 0.03 | May 14, 2024 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-29994 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | ||
| CVE-2024-27109 | Hig | 0.49 | 7.6 | 0.00 | May 14, 2024 | Insufficiently protected credentials in GE HealthCare EchoPAC products | ||
| CVE-2024-26238 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | ||
| CVE-2024-23105 | Hig | 0.49 | 7.5 | 0.00 | May 14, 2024 | A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. | ||
| CVE-2024-1630 | Hig | 0.50 | 7.7 | 0.00 | May 14, 2024 | Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component | ||
| CVE-2023-46714 | Hig | 0.47 | 7.2 | 0.01 | May 14, 2024 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests. | ||
| CVE-2023-40720 | Hig | 0.46 | 7.1 | 0.01 | May 14, 2024 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. | ||
| CVE-2024-4761 | Hig | 0.70 | 8.8 | 0.11 | KEV | May 14, 2024 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-3372 | Hig | 0.42 | 7.5 | 0.01 | May 14, 2024 | Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server… | ||
| CVE-2024-35010 | Hig | 0.57 | 8.8 | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6. | ||
| CVE-2024-35009 | Hig | 0.57 | 8.8 | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. | ||
| CVE-2024-34950 | Hig | 0.49 | 7.5 | 0.05 | May 14, 2024 | D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. |
- risk 0.53cvss 8.2epss 0.00
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
- risk 0.49cvss 7.5epss 0.01
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
- risk 0.56cvss 8.6epss 0.01
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
- risk 0.57cvss 8.8epss 0.01
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
- risk 0.53cvss 8.1epss 0.00
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for…
- risk 0.59cvss 8.8epss 0.73
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
- risk 0.55cvss 8.4epss 0.00
Elevation of privilege vulnerability in GE HealthCare EchoPAC products
- risk 0.57cvss 8.8epss 0.01
A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.
- risk 0.69cvss 7.8epss 0.06
Windows DWM Core Library Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- risk 0.49cvss 7.6epss 0.01
Dynamics 365 Customer Insights Spoofing Vulnerability
- risk 0.49cvss 7.6epss 0.01
Dynamics 365 Customer Insights Spoofing Vulnerability
- risk 0.54cvss 7.2epss 0.84
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.70cvss 8.8epss 0.04
Windows MSHTML Platform Security Feature Bypass Vulnerability
- risk 0.54cvss 7.8epss 0.03
Win32k Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.04
Windows DWM Core Library Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows Search Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.05
Windows DWM Core Library Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Win32k Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.01
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Win32k Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
NTFS Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.04
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Windows Cryptographic Services Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.01
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.01
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Microsoft Brokering File System Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
- risk 0.49cvss 7.6epss 0.00
Insufficiently protected credentials in GE HealthCare EchoPAC products
- risk 0.51cvss 7.8epss 0.01
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.00
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
- risk 0.50cvss 7.7epss 0.00
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
- risk 0.47cvss 7.2epss 0.01
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.
- risk 0.46cvss 7.1epss 0.01
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
- risk 0.70cvss 8.8epss 0.11
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 7.5epss 0.01
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server…
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
- risk 0.49cvss 7.5epss 0.05
D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.