31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 301–350 of 1,619 in KEV · page 7 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2024-4879 | ServiceNow Improper Input Validation Vulnerability KEVServiceNow | ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user coul… |
| CVE-2024-48248 | NAKIVO Backup and Replication Absolute Path Traversal Vulnerability KEVNAKIVO | NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files. |
| CVE-2024-4761 | Google Chromium V8 Out-of-Bounds Memory Write Vulnerability KEVGoogle | Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple we… |
| CVE-2024-47575 | Fortinet FortiManager Missing Authentication Vulnerability KEVFortinet | Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary c… |
| CVE-2024-4671 | Google Chromium Visuals Use-After-Free Vulnerability KEVGoogle | Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerab… |
| CVE-2024-4610 | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability KEVArm | Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processi… |
| CVE-2024-4577 | PHP-CGI OS Command Injection Vulnerability KEVPHP Group | PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerabili… |
| CVE-2024-45519 | Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute com… |
| CVE-2024-45195 | Apache OFBiz Forced Browsing Vulnerability KEVApache | Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access. |
| CVE-2024-44309 | Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability KEVApple | Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site s… |
| CVE-2024-44308 | Apple Multiple Products Code Execution Vulnerability KEVApple | Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code… |
| CVE-2024-4358 | Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability KEVProgress | Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access. |
| CVE-2024-43573 | Microsoft Windows MSHTML Platform Spoofing Vulnerability KEVMicrosoft | Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality. |
| CVE-2024-43572 | Microsoft Windows Management Console Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution. |
| CVE-2024-43468 | Microsoft Configuration Manager SQL Injection Vulnerability KEVMicrosoft | Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially craf… |
| CVE-2024-43461 | Microsoft Windows MSHTML Platform Spoofing Vulnerability KEVMicrosoft | Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web… |
| CVE-2024-43451 | Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability KEVMicrosoft | Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation.… |
| CVE-2024-43093 | Android Framework Privilege Escalation Vulnerability KEVAndroid | Android Framework contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2024-43047 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability KEVQualcomm | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory. |
| CVE-2024-42009 | RoundCube Webmail Cross-Site Scripting Vulnerability KEVRoundcube | RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a cr… |
| CVE-2024-41713 | Mitel MiCollab Path Traversal Vulnerability KEVMitel | Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be … |
| CVE-2024-41710 | Mitel SIP Phones Argument Injection Vulnerability KEVMitel | Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficien… |
| CVE-2024-40891 | Zyxel DSL CPE OS Command Injection Vulnerability KEVZyxel | Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attac… |
| CVE-2024-40890 | Zyxel DSL CPE OS Command Injection Vulnerability KEVZyxel | Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to e… |
| CVE-2024-40766 | SonicWall SonicOS Improper Access Control Vulnerability KEVSonicWall | SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause th… |
| CVE-2024-40711 | Veeam Backup and Replication Deserialization Vulnerability KEVVeeam | Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. |
| CVE-2024-4040 | CrushFTP VFS Sandbox Escape Vulnerability KEVCrushFTP | CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS). |
| CVE-2024-39891 | Twilio Authy Information Disclosure Vulnerability KEVTwilio | Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number … |
| CVE-2024-39717 | Versa Director Dangerous File Type Upload Vulnerability KEVVersa | The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or … |
| CVE-2024-38856 | Apache OFBiz Incorrect Authorization Vulnerability KEVApache | Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user pro… |
| CVE-2024-38813 | VMware vCenter Server Privilege Escalation Vulnerability KEVVMware | VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter S… |
| CVE-2024-38812 | VMware vCenter Server Heap-Based Buffer Overflow Vulnerability KEVVMware | VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attac… |
| CVE-2024-38475 | Apache HTTP Server Improper Escaping of Output Vulnerability KEVApache | Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are pe… |
| CVE-2024-38226 | Microsoft Publisher Protection Mechanism Failure Vulnerability KEVMicrosoft | Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malic… |
| CVE-2024-38217 | Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability KEVMicrosoft | Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can … |
| CVE-2024-38213 | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a maliciou… |
| CVE-2024-38193 | Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker t… |
| CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file. |
| CVE-2024-38178 | Microsoft Windows Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a spec… |
| CVE-2024-38112 | Microsoft Windows MSHTML Platform Spoofing Vulnerability KEVMicrosoft | Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. |
| CVE-2024-38107 | Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain … |
| CVE-2024-38106 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Succe… |
| CVE-2024-38094 | Microsoft SharePoint Deserialization Vulnerability KEVMicrosoft | Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. |
| CVE-2024-38080 | Microsoft Windows Hyper-V Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. |
| CVE-2024-38014 | Microsoft Windows Installer Improper Privilege Management Vulnerability KEVMicrosoft | Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges. |
| CVE-2024-37383 | RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability KEVRoundcube | RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious … |
| CVE-2024-37085 | VMware ESXi Authentication Bypass Vulnerability KEVVMware | VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESX… |
| CVE-2024-37079 | Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability KEVBroadcom | Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor w… |
| CVE-2024-36971 | Android Kernel Remote Code Execution Vulnerability KEVAndroid | Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact … |
| CVE-2024-36401 | OSGeo GeoServer GeoTools Eval Injection Vulnerability KEVOSGeo | OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property name… |