Security Vulnerabilities - Known exploited
CVE-2024-38813
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Known exploited
CVSS Score
7.5
EPSS Score
0.146
Published
2024-09-17
CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.58
Published
2024-09-17
CVE-2024-8190
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
Known exploited
CVSS Score
7.2
EPSS Score
0.932
Published
2024-09-10
CVE-2024-43461
Windows MSHTML Platform Spoofing Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.097
Published
2024-09-10
CVE-2024-38226
Microsoft Publisher Security Feature Bypass Vulnerability
Known exploited
CVSS Score
7.3
EPSS Score
0.038
Published
2024-09-10
CVE-2024-38217
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.141
Published
2024-09-10
CVE-2024-38014
Windows Installer Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.105
Published
2024-09-10
CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Known exploited
CVSS Score
9.8
EPSS Score
0.498
Published
2024-09-07
CVE-2024-20439
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Known exploited
CVSS Score
9.8
EPSS Score
0.889
Published
2024-09-04
CVE-2024-45195
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Known exploited
CVSS Score
7.5
EPSS Score
0.942
Published
2024-09-04