Security Vulnerabilities - Known exploited
CVE-2024-38213
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.717
Published
2024-08-13
CVE-2024-38193
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.69
Published
2024-08-13
CVE-2024-38189
Microsoft Project Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.38
Published
2024-08-13
CVE-2024-38178
Scripting Engine Memory Corruption Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.216
Published
2024-08-13
CVE-2024-38106
Windows Kernel Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.0
EPSS Score
0.004
Published
2024-08-13
CVE-2024-38107
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.037
Published
2024-08-13
CVE-2024-41710
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
Known exploited
CVSS Score
7.2
EPSS Score
0.082
Published
2024-08-12
CVE-2024-27443
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.
Known exploited
CVSS Score
6.1
EPSS Score
0.225
Published
2024-08-12
CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Known exploited
CVSS Score
9.3
EPSS Score
0.876
Published
2024-08-05
CVE-2024-38856
Incorrect Authorization vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: through 18.12.14.
Users are recommended to upgrade to version 18.12.15, which fixes the issue.
Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2024-08-05