Security Vulnerabilities - Known exploited
CVE-2024-43461
Windows MSHTML Platform Spoofing Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.098
Published
2024-09-10
CVE-2024-38226
Microsoft Publisher Security Feature Bypass Vulnerability
Known exploited
CVSS Score
7.3
EPSS Score
0.038
Published
2024-09-10
CVE-2024-38217
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.134
Published
2024-09-10
CVE-2024-38014
Windows Installer Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.096
Published
2024-09-10
CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Known exploited
CVSS Score
9.8
EPSS Score
0.585
Published
2024-09-07
CVE-2024-20439
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Known exploited
CVSS Score
9.8
EPSS Score
0.865
Published
2024-09-04
CVE-2024-45195
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Known exploited
CVSS Score
7.5
EPSS Score
0.941
Published
2024-09-04
CVE-2024-6670
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2024-08-29
CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.111
Published
2024-08-23
CVE-2024-39717
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
Known exploited
CVSS Score
6.6
EPSS Score
0.071
Published
2024-08-22