Security Vulnerabilities - Known exploited
CVE-2024-28987
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Known exploited
CVSS Score
9.1
EPSS Score
0.942
Published
2024-08-21
CVE-2024-7971
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
9.6
EPSS Score
0.006
Published
2024-08-21
CVE-2024-7965
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.137
Published
2024-08-21
CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Known exploited
CVSS Score
7.8
EPSS Score
0.224
Published
2024-08-15
CVE-2024-28986
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Known exploited
CVSS Score
9.8
EPSS Score
0.299
Published
2024-08-13
CVE-2024-7593
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2024-08-13
CVE-2024-38213
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.739
Published
2024-08-13
CVE-2024-38193
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.645
Published
2024-08-13
CVE-2024-38189
Microsoft Project Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.38
Published
2024-08-13
CVE-2024-38178
Scripting Engine Memory Corruption Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.216
Published
2024-08-13