Security Vulnerabilities - Known exploited
CVE-2024-57726
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Known exploited
CVSS Score
9.9
EPSS Score
0.492
Published
2025-01-15
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Known exploited
CVSS Score
7.5
EPSS Score
0.94
Published
2025-01-15
CVE-2024-57728
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Known exploited
CVSS Score
7.2
EPSS Score
0.593
Published
2025-01-15
CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.823
Published
2025-01-14
CVE-2025-21334
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.066
Published
2025-01-14
CVE-2025-21335
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.087
Published
2025-01-14
CVE-2024-13159
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Known exploited
CVSS Score
9.8
EPSS Score
0.94
Published
2025-01-14
CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Known exploited
CVSS Score
9.8
EPSS Score
0.928
Published
2025-01-14
CVE-2024-13161
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Known exploited
CVSS Score
9.8
EPSS Score
0.913
Published
2025-01-14
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Known exploited
CVSS Score
9.8
EPSS Score
0.941
Published
2025-01-14