Security Vulnerabilities - CVEs Published In May 2024
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-05-14
A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-05-14
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-14
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
CVSS Score
6.8
EPSS Score
0.004
Published
2024-05-14
Azure Migrate Cross-Site Scripting Vulnerability
CVSS Score
6.5
EPSS Score
0.014
Published
2024-05-14
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.12
Published
2024-05-14
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS Score
5.4
EPSS Score
0.091
Published
2024-05-14
CVE-2024-30051
Windows DWM Core Library Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.483
Published
2024-05-14
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.007
Published
2024-05-14
Dynamics 365 Customer Insights Spoofing Vulnerability
CVSS Score
7.6
EPSS Score
0.007
Published
2024-05-14