2024-09-10: [CVE-2024-43491] Microsoft Windows Update Remote Code Execution Vulnerability
Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution. CISA Known Exploited Vulnerabilities Catalog Read More
2024-09-10: [CVE-2024-38014] Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CISA Known Exploited…
2024-09-10: [CVE-2024-38226] Microsoft Publisher Security Feature Bypass Vulnerability
Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted…
2024-09-09: [CVE-2017-1000253] Linux Kernel PIE Stack Buffer Corruption Vulnerability
Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to…
2024-09-09: [CVE-2024-40766] SonicWall SonicOS Improper Access Control Vulnerability
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may…
2024-09-09: [CVE-2016-3714] ImageMagick Improper Input Validation Vulnerability
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders.…
2024-09-03: [CVE-2021-20124] Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could…
2024-09-03: [CVE-2024-7262] Kingsoft WPS Office Path Traversal Vulnerability
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary…
2024-09-03: [CVE-2021-20123] Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download…
2024-08-28: [CVE-2024-7965] Google Chromium V8 Inappropriate Implementation Vulnerability
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a…
2024-08-27: [CVE-2024-38856] Apache OFBiz Incorrect Authorization Vulnerability
Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context…
2024-08-26: [CVE-2024-7971] Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted…
2024-08-23: [CVE-2024-39717] Versa Director Dangerous File Type Upload Vulnerability
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or…
2024-08-21: [CVE-2022-0185] Linux Kernel Heap-Based Buffer Overflow
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an…
2024-08-21: [CVE-2021-31196] Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. CISA Known Exploited Vulnerabilities Catalog Read…
2024-08-21: [CVE-2021-33044] Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the…
2024-08-21: [CVE-2021-33045] Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client…
2024-08-19: [CVE-2024-23897] Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which…
2024-08-15: [CVE-2024-28986] SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. CISA Known…
2024-08-13: [CVE-2024-38106] Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.…