Total
81840 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7738 | 1 Yzane | 1 Markdown Pdf | 2024-09-13 | 1.7 LOW | 7.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43966 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-09-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1. | |||||
| CVE-2024-44871 | 1 Mozilo | 1 Mozilocms | 2024-09-13 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-38252 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h1 and 9 more | 2024-09-13 | N/A | 7.8 HIGH |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||||
| CVE-2024-38253 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-09-13 | N/A | 7.8 HIGH |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||||
| CVE-2024-38258 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-13 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | |||||
| CVE-2024-38263 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-13 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38260 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-13 | N/A | 8.8 HIGH |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-43454 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-13 | N/A | 7.1 HIGH |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-43464 | 1 Microsoft | 1 Sharepoint Server | 2024-09-13 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-43465 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-09-13 | N/A | 7.8 HIGH |
| Microsoft Excel Elevation of Privilege Vulnerability | |||||
| CVE-2024-43466 | 1 Microsoft | 1 Sharepoint Server | 2024-09-13 | N/A | 7.5 HIGH |
| Microsoft SharePoint Server Denial of Service Vulnerability | |||||
| CVE-2024-43475 | 1 Microsoft | 1 Windows Server 2008 | 2024-09-13 | N/A | 7.3 HIGH |
| Microsoft Windows Admin Center Information Disclosure Vulnerability | |||||
| CVE-2024-7145 | 1 Crocoblock | 1 Jetelements | 2024-09-13 | N/A | 8.8 HIGH |
| The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2024-09-13 | N/A | 8.5 HIGH |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | |||||
| CVE-2024-8639 | 1 Google | 2 Android, Chrome | 2024-09-13 | N/A | 8.8 HIGH |
| Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-8638 | 1 Google | 1 Chrome | 2024-09-13 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-8637 | 1 Google | 2 Android, Chrome | 2024-09-13 | N/A | 8.8 HIGH |
| Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-8636 | 1 Google | 1 Chrome | 2024-09-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-8751 | 2024-09-13 | N/A | 7.5 HIGH | ||
| A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. | |||||