Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56039 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-43491 |
Description: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.
Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38220 |
Description: Azure Stack Hub Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38199 |
Description: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.13%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38183 |
Description: An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38175 |
Description: An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
CVSS: CRITICAL (9.6) EPSS Score: 0.09%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38160 |
Description: Windows Network Virtualization Remote Code Execution Vulnerability
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38159 |
Description: Windows Network Virtualization Remote Code Execution Vulnerability
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38140 |
Description: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-38109 |
Description: An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVSS: CRITICAL (9.1) EPSS Score: 0.09%
January 1st, 2025 (4 months ago)
|