CVE-2024-4761

Known exploited
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
8.8
EPSS Score
0.58%
Published
2024-05-14
Updated
2024-05-20
CISA KEV Added
2024-05-16

CVE-2021-40655

Known exploited
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
Source: MITRE
Max CVSS
7.5
EPSS Score
10.46%
Published
2021-09-24
Updated
2024-05-18
CISA KEV Added
2024-05-16

CVE-2014-100005

Known exploited
Public exploit
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Source: MITRE
Max CVSS
6.8
EPSS Score
86.06%
Published
2015-01-13
Updated
2024-05-18
CISA KEV Added
2024-05-16

CVE-2024-30051

Known exploited
Windows DWM Core Library Elevation of Privilege Vulnerability
Source: Microsoft Corporation
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-16
CISA KEV Added
2024-05-14

CVE-2024-30040

Known exploited
Windows MSHTML Platform Security Feature Bypass Vulnerability
Source: Microsoft Corporation
Max CVSS
8.8
EPSS Score
0.94%
Published
2024-05-14
Updated
2024-05-16
CISA KEV Added
2024-05-14

CVE-2024-4671

Known exploited
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
9.6
EPSS Score
0.17%
Published
2024-05-09
Updated
2024-05-16
CISA KEV Added
2024-05-13

CVE-2023-7028

Known exploited
Public exploit
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Source: GitLab Inc.
Max CVSS
10.0
EPSS Score
95.95%
Published
2024-01-12
Updated
2024-05-02
CISA KEV Added
2024-05-01

CVE-2024-29988

Known exploited
SmartScreen Prompt Security Feature Bypass Vulnerability
Source: Microsoft Corporation
Max CVSS
8.8
EPSS Score
0.36%
Published
2024-04-09
Updated
2024-05-03
CISA KEV Added
2024-04-30

CVE-2024-20359

Known exploited
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
Source: Cisco Systems, Inc.
Max CVSS
6.0
EPSS Score
0.13%
Published
2024-04-24
Updated
2024-04-26
CISA KEV Added
2024-04-24

CVE-2024-20353

Known exploited
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Source: Cisco Systems, Inc.
Max CVSS
8.6
EPSS Score
0.23%
Published
2024-04-24
Updated
2024-04-26
CISA KEV Added
2024-04-24

CVE-2024-4040

Known exploited
Public exploit
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Source: DirectCyber
Max CVSS
10.0
EPSS Score
95.93%
Published
2024-04-22
Updated
2024-04-26
CISA KEV Added
2024-04-24

CVE-2022-38028

Known exploited
Windows Print Spooler Elevation of Privilege Vulnerability
Source: Microsoft Corporation
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-10-11
Updated
2024-05-23
CISA KEV Added
2024-04-23
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!