Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,500 matching · page 345/690Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-43485(opens NVD record) | High | 7.5 | .NET and Visual Studio Denial of Service Vulnerability | Oct 8, 2024 |
| CVE-2024-43484(opens NVD record) | High | 7.5 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Oct 8, 2024 |
| CVE-2024-43483(opens NVD record) | High | 7.5 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Oct 8, 2024 |
| CVE-2024-43481(opens NVD record) | Medium | 6.5 | Power BI Report Server Spoofing Vulnerability | Oct 8, 2024 |
| CVE-2024-43480(opens NVD record) | Medium | 6.6 | Azure Service Fabric for Linux Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-43468(opens NVD record) | Critical | 9.8 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-43456(opens NVD record) | Medium | 4.8 | Windows Remote Desktop Services Tampering Vulnerability | Oct 8, 2024 |
| CVE-2024-43453(opens NVD record) | High | 8.8 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-38265(opens NVD record) | High | 8.8 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-38262(opens NVD record) | High | 7.5 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-38261(opens NVD record) | High | 7.8 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-38229(opens NVD record) | High | 8.1 | .NET and Visual Studio Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-38212(opens NVD record) | High | 8.8 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-38179(opens NVD record) | High | 8.8 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | Oct 8, 2024 |
| CVE-2024-38149(opens NVD record) | High | 7.5 | BranchCache Denial of Service Vulnerability | Oct 8, 2024 |
| CVE-2024-38129(opens NVD record) | High | 7.5 | Windows Kerberos Elevation of Privilege Vulnerability | Oct 8, 2024 |
| CVE-2024-38124(opens NVD record) | Critical | 9.0 | Windows Netlogon Elevation of Privilege Vulnerability | Oct 8, 2024 |
| CVE-2024-38097(opens NVD record) | High | 7.1 | Azure Monitor Agent Elevation of Privilege Vulnerability | Oct 8, 2024 |
| CVE-2024-38029(opens NVD record) | High | 7.5 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-37983(opens NVD record) | Medium | 6.7 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Oct 8, 2024 |
| CVE-2024-37982(opens NVD record) | Medium | 6.7 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Oct 8, 2024 |
| CVE-2024-37979(opens NVD record) | Medium | 6.7 | Windows Kernel Elevation of Privilege Vulnerability | Oct 8, 2024 |
| CVE-2024-37976(opens NVD record) | Medium | 6.7 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Oct 8, 2024 |
| CVE-2024-30092(opens NVD record) | High | 8.0 | Windows Hyper-V Remote Code Execution Vulnerability | Oct 8, 2024 |
| CVE-2024-25885(opens NVD record) | High | 7.5 | An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. | Oct 8, 2024 |
| CVE-2024-20659(opens NVD record) | High | 7.1 | Windows Hyper-V Security Feature Bypass Vulnerability | Oct 8, 2024 |
| CVE-2024-9381(opens NVD record) | High | 7.2 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | Oct 8, 2024 |
| CVE-2024-9380(opens NVD record) | High | 7.2 | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | Oct 8, 2024 |
| CVE-2024-9379(opens NVD record) | Medium | 6.5 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | Oct 8, 2024 |
| CVE-2024-9167(opens NVD record) | High | 7.8 | Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | Oct 8, 2024 |
| CVE-2024-7612(opens NVD record) | High | 8.8 | Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | Oct 8, 2024 |
| CVE-2024-47011(opens NVD record) | High | 7.5 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | Oct 8, 2024 |
| CVE-2024-47010(opens NVD record) | High | 7.3 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | Oct 8, 2024 |
| CVE-2024-47009(opens NVD record) | High | 7.3 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | Oct 8, 2024 |
| CVE-2024-47008(opens NVD record) | High | 7.5 | Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | Oct 8, 2024 |
| CVE-2024-47007(opens NVD record) | High | 7.5 | A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | Oct 8, 2024 |
| CVE-2024-45330(opens NVD record) | High | 7.2 | A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | Oct 8, 2024 |
| CVE-2024-33506(opens NVD record) | Low | 3.3 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests. | Oct 8, 2024 |
| CVE-2024-47814(opens NVD record) | Low | 3.9 | Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | Oct 7, 2024 |
| CVE-2024-45874(opens NVD record) | Critical | 9.8 | A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. | Oct 7, 2024 |
| CVE-2024-45873(opens NVD record) | Critical | 9.8 | A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. | Oct 7, 2024 |
| CVE-2024-42831(opens NVD record) | Medium | 6.1 | A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php. | Oct 7, 2024 |
| CVE-2024-46446(opens NVD record) | Critical | 9.8 | Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | Oct 7, 2024 |
| CVE-2024-45932(opens NVD record) | Medium | 4.8 | Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. | Oct 7, 2024 |
| CVE-2024-28710(opens NVD record) | Medium | 6.1 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | Oct 7, 2024 |
| CVE-2024-28709(opens NVD record) | Medium | 6.1 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | Oct 7, 2024 |
| CVE-2024-45933(opens NVD record) | Medium | 6.6 | OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. | Oct 7, 2024 |
| CVE-2024-25707(opens NVD record) | Medium | 4.8 | There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code. | Oct 4, 2024 |
| CVE-2023-37822(opens NVD record) | High | 8.2 | The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network. | Oct 3, 2024 |
| CVE-2024-0125(opens NVD record) | Low | 3.3 | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. | Oct 3, 2024 |