Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,500 matching · page 350/690Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-21529(opens NVD record) | High | 8.2 | Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. | Sep 11, 2024 |
| CVE-2024-1656(opens NVD record) | Low | 2.6 | Affected versions of Octopus Server had a weak content security policy. | Sep 11, 2024 |
| CVE-2024-8441(opens NVD record) | Medium | 6.7 | An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | Sep 10, 2024 |
| CVE-2024-8322(opens NVD record) | Medium | 4.3 | Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | Sep 10, 2024 |
| CVE-2024-8321(opens NVD record) | Medium | 5.8 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | Sep 10, 2024 |
| CVE-2024-8320(opens NVD record) | Medium | 5.3 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | Sep 10, 2024 |
| CVE-2024-8191(opens NVD record) | High | 7.8 | SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | Sep 10, 2024 |
| CVE-2024-8190(opens NVD record) | High | 7.2 | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | Sep 10, 2024 |
| CVE-2024-8012(opens NVD record) | High | 7.8 | An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | Sep 10, 2024 |
| CVE-2024-44107(opens NVD record) | High | 8.8 | DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | Sep 10, 2024 |
| CVE-2024-44106(opens NVD record) | High | 8.8 | Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | Sep 10, 2024 |
| CVE-2024-44105(opens NVD record) | High | 8.2 | Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | Sep 10, 2024 |
| CVE-2024-44104(opens NVD record) | High | 8.8 | An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | Sep 10, 2024 |
| CVE-2024-44103(opens NVD record) | High | 8.8 | DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | Sep 10, 2024 |
| CVE-2024-45409(opens NVD record) | Critical | 10.0 | The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3. | Sep 10, 2024 |
| CVE-2024-44667(opens NVD record) | High | 8.0 | Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | Sep 10, 2024 |
| CVE-2024-43495(opens NVD record) | High | 7.3 | Windows libarchive Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-43492(opens NVD record) | High | 7.8 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-43491(opens NVD record) | Critical | 9.8 | Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. | Sep 10, 2024 |
| CVE-2024-43487(opens NVD record) | Medium | 6.5 | Windows Mark of the Web Security Feature Bypass Vulnerability | Sep 10, 2024 |
| CVE-2024-43482(opens NVD record) | Medium | 6.5 | Microsoft Outlook for iOS Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-43479(opens NVD record) | High | 8.5 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-43476(opens NVD record) | High | 7.6 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Sep 10, 2024 |
| CVE-2024-43475(opens NVD record) | High | 7.3 | Microsoft Windows Admin Center Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-43474(opens NVD record) | High | 7.6 | Microsoft SQL Server Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-43470(opens NVD record) | High | 7.3 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-43469(opens NVD record) | High | 8.8 | Azure CycleCloud Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-43467(opens NVD record) | High | 7.5 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-43466(opens NVD record) | Medium | 6.5 | Microsoft SharePoint Server Denial of Service Vulnerability | Sep 10, 2024 |
| CVE-2024-43465(opens NVD record) | High | 7.8 | Microsoft Excel Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-43464(opens NVD record) | High | 7.2 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-43463(opens NVD record) | High | 7.8 | Microsoft Office Visio Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-43461(opens NVD record) | High | 8.8 | Windows MSHTML Platform Spoofing Vulnerability | Sep 10, 2024 |
| CVE-2024-43458(opens NVD record) | High | 7.7 | Windows Networking Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-43457(opens NVD record) | High | 7.8 | Windows Setup and Deployment Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-43455(opens NVD record) | High | 8.8 | Windows Remote Desktop Licensing Service Spoofing Vulnerability | Sep 10, 2024 |
| CVE-2024-43454(opens NVD record) | High | 7.1 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-38263(opens NVD record) | High | 7.5 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-38260(opens NVD record) | High | 8.8 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-38259(opens NVD record) | High | 8.8 | Microsoft Management Console Remote Code Execution Vulnerability | Sep 10, 2024 |
| CVE-2024-38258(opens NVD record) | Medium | 6.5 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-38257(opens NVD record) | High | 7.5 | Microsoft AllJoyn API Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-38256(opens NVD record) | Medium | 5.5 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-38254(opens NVD record) | Medium | 5.5 | Windows Authentication Information Disclosure Vulnerability | Sep 10, 2024 |
| CVE-2024-38253(opens NVD record) | High | 7.8 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-38252(opens NVD record) | High | 7.8 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-38250(opens NVD record) | High | 7.8 | Windows Graphics Component Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-38249(opens NVD record) | High | 7.8 | Windows Graphics Component Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-38248(opens NVD record) | High | 7.0 | Windows Storage Elevation of Privilege Vulnerability | Sep 10, 2024 |
| CVE-2024-38247(opens NVD record) | High | 7.8 | Windows Graphics Component Elevation of Privilege Vulnerability | Sep 10, 2024 |