Total
613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53407 | 1 Phiewer | 1 Phiewer | 2025-01-31 | N/A | 3.3 LOW |
| In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. | |||||
| CVE-2023-30330 | 1 Softexpert | 1 Excellence Suite | 2025-01-24 | N/A | 9.8 CRITICAL |
| SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. | |||||
| CVE-2023-29790 | 1 Kodcloud | 1 Kodbox | 2025-01-24 | N/A | 7.5 HIGH |
| kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | |||||
| CVE-2024-28133 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 7.8 HIGH |
| A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. | |||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 7.8 HIGH |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | |||||
| CVE-2024-20693 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21435 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-12-27 | N/A | 8.8 HIGH |
| Windows OLE Remote Code Execution Vulnerability | |||||
| CVE-2024-20754 | 2 Adobe, Apple | 2 Lightroom, Macos | 2024-12-12 | N/A | 7.8 HIGH |
| Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-26198 | 1 Microsoft | 1 Exchange Server | 2024-12-06 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-34123 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-12-03 | N/A | 7.0 HIGH |
| Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high. | |||||
| CVE-2024-38305 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-25 | N/A | 7.3 HIGH |
| Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | |||||
| CVE-2024-6080 | 1 Intelbras | 1 Incontrol | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks. | |||||
| CVE-2024-38462 | 1 Irods | 1 Irods | 2024-11-21 | N/A | 9.8 CRITICAL |
| iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. | |||||
| CVE-2024-30100 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-24810 | 1 Firegiant | 1 Wix Toolset | 2024-11-21 | N/A | 8.2 HIGH |
| WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4. | |||||
| CVE-2024-22410 | 2 Gluwa, Microsoft | 2 Creditcoin, Windows | 2024-11-21 | N/A | 3.3 LOW |
| Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental. | |||||
| CVE-2024-22190 | 1 Gitpython Project | 1 Gitpython | 2024-11-21 | N/A | 7.8 HIGH |
| GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. | |||||
| CVE-2024-21325 | 1 Microsoft | 1 Printer Metadata Troubleshooter Tool | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | |||||
| CVE-2023-4736 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | |||||
| CVE-2023-48670 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | N/A | 7.3 HIGH |
| Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. | |||||