Security Vulnerabilities - Known exploited
CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Known exploited
CVSS Score
9.2
EPSS Score
0.943
Published
2024-10-09
CVE-2024-9463
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Known exploited
CVSS Score
9.9
EPSS Score
0.942
Published
2024-10-09
CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Known exploited
CVSS Score
9.8
EPSS Score
0.308
Published
2024-10-09
CVE-2024-43572
Microsoft Management Console Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.489
Published
2024-10-08
CVE-2024-43573
Windows MSHTML Platform Spoofing Vulnerability
Known exploited
CVSS Score
6.5
EPSS Score
0.177
Published
2024-10-08
CVE-2024-43468
Microsoft Configuration Manager Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.8
EPSS Score
0.833
Published
2024-10-08
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Known exploited
CVSS Score
6.5
EPSS Score
0.817
Published
2024-10-08
CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Known exploited
CVSS Score
7.2
EPSS Score
0.881
Published
2024-10-08
CVE-2024-43047
Memory corruption while maintaining memory maps of HLOS memory.
Known exploited
CVSS Score
7.8
EPSS Score
0.017
Published
2024-10-07
CVE-2024-45519
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
Known exploited
CVSS Score
10.0
EPSS Score
0.941
Published
2024-10-02