Security Vulnerabilities - Known exploited
CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Known exploited
CVSS Score
9.8
EPSS Score
0.682
Published
2024-09-07
CVE-2024-20439
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Known exploited
CVSS Score
9.8
EPSS Score
0.863
Published
2024-09-04
CVE-2024-45195
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Known exploited
CVSS Score
7.5
EPSS Score
0.941
Published
2024-09-04
CVE-2024-6670
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2024-08-29
CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.035
Published
2024-08-23
CVE-2024-39717
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
Known exploited
CVSS Score
6.6
EPSS Score
0.046
Published
2024-08-22
CVE-2024-28987
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Known exploited
CVSS Score
9.1
EPSS Score
0.943
Published
2024-08-21
CVE-2024-7971
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
9.6
EPSS Score
0.015
Published
2024-08-21
CVE-2024-7965
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.273
Published
2024-08-21
CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Known exploited
CVSS Score
9.3
EPSS Score
0.124
Published
2024-08-15