Security Vulnerabilities - Known exploited
CVE-2024-29059
.NET Framework Information Disclosure Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.938
Published
2024-03-23
CVE-2024-20767
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
Known exploited
CVSS Score
7.4
EPSS Score
0.94
Published
2024-03-18
CVE-2024-26169
Windows Error Reporting Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.346
Published
2024-03-12
CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Known exploited
CVSS Score
9.8
EPSS Score
0.94
Published
2024-03-12
CVE-2024-23225
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Known exploited
CVSS Score
7.8
EPSS Score
0.002
Published
2024-03-05
CVE-2024-23296
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2024-03-05
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Known exploited
CVSS Score
9.8
EPSS Score
0.934
Published
2024-03-04
CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Known exploited
CVSS Score
7.3
EPSS Score
0.92
Published
2024-03-04
CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Known exploited
CVSS Score
10.0
EPSS Score
0.943
Published
2024-02-21
CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Known exploited
CVSS Score
10.0
EPSS Score
0.943
Published
2024-02-21