Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2024-4610
Known exploited
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
CVSS Score
7.8
EPSS Score
0.008
Published
2024-06-07
CVE-2024-37383
Known exploited
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
CVSS Score
6.1
EPSS Score
0.733
Published
2024-06-07
CVE-2024-28995
Known exploited
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
CVSS Score
8.6
EPSS Score
0.996
Published
2024-06-06
CVE-2024-29824
Known exploited
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVSS Score
9.6
EPSS Score
1.0
Published
2024-05-31
CVE-2024-23692
Known exploited
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
CVSS Score
9.8
EPSS Score
0.995
Published
2024-05-31
CVE-2024-4358
Known exploited
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVSS Score
9.8
EPSS Score
0.975
Published
2024-05-29
CVE-2024-24919
Known exploited
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVSS Score
8.6
EPSS Score
1.0
Published
2024-05-28
CVE-2024-5274
Known exploited
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS Score
9.6
EPSS Score
0.1
Published
2024-05-28
CVE-2024-4978
Known exploited
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
CVSS Score
8.7
EPSS Score
0.269
Published
2024-05-23
CVE-2024-4947
Known exploited
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS Score
9.6
EPSS Score
0.151
Published
2024-05-15


Contact Us

Shodan ® - All rights reserved