KEV Catalog CVEs

Attaxion maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. 243,000+ CVEs are indexed from NVD, and those that have been added to the Known Exploited Vulnerabilities (KEV) Catalog recently are listed below.

❮ Previous Page 1 of 12 · 115 total CVEs Next ❯

CVE-2024-43047

HIGH

Memory corruption while maintaining memory maps of HLOS memory.

CVE-2024-43572

HIGH

Microsoft Management Console Remote Code Execution Vulnerability

CVE-2024-43573

MEDIUM

Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-45519

CRITICAL

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

CVE-2024-7593

CRITICAL

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

CVE-2024-8963

CRITICAL

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

CVE-2024-6670

CRITICAL

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

CVE-2024-43461

HIGH

Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-8190

HIGH

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

CVE-2024-38014

HIGH

Windows Installer Elevation of Privilege Vulnerability

❮ Previous Page 1 of 12 · 115 total CVEs Next ❯