KEV Catalog CVEs

Attaxion maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. 243,000+ CVEs are indexed from NVD, and those that have been added to the Known Exploited Vulnerabilities (KEV) Catalog recently are listed below.

❮ Previous Page 1 of 11 · 106 total CVEs Next ❯

CVE-2024-38014

HIGH

Windows Installer Elevation of Privilege Vulnerability

CVE-2024-38217

MEDIUM

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2024-38226

HIGH

Microsoft Publisher Security Feature Bypass Vulnerability

CVE-2024-43491

CRITICAL

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise…

CVE-2024-40766

CRITICAL

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and…

CVE-2024-7262

HIGH

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

CVE-2024-7965

HIGH

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-38856

CRITICAL

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check…

CVE-2024-7971

HIGH

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-39717

HIGH

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a…

❮ Previous Page 1 of 11 · 106 total CVEs Next ❯