Total 18198 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38089 1 Microsoft 1 Defender For Iot 2024-12-10 9.1 Critical
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-38076 1 Microsoft 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more 2024-12-10 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38074 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-12-10 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38182 2024-12-10 9 Critical
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
CVE-2024-38077 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-12-10 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-43468 2024-12-10 9.8 Critical
Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2024-38124 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-12-10 9 Critical
Windows Netlogon Elevation of Privilege Vulnerability
CVE-2023-36434 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-12-10 9.8 Critical
Windows IIS Server Elevation of Privilege Vulnerability
CVE-2023-35349 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-12-10 9.8 Critical
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2020-20735 1 8cms 1 Ljcms 2024-12-10 9.8 Critical
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
CVE-2020-20718 1 Pluck-cms 1 Pluckcms 2024-12-10 9.8 Critical
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
CVE-2020-20703 1 Vim 1 Vim 2024-12-10 9.8 Critical
Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.
CVE-2024-46909 1 Progress 1 Whatsup Gold 2024-12-10 9.8 Critical
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
CVE-2020-21174 1 Feehi 1 Feehicms 2024-12-10 9.8 Critical
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
CVE-2024-47578 2024-12-10 9.1 Critical
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.
CVE-2023-36754 1 Siemens 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more 2024-12-10 9.1 Critical
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2024-36461 1 Zabbix 1 Zabbix 2024-12-10 9.1 Critical
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
CVE-2020-21474 1 Nucleuscms 1 Nucleuscms 2024-12-10 9.8 Critical
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
CVE-2023-27992 1 Zyxel 6 Nas326, Nas326 Firmware, Nas540 and 3 more 2024-12-10 9.8 Critical
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
CVE-2024-33610 2024-12-10 9.1 Critical
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].