We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
This is a
Whenever applicable we also show information from the Known Exploited Vulnerabilities Catalog provided by CISA as the authoritative source of vulnerabilities that have been exploited in the wild.
CVE-2024-7730
Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb(): A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which make...
CVE-2024-3447
Qemu: sdhci: heap buffer overflow in sdhci_write_dataport(): A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2023-4458
Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability: A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only sys...
CVE-2024-45642
IBM Security ReaQta information disclosure: IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45099
IBM Security ReaQta cross-site scripting: IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45099
IBM Security ReaQta cross-site scripting: IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-21534
Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.
**Note:**
There was an attempt to fix it in version [10.0.0](https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3) but it could still be...
CVE-2024-43631
Windows Secure Kernel Mode Elevation of Privilege Vulnerability: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43646
Windows Secure Kernel Mode Elevation of Privilege Vulnerability: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43623
Windows NT OS Kernel Elevation of Privilege Vulnerability: Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43451 Microsoft Windows
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.
CVE-2021-41277 Metabase Metabase
Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
CVE-2024-49039 Microsoft Windows
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.
CVE-2014-2120 Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2021-26086 Atlassian Jira Server and Data Center
Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.