Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft windows - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2024-30023
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
1 Article
7.5
CVSSv3
CVE-2024-30024
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
1 Article
7.8
CVSSv3
CVE-2024-30025
Windows Common Log File System Driver Elevation of Privilege Vulnerability
1 Article
NA
CVE-2024-1874
In PHP versions 8.1.* prior to 8.1.28, 8.2.* prior to 8.2.18, 8.3.* prior to 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that woul...
1 Github repository
NA
CVE-2024-28240
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the c...
5
CVSSv3
CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
6.7
CVSSv3
CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
1 Article
6.4
CVSSv3
CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.
1 Article
NA
CVE-2024-3566
A command inject vulnerability allows an malicious user to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
1 Github repository
NA
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion o...
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »