Latest CVE Feed
-
8.8
HIGHCVE-2024-23666
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.... Read more
- Published: Nov. 12, 2024
- Modified: Jan. 21, 2025
-
9.1
CRITICALCVE-2023-52268
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.... Read more
Affected Products :- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGHCVE-2023-50176
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.... Read more
Affected Products : fortios- Published: Nov. 12, 2024
- Modified: Dec. 12, 2024
-
8.1
HIGHCVE-2023-47543
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.... Read more
Affected Products : fortiportal- Published: Nov. 12, 2024
- Modified: Jan. 02, 2025
-
4.1
MEDIUMCVE-2023-44255
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read e... Read more
- Published: Nov. 12, 2024
- Modified: Jan. 21, 2025
-
8.8
HIGHCVE-2024-8069
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server... Read more
Affected Products : session_recording- Actively Exploited
- Published: Nov. 12, 2024
- Modified: Aug. 26, 2025
-
8.0
HIGHCVE-2024-8068
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain... Read more
Affected Products : session_recording- Actively Exploited
- Published: Nov. 12, 2024
- Modified: Aug. 26, 2025
-
4.8
MEDIUMCVE-2024-51720
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone nu... Read more
Affected Products :- Published: Nov. 12, 2024
- Modified: Nov. 13, 2024
-
8.8
HIGHCVE-2024-49056
Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : airlift_microsoft_com- Published: Nov. 12, 2024
- Modified: Jan. 07, 2025
-
7.8
HIGHCVE-2024-49051
Microsoft PC Manager Elevation of Privilege Vulnerability... Read more
Affected Products : pc_manager- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Jul. 15, 2025
-
7.1
HIGHCVE-2024-49049
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
8.1
HIGHCVE-2024-49048
TorchGeo Remote Code Execution Vulnerability... Read more
Affected Products : torchgeo- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
7.8
HIGHCVE-2024-49046
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024
-
6.7
MEDIUM- Published: Nov. 12, 2024
- Modified: Nov. 16, 2024
-
7.8
HIGHCVE-2024-49043
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability... Read more
Affected Products : sql_server sql_server sql_server_2016 sql_server_2017 sql_server_2019 sql_server_2022- Published: Nov. 12, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-49040
Microsoft Exchange Server Spoofing Vulnerability... Read more
Affected Products : exchange_server- Published: Nov. 12, 2024
- Modified: Nov. 16, 2024
-
8.8
HIGHCVE-2024-49039
Windows Task Scheduler Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Actively Exploited
- Published: Nov. 12, 2024
- Modified: Nov. 14, 2024
-
7.5
HIGHCVE-2024-49033
Microsoft Word Security Feature Bypass Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 16, 2024
-
7.8
HIGHCVE-2024-49032
Microsoft Office Graphics Remote Code Execution Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 18, 2024