cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-29059,https://securityvulnerability.io/vulnerability/CVE-2024-29059,Microsoft .NET Framework Information Disclosure Vulnerability,"A vulnerability in Microsoft .NET Framework, identified as CVE-2024-29059, allows malicious users to obtain sensitive information. This vulnerability affects multiple versions of the .NET Framework, and a high severity rating has been assigned to it. Although there are no known exploits in the wild, affected users are advised to install necessary updates from the KB section listed in Windows Update as a solution to mitigate the risk.",Microsoft,"Microsoft .net Framework 4.8,Microsoft .net Framework 3.5 And 4.8,Microsoft .net Framework 3.5 And 4.7.2,Microsoft .net Framework 4.6.2/4.7/4.7.1/4.7.2,Microsoft .net Framework 3.5 And 4.8.1,Microsoft .net Framework 4.6.2,Microsoft .net Framework 3.5 And 4.6/4.6.2,Microsoft .net Framework 2.0 Service Pack 2,Microsoft .net Framework 3.0 Service Pack 2,Microsoft .net Framework 3.5,Microsoft .net Framework 3.5.1",7.5,HIGH,0.023679999634623528,true,2025-02-04T00:00:00.000Z,true,false,true,2024-08-12T23:15:10.000Z,,false,false,,2024-03-23T00:15:00.000Z,0
CVE-2025-21334,https://securityvulnerability.io/vulnerability/CVE-2025-21334,Elevated Privilege Vulnerability in Windows Hyper-V by Microsoft,"A vulnerability exists in the Windows Hyper-V integration components that allows an attacker to elevate their privileges. By exploiting this issue, a malicious user could gain increased access to the system, potentially leading to unauthorized tasks or executing harmful applications. Microsoft has released a detailed advisory on this vulnerability, encouraging users to apply patches and updates to mitigate the risks associated with it.",Microsoft,"Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025",7.8,HIGH,0.0009800000116229057,true,2025-01-14T00:00:00.000Z,false,false,true,2025-01-14T00:00:00.000Z,false,false,false,,2025-01-14T18:04:51.608Z,0
CVE-2025-21335,https://securityvulnerability.io/vulnerability/CVE-2025-21335,Elevation of Privilege Vulnerability in Windows Hyper-V by Microsoft,"The vulnerability in Windows Hyper-V's NT Kernel Integration affects the Virtual Service Provider (VSP), potentially allowing attackers to elevate privileges within the affected system. Successful exploitation could lead to unauthorized access to system resources and sensitive data. The flaw highlights the importance of promptly securing the Hyper-V environment and monitoring for unusual activities that may indicate exploitation attempts.",Microsoft,"Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025",7.8,HIGH,0.0009800000116229057,true,2025-01-14T00:00:00.000Z,false,false,true,2025-01-14T00:00:00.000Z,false,false,false,,2025-01-14T18:04:17.808Z,0
CVE-2025-21333,https://securityvulnerability.io/vulnerability/CVE-2025-21333,Elevated Privilege Exposure in Windows Hyper-V by Microsoft,"A vulnerability has been identified in Windows Hyper-V, specifically related to the NT Kernel Integration Virtual Service Provider (VSP). This flaw allows an attacker to gain elevated privileges through carefully crafted input, potentially leading to unauthorized access and control over the host system. Users of Windows Hyper-V on various Windows platforms should prioritize applying security updates to mitigate risks associated with this vulnerability. For more details, visit the Microsoft Security Response Center.",Microsoft,"Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025",7.8,HIGH,0.0005099999834783375,true,2025-01-14T00:00:00.000Z,false,false,true,2025-01-14T00:00:00.000Z,false,true,false,,2025-01-14T18:04:50.962Z,5087
CVE-2024-35250,https://securityvulnerability.io/vulnerability/CVE-2024-35250,Windows Kernel-Mode Driver Elevation of Privilege Vulnerability,"The vulnerability CVE-2024-35250 affects various versions of Windows, including Windows 11 and Windows Server editions. It allows attackers to escalate privileges to SYSTEM level, bypass security measures, and execute arbitrary code with SYSTEM privileges. A Proof-of-Concept (PoC) exploit has been released, highlighting the urgency of patching vulnerable systems. Microsoft has issued a security update to address the vulnerability, and users are advised to update their systems as soon as possible to prevent exploitation. The vulnerability has been present in Windows systems for nearly 20 years, making it a critical issue that requires immediate attention. Users are advised to update their systems to the latest version to prevent exploitation of this vulnerability.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.0011500000255182385,true,2024-12-16T00:00:00.000Z,true,false,true,2024-10-15T10:00:01.000Z,true,false,false,,2024-06-11T16:59:47.128Z,1181
CVE-2024-49138,https://securityvulnerability.io/vulnerability/CVE-2024-49138,Windows Common Log File System Driver Elevation of Privilege Vulnerability,"The vulnerability in the Windows Common Log File System Driver allows attackers to gain elevated privileges on affected Windows systems. This can lead to unauthorized actions being performed, potentially compromising system integrity. Proper security measures and timely updates are essential to protect against exploitation. Users are urged to apply the necessary patches to mitigate risks associated with this vulnerability, ensuring their systems remain secure against potential threats. For further details on remediation, please refer to the official vendor advisory.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.000539999979082495,true,2024-12-10T00:00:00.000Z,true,false,true,2024-12-10T00:00:00.000Z,true,true,false,,2024-12-12T02:04:00.000Z,5242
CVE-2024-43451,https://securityvulnerability.io/vulnerability/CVE-2024-43451,Windows Under Attack: NTLM Hash Disclosure Spoofing Vulnerability Threatens User Credentials,"The NTLM hash disclosure spoofing vulnerability allows an attacker to exploit the NTLM authentication protocol, potentially leading to unauthorized access to sensitive information. This vulnerability can facilitate attacks by disclosing hashed credentials, which may be leveraged for further exploitation within the affected systems. Organizations utilizing affected Microsoft products should apply security recommendations promptly to mitigate any risks associated with this vulnerability.",Microsoft,"Windows Server 2025,Windows Server 2025 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",6.5,MEDIUM,0.013269999995827675,true,2024-11-12T00:00:00.000Z,true,true,true,2024-11-12T00:00:00.000Z,true,true,false,,2024-11-12T18:15:00.000Z,9235
CVE-2024-49039,https://securityvulnerability.io/vulnerability/CVE-2024-49039,Elevation of Privilege Vulnerability Affects Windows Task Scheduler,"The vulnerability in the Windows Task Scheduler allows attackers to gain elevated privileges on affected systems. Exploitation of this flaw could enable unauthorized access to sensitive data and system controls, posing significant risks to organizational security. This vulnerability underscores the importance of timely patch management and security updates to protect against potential threats.",Microsoft,"Windows Server 2025,Windows Server 2025 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation)",8.8,HIGH,0.006769999861717224,true,2024-11-12T00:00:00.000Z,true,true,true,2024-11-12T00:00:00.000Z,true,true,false,,2024-11-12T18:15:00.000Z,2026
CVE-2024-38094,https://securityvulnerability.io/vulnerability/CVE-2024-38094,Microsoft SharePoint Remote Code Execution Vulnerability,"A vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary code on affected installations. This flaw could enable malicious actors to manipulate SharePoint environments, leading to unauthorized access and potential exposure of sensitive information. Organizations using SharePoint should apply necessary patches and updates to mitigate risks associated with this vulnerability, ensuring the security of their data and services.",Microsoft,"Microsoft Sharepoint Enterprise Server 2016,Microsoft Sharepoint Server 2019,Microsoft Sharepoint Server Subscription Edition",7.2,HIGH,0.004980000201612711,true,2024-10-22T00:00:00.000Z,true,false,true,2024-10-22T00:00:00.000Z,,false,false,,2024-07-09T17:15:00.000Z,0
CVE-2024-30088,https://securityvulnerability.io/vulnerability/CVE-2024-30088,Windows Kernel Elevation of Privilege Vulnerability,"This vulnerability allows an attacker to execute arbitrary code with elevated privileges, potentially gaining control over the affected system. By exploiting the fault in the Windows Kernel, the attacker could leverage this to manipulate system processes and escalate privileges, making it a significant concern for system integrity. Timely security updates and mitigating measures are essential to safeguard systems affected by this vulnerability.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation)",7,HIGH,0.005059999879449606,true,2024-10-15T00:00:00.000Z,true,true,true,2024-06-13T09:39:52.000Z,true,true,false,,2024-06-11T16:59:56.041Z,4430
CVE-2024-43573,https://securityvulnerability.io/vulnerability/CVE-2024-43573,Windows MSHTML Platform Spoofing Vulnerability,Windows MSHTML Platform Spoofing Vulnerability,Microsoft,"Windows 10 Version 22h2,Windows 11 Version 21h2,Windows 11 Version 22h2,Windows 11 Version 22h3,Windows Server 2022,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 21h2,Windows 11 Version 23h2,Windows Server 2019,Windows 10 Version 1809,Windows Server 2019 (server Core Installation),Windows 11 Version 24h2,Windows 10 Version 1507,Windows Server 2016,Windows 10 Version 1607,Windows Server 2012 R2 (server Core Installation),Windows Server 2016 (server Core Installation),Windows Server 2012 R2",6.5,MEDIUM,0.011090000160038471,true,2024-10-08T00:00:00.000Z,true,true,true,2024-10-08T00:00:00.000Z,,false,false,,2024-10-08T17:35:31.236Z,0
CVE-2024-43572,https://securityvulnerability.io/vulnerability/CVE-2024-43572,Remote Code Execution Vulnerability Affects Microsoft Management Console,"A vulnerability exists within Microsoft Management Console that allows attackers to execute arbitrary code remotely. This issue arises due to improper handling of input data, enabling malicious actors to manipulate the console functionality. Exploitation of this vulnerability can lead to severe impacts on the system environment, including unauthorized access to sensitive data and potential control over the affected systems. Organizations using Microsoft Management Console should review their configurations and apply necessary patches to mitigate this risk. For more details and updates, visit the Microsoft advisory.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.000859999970998615,true,2024-10-08T00:00:00.000Z,true,false,true,2024-10-08T00:00:00.000Z,,false,false,,2024-10-08T17:36:10.339Z,0
CVE-2024-43461,https://securityvulnerability.io/vulnerability/CVE-2024-43461,Windows MSHTML Platform Spoofing Vulnerability,"CVE-2024-43461 is a spoofing vulnerability affecting Windows MSHTML that was exploited as part of an attack chain related to another vulnerability, CVE-2024-38112. Microsoft released a fix for CVE-2024-43461 after confirming its exploitation. The attack chain involved using CVE-2024-38112 to force a URL file to be opened with Internet Explorer instead of the Edge browser, leading to the download of a malicious HTA file. The HTA file used CVE-2024-43461 to appear as a PDF file and deliver the Atlantida info-stealer. Microsoft recommends applying both the July 2024 and September 2024 security updates to fully protect against these vulnerabilities.",Microsoft,"Windows 11 Version 24h2,Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",8.8,HIGH,0.02522999979555607,true,2024-09-16T00:00:00.000Z,true,false,true,2024-09-16T00:00:00.000Z,,false,false,,2024-09-10T16:54:14.430Z,0
CVE-2024-38217,https://securityvulnerability.io/vulnerability/CVE-2024-38217,Windows Mark of the Web Security Feature Bypass Vulnerability,Windows Mark of the Web Security Feature Bypass Vulnerability,Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",5.4,MEDIUM,0.026079999282956123,true,2024-09-10T00:00:00.000Z,true,false,true,2024-09-10T00:00:00.000Z,,false,false,,2024-09-10T16:53:55.994Z,0
CVE-2024-38226,https://securityvulnerability.io/vulnerability/CVE-2024-38226,Publisher Security Feature Bypass Vulnerability,"A security feature bypass in Microsoft Publisher enables attackers to circumvent intended security mechanisms, potentially leading to unauthorized actions within the application. This vulnerability affects multiple versions of Microsoft Publisher, emphasizing the need for users to apply patches and updates provided by Microsoft to maintain the security integrity of their software. Comprehensive awareness and prompt action are crucial to mitigate risks associated with this vulnerability.",Microsoft,"Microsoft Office 2019,Microsoft Office Ltsc 2021,Microsoft Publisher 2016",7.3,HIGH,0.0005099999834783375,true,2024-09-10T00:00:00.000Z,false,false,true,2024-09-10T00:00:00.000Z,,false,false,,2024-09-10T16:53:57.222Z,0
CVE-2024-38014,https://securityvulnerability.io/vulnerability/CVE-2024-38014,Elevation of Privilege Vulnerability Affects Windows Installer,"A vulnerability exists within the Windows Installer component that allows attackers to gain elevated privileges on affected systems. This weakness can be exploited to perform unauthorized actions on the system, compromising security and data integrity. Users are encouraged to review the associated updates and apply necessary patches to mitigate the risks associated with this vulnerability.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.1057099997997284,true,2024-09-10T00:00:00.000Z,true,false,true,2024-09-10T00:00:00.000Z,,true,true,2024-09-16T02:52:02.880Z,2024-09-10T16:53:54.780Z,5207
CVE-2024-43491,https://securityvulnerability.io/vulnerability/CVE-2024-43491,Windows 10 Version 1507 Faces Vulnerability Due to Rollback of Previous Fixes,"A vulnerability in the Servicing Stack of Microsoft Windows 10 has resulted in the rollback of security fixes for certain Optional Components on Windows 10, version 1507. This issue allows for the potential exploitation of vulnerabilities that were previously mitigated. Systems running the affected versions, specifically Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, may face increased risk after installing the Windows security update KB5035858 released on March 12, 2024. Organizations are encouraged to apply the September 2024 Servicing Stack Update (SSU KB5043936) followed by the September 2024 Windows security update (KB5043083) to address these vulnerabilities. It's important to note that Windows 10, version 1507 reached end of support on May 9, 2017, and only specific editions remain supported.",Microsoft,Windows 10 Version 1507,9.8,CRITICAL,0.0010100000072270632,true,2024-09-10T00:00:00.000Z,true,false,true,2024-09-10T00:00:00.000Z,,true,true,2024-09-16T00:52:02.742Z,2024-09-10T16:54:20.436Z,4908
CVE-2024-38189,https://securityvulnerability.io/vulnerability/CVE-2024-38189,Remote Code Execution Vulnerability Affects Microsoft Project,"A vulnerability exists in Microsoft Project that allows for remote code execution under specific conditions. This vulnerability could be exploited when a user opens a specially crafted file designed to compromise the application, leading to unauthorized operations on the user's system. Attackers could potentially gain access to sensitive data or control over affected systems. To protect against this vulnerability, it is essential to apply the latest security updates from Microsoft and to follow best practices for file handling and security.",Microsoft,"Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Project 2016,Microsoft Office Ltsc 2021",8.8,HIGH,0.0081599997356534,true,2024-08-13T00:00:00.000Z,false,false,true,2024-08-13T00:00:00.000Z,,false,false,,2024-08-13T17:30:31.741Z,0
CVE-2024-38107,https://securityvulnerability.io/vulnerability/CVE-2024-38107,Elevated Privileges for Attackers,"The vulnerability in the Windows Power Dependency Coordinator allows for elevation of privilege, enabling attackers to execute arbitrary code with higher privileges than intended. This could lead to unauthorized actions within the operating system, potentially compromising system integrity and user data. Organizations must take proactive measures to patch affected systems and mitigate risks associated with this vulnerability.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Windows 11 Version 24h2",7.8,HIGH,0.0004299999854993075,true,2024-08-13T00:00:00.000Z,false,false,true,2024-08-13T00:00:00.000Z,,false,false,,2024-08-13T17:30:00.367Z,0
CVE-2024-38106,https://securityvulnerability.io/vulnerability/CVE-2024-38106,Windows Kernel Elevation of Privilege Vulnerability,"Multiple Microsoft vulnerabilities pose a critical risk to Windows and related software, with at least six zero-day flaws being actively exploited by attackers. These vulnerabilities allow for local privilege escalation and remote code execution, with potential impacts on system security and user data. The flaws affect various Windows components, including the kernel, Edge browser, and the Windows scripting engine. Additionally, several of the vulnerabilities can be chained together to amplify their impact. Ensuring timely patching and maintaining security vigilance is crucial in mitigating the risk posed by these vulnerabilities.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 11 Version 24h2",7,HIGH,0.0004299999854993075,true,2024-08-13T00:00:00.000Z,true,false,true,2024-08-13T00:00:00.000Z,,false,false,,2024-08-13T17:29:59.623Z,0
CVE-2024-38178,https://securityvulnerability.io/vulnerability/CVE-2024-38178,Memory Corruption Vulnerability in Scripting Engine Could Allow for Code Execution,"A vulnerability exists within the scripting engine that, if exploited, allows an attacker to corrupt memory. This could enable the execution of arbitrary code in the context of the user running the application. Successful exploitation may result in unauthorized data access, system instability, or allowing an attacker to install programs, view, change, or delete data. Users of affected products should ensure that they are using the latest security updates to mitigate exposure to this risk.",Microsoft,"Windows 11 Version 24h2,Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.5,HIGH,0.013849999755620956,true,2024-08-13T00:00:00.000Z,true,true,true,2024-08-13T00:00:00.000Z,,true,false,,2024-08-13T17:29:50.491Z,5071
CVE-2024-38213,https://securityvulnerability.io/vulnerability/CVE-2024-38213,Windows Mark of the Web Security Feature Bypass Vulnerability,"The CVE-2024-38213 vulnerability affects the Windows SmartScreen security feature, allowing attackers to bypass it and exploit other vulnerabilities, affecting the ability of the system to protect against potentially malicious software. It has been exploited in the wild and was patched by Microsoft during the June 2024 Patch Tuesday. It can be exploited remotely in low-complexity attacks, but it requires user interaction, making successful exploitation harder to achieve. The vulnerability is part of a larger pattern of SmartScreen vulnerabilities being targeted in attacks, indicating the importance of timely patching and security vigilance to protect against advanced cyber threats.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",6.5,MEDIUM,0.003000000026077032,true,2024-08-13T00:00:00.000Z,true,false,true,2024-08-13T00:00:00.000Z,,false,false,,2024-08-13T17:29:56.506Z,0
CVE-2024-38193,https://securityvulnerability.io/vulnerability/CVE-2024-38193,Elevation of Privilege Vulnerability Affects Windows Sockets,"An elevation of privilege vulnerability exists in the Windows Ancillary Function Driver for WinSock due to improper handling of objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in the context of the system account. Typically, this could allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this vulnerability, an attacker must log on to the system and run a specially crafted application. Regular software updates and implementing security best practices are recommended to mitigate potential risks associated with this vulnerability.",Microsoft,"Windows 11 Version 24h2,Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.0004299999854993075,true,2024-08-13T00:00:00.000Z,true,true,true,2024-08-13T00:00:00.000Z,,true,false,,2024-08-13T17:29:52.409Z,5229
CVE-2024-38112,https://securityvulnerability.io/vulnerability/CVE-2024-38112,MSHTML Platform Spoofing Vulnerability,"The Windows MSHTML platform spoofing vulnerability allows attackers to manipulate the MSHTML platform, potentially leading to a spoofing attack that compromises the integrity of web content. Exploitation of this vulnerability could enable malicious actors to misrepresent legitimate web pages or applications, leading to unauthorized access to sensitive information or actions without user consent. Protection through regular updates and user awareness is essential to mitigate the impact of this vulnerability.",Microsoft,"Windows 10 Version 22h2,Windows 11 Version 23h2,Windows 10 Version 1507,Windows 11 Version 22h2,Windows 10 Version 1607,Windows Server 2016,Windows 10 Version 21h2,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows 10 Version 1809,Windows Server 2012 R2,Windows 11 Version 22h3,Windows Server 2012 R2 (server Core Installation),Windows Server 2022,Windows Server 2022, 23h2 Edition (server Core Installation),Windows Server 2019 (server Core Installation),Windows 11 Version 21h2,Windows Server 2019",7.5,HIGH,0.004980000201612711,true,2024-07-09T00:00:00.000Z,true,true,true,2024-07-09T00:00:00.000Z,,true,true,2024-07-29T03:52:02.508Z,2024-07-09T17:02:38.208Z,83541
CVE-2024-38080,https://securityvulnerability.io/vulnerability/CVE-2024-38080,Hyper-V Elevation of Privilege Vulnerability,"The Microsoft July update included patches for a total of 143 security flaws, with two actively exploited vulnerabilities. One of these is the CVE-2024-38080, a Windows Hyper-V Elevation of Privilege Vulnerability which enables a local, authenticated attacker to elevate privileges to SYSTEM level following an initial compromise of a targeted system. The second is CVE-2024-38112, a Windows MSHTML Platform Spoofing Vulnerability that can be leveraged by threat actors using specially-crafted Windows Internet Shortcut files to redirect victims to a malicious URL. According to the research, this marks the first active exploitation of one of 44 Hyper-V flaws since 2022. Other publicly known vulnerabilities listed include side-channel attack, remote code execution flaws, and spoofing vulnerability in the RADIUS protocol. The article also noted the release of security updates from a range of other vendors, indicating the widespread nature of cybersecurity risks.",Microsoft,"Windows Server 2022,Windows 11 Version 21h2,Windows 11 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation)",7.8,HIGH,0.0014600000577047467,true,2024-07-09T00:00:00.000Z,true,false,true,2024-07-09T00:00:00.000Z,true,false,false,,2024-07-09T17:15:00.000Z,0