cve,link,title,description,vendor,products,cvssv3_base_score,cvssv3_base_severity,epss_current,exploited
CVE-2024-47575,https://securityvulnerability.io/vulnerability/CVE-2024-47575,Specially crafted requests can execute arbitrary code or commands in FortiManager,"A critical vulnerability identified as CVE-2024-47575 in Fortinet's FortiManager tool has been actively exploited by an unknown threat actor known as UNC5820, impacting over 50 systems across various industries. This vulnerability, rated 9.8 out of 10 on the CVSS, allows remote attackers to execute arbitrary code or commands by exploiting a missing authentication function in the FortiManager software. The attacker used this flaw to gain unauthorized access and steal sensitive information from compromised FortiManager devices, including configuration data, usernames, and passwords. While no follow-on attacks have been observed to date, the potential impact of this exploitation is severe, considering the widespread use of FortiGate devices for protecting critical infrastructure and data in enterprise environments. The security response includes a patch release from Fortinet, urging organizations to apply the update, review access logs for suspicious activity, and implement network segmentation and continuous monitoring as mitigation measures.",Fortinet,Fortimanager,9.8,CRITICAL,0.012769999913871288,true
CVE-2024-4947,https://securityvulnerability.io/vulnerability/CVE-2024-4947,Remote Code Execution in Chrome's V8 Prior to 125.0.6422.60,"The vulnerability CVE-2024-4947 is a type confusion weakness in the Chrome V8 JavaScript engine, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Google has rolled an emergency patch for the high-severity flaw, as it has been exploited in the wild. The bug also affects Chromium-based browsers such as Microsoft Edge, and Microsoft is working on a fix. This is the third zero-day vulnerability that Google has patched in the last week. It is crucial for users to update their Chrome browser to version 125.0.6422.60 in order to address this vulnerability and prevent potential attacks.",Google,Chrome,8.8,HIGH,0.0022299999836832285,true