cve,link,title,description,vendor,products,cvssv3_base_score,cvssv3_base_severity,epss_current,exploited CVE-2024-9680,https://securityvulnerability.io/vulnerability/CVE-2024-9680,Mozilla Firefox Vulnerability: Code Execution through Animation Timelines,"The Mozilla Firefox emergency update was released to fix a vulnerability (CVE-2024-9680) being exploited in the wild. This is a use-after-free vulnerability in the browser's Animation timelines which has been exploited to achieve code execution in the content process. The severity of the vulnerability is highlighted by the impact ratings from the National Vulnerability Database (NVD), the Dutch national cyber center, and Italy's advisory, with all indicating high potential damage from a successful attack. The update patches are available for Firefox and Firefox ESR, and organizations are urged to upgrade as soon as possible to mitigate the risk of exploitation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,true CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"The CVE-2024-23113 vulnerability in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products is being actively exploited in the wild, with information from the CISA and Wiz researchers confirming this. The vulnerability allows unauthorized code execution via specially crafted packets, impacting a wide range of FortiOS versions. The potential impact is significant, leading to remote code or command execution by an unauthenticated attacker. The recommended mitigation is to upgrade or migrate to a fixed release, with specific versions provided for each affected product. Additionally, workarounds are available to mitigate the risk while waiting to apply the patch. The urgency of addressing this vulnerability is underscored by the observed rates of exploitation and the potential for significant disruption and compromise.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.008019999600946903,true CVE-2024-9464,https://securityvulnerability.io/vulnerability/CVE-2024-9464,OS Command Injection Vulnerability in Palo Alto Networks Expedition,"Palo Alto Networks Expedition is affected by multiple critical vulnerabilities, including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting (XSS). These vulnerabilities, with high CVSS scores, can lead to unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96 and could result in the disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Urgent action is recommended, including upgrading to the latest version, limiting network access to authorized personnel, rotating credentials, monitoring logs for signs of unauthorized activity, and shutting down unused instances. There is no evidence of known exploitations in the wild, but the risks of exploitation make it critical to address these vulnerabilities promptly.",Palo Alto Networks,Expedition,6.5,MEDIUM,0.0004299999854993075,true CVE-2024-9164,https://securityvulnerability.io/vulnerability/CVE-2024-9164,Arbitrary Pipeline Access Vulnerability in GitLab EE,"The article discusses a critical vulnerability in GitLab, identified as CVE-2024-9164, which allows the execution of arbitrary pipelines on arbitrary branches. This vulnerability has a CVSS score of 9.6 out of 10, making it highly severe. GitLab has released security updates to address this and seven other security flaws, with four rated as high severity, two as medium, and one as low. While there is no evidence of active exploitation, users are advised to update their instances to the latest version to guard against potential threats.",Gitlab,Gitlab,9.6,CRITICAL,0.0004299999854993075,false CVE-2024-40711,https://securityvulnerability.io/vulnerability/CVE-2024-40711,Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool,"The vulnerability identified as CVE-2024-40711 is an unauthenticated remote code execution (RCE) vulnerability in Veeam Backup & Replication software, with a high CVSS score of 9.8. It is actively being exploited by ransomware groups, who use it as a second stage exploit to create new local administrator accounts and facilitate further objectives on compromised networks. The attackers initially gain access to targets using compromised VPN gateways without multifactor authentication enabled, and then exploit the Veeam vulnerability to execute code remotely and deploy ransomware. Veeam has released an update (VBR version 12.2.0.334) to patch the vulnerability, and affected organizations have been advised to update their systems as soon as possible to prevent further attacks.",Veeam,Backup And Recovery,9.8,CRITICAL,0.0004299999854993075,true CVE-2024-35202,https://securityvulnerability.io/vulnerability/CVE-2024-35202,Bitcoin Core Vulnerability Allows Remote Denial of Service,Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.,Bitcoin Core,,,,0.00044999999227002263,false CVE-2024-30088,https://securityvulnerability.io/vulnerability/CVE-2024-30088,Windows Kernel Elevation of Privilege Vulnerability,"CVE-2024-30088 is a critical elevation of privilege vulnerability in the Windows kernel, affecting Microsoft operating systems. It has a high CVSS score of 8.8, indicating its severe impact. Attackers can exploit this flaw to escalate their privileges on affected installations, potentially gaining full control over the system. Microsoft responded promptly to this vulnerability by issuing a security update to address the flaw. It is advised for users and administrators to apply this update as soon as possible to protect their systems from attacks. The discovery of this vulnerability underscores the importance of continuous security research and prompt responses from software vendors.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation)",7,HIGH,0.0004299999854993075,true