cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-55591,https://securityvulnerability.io/vulnerability/CVE-2024-55591,Remote Attackers Can Gain Super-Admin Privileges via Crafted Requests to Node.js Websocket Module,"A vulnerability exists in FortiOS and FortiProxy that allows a remote attacker to exploit an authentication bypass through crafted requests targeting the Node.js websocket module. This weakness could enable unauthorized users to attain super-admin privileges, compromising system security. Users of affected versions should take immediate action to mitigate risks by updating to the latest software versions.",Fortinet,"FortiOS,Fortiproxy",9.8,CRITICAL,0.026340000331401825,true,true,false,true,false,true,true,2025-01-14T14:15:00.000Z,22303
CVE-2025-21316,https://securityvulnerability.io/vulnerability/CVE-2025-21316,Windows Kernel Memory Information Disclosure Vulnerability,"The Windows Kernel Memory Information Disclosure vulnerability allows unauthorized users to access sensitive information stored in memory. This exposure can compromise system integrity and user data, making it crucial for organizations to understand the implications and apply necessary security patches to mitigate potential threats.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,true,false,2025-01-14T18:03:57.038Z,10006
CVE-2025-0282,https://securityvulnerability.io/vulnerability/CVE-2025-0282,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways, prior to designated versions. This flaw allows a remote unauthenticated attacker to execute arbitrary code on the affected systems, posing significant risks to security and data integrity. Users are advised to upgrade to the latest versions of these products to mitigate potential exploitation.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",9,CRITICAL,0.15324999392032623,true,true,true,true,true,true,true,2025-01-08T22:15:09.386Z,31760
CVE-2025-21333,https://securityvulnerability.io/vulnerability/CVE-2025-21333,Elevated Privilege Exposure in Windows Hyper-V by Microsoft,"A vulnerability has been identified in Windows Hyper-V, specifically related to the NT Kernel Integration Virtual Service Provider (VSP). This flaw allows an attacker to gain elevated privileges through carefully crafted input, potentially leading to unauthorized access and control over the host system. Users of Windows Hyper-V on various Windows platforms should prioritize applying security updates to mitigate risks associated with this vulnerability. For more details, visit the Microsoft Security Response Center.",Microsoft,"Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025",7.8,HIGH,0.0005099999834783375,true,false,false,true,false,true,false,2025-01-14T18:04:50.962Z,4916
CVE-2024-49138,https://securityvulnerability.io/vulnerability/CVE-2024-49138,Windows Common Log File System Driver Elevation of Privilege Vulnerability,"The vulnerability in the Windows Common Log File System Driver allows attackers to gain elevated privileges on affected Windows systems. This can lead to unauthorized actions being performed, potentially compromising system integrity. Proper security measures and timely updates are essential to protect against exploitation. Users are urged to apply the necessary patches to mitigate risks associated with this vulnerability, ensuring their systems remain secure against potential threats. For further details on remediation, please refer to the official vendor advisory.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows Server 2022,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.000539999979082495,true,true,false,true,true,true,false,2024-12-12T02:04:00.000Z,3699
CVE-2024-44243,https://securityvulnerability.io/vulnerability/CVE-2024-44243,Apple Addresses File System Configuration Issue with macOS Sequoia 15.2 Update,"A configuration issue in Apple macOS Sequoia allows certain applications the ability to modify protected parts of the file system, potentially exposing critical system components and data to unauthorized changes. This vulnerability emphasizes the importance of maintaining strict access controls and ensuring that security practices are in place to protect system integrity. The issue has been addressed in macOS Sequoia 15.2, underscoring the need for users to update their systems to mitigate the risks associated with this configuration flaw.",Apple,Mac OS,5.5,MEDIUM,0.00044999999227002263,false,true,true,true,,true,false,2024-12-12T02:15:00.000Z,3063
CVE-2024-7344,https://securityvulnerability.io/vulnerability/CVE-2024-7344,Reloader Vulnerability: Execution of Unsigned Software,"The Howyar UEFI Application Reloader has a vulnerability that allows for the execution of unsigned software from a hardcoded path, posing risks to system integrity and security. This flaw can be exploited to run unauthorized applications, potentially leading to compromise of the UEFI environment and overall system control. It is essential for users to assess their systems and take preventive measures against unauthorized software execution.",Radix,"Smartrecovery,Greenguard,Sysreturn (32-bit And 64-bit),Sanfong Ez-back System,Ces Neoimpact,Hdd King",6.5,MEDIUM,0.00044999999227002263,false,true,false,true,false,true,false,2025-01-14T14:15:00.000Z,2914
CVE-2024-50603,https://securityvulnerability.io/vulnerability/CVE-2024-50603,Remote Code Execution Vulnerability in Aviatrix Controller by Aviatrix,"A vulnerability in Aviatrix Controller allows unauthenticated attackers to exploit improper handling of OS command elements. This security flaw enables the execution of arbitrary code through the manipulation of API requests by injecting shell metacharacters into the parameters 'cloud_type' and 'src_cloud_type'. If left unaddressed, this could lead to significant security breaches and unauthorized access to protected systems.",Aviatrix,Controller,10,CRITICAL,0.01727999933063984,true,true,true,true,true,true,false,2025-01-08T00:00:00.000Z,3029
CVE-2024-12847,https://securityvulnerability.io/vulnerability/CVE-2024-12847,Authentication Bypass Vulnerability in NETGEAR DGN1000 Router,"The NETGEAR DGN1000 router, prior to firmware version 1.1.00.48, has a significant authentication bypass vulnerability. This flaw allows a remote and unauthenticated attacker to send specially crafted HTTP requests to the setup.cgi endpoint, enabling them to execute arbitrary operating system commands with root privileges. The exploit potential has been active in the wild since at least 2017, highlighting the urgency for users to update their device firmware to safeguard against unauthorized access and control.",Netgear,Dgn1000,9.8,CRITICAL,0.0008399999933317304,false,false,false,true,true,true,false,2025-01-10T20:15:00.000Z,2199