cve,link,title,description,vendor,products,cvssv3_base_score,cvssv3_base_severity,epss_current,exploited CVE-2024-45519,https://securityvulnerability.io/vulnerability/CVE-2024-45519,Unauthenticated Command Execution Vulnerability in Zimbra Collaboration,"The CVE-2024-45519 vulnerability affects the Zimbra Collaboration software, allowing unauthenticated users to execute commands through the postjournal service. Attackers are actively exploiting this critical vulnerability, using specially crafted emails to install web shells and execute commands on vulnerable Zimbra installations. While patches have been released by Zimbra to address the issue, organizations that have not implemented the latest patch are advised to do so immediately. Exploitation of this vulnerability can lead to unauthorized access and control over affected systems, posing significant risks to organizations.",Zimbra,Collaboration,9.8,CRITICAL,0.9503099918365479,true CVE-2024-45200,https://securityvulnerability.io/vulnerability/CVE-2024-45200,Remote Attack on Mario Kart 8 Deluxe Local Multiplayer via Malformed Browse-Reply Packet,"In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the ""Wireless Play"" (or ""LAN Play"") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library,",Nintendo,,,,0.0004299999854993075,false CVE-2024-2961,https://securityvulnerability.io/vulnerability/CVE-2024-2961,Buffer Overflow Vulnerability in GNU C Library's iconv() Function,"The GNU C Library has identified a buffer overflow vulnerability in the iconv() function when converting strings to the ISO-2022-CN-EXT character set, affecting versions 2.39 and older. This vulnerability could potentially cause an application to crash or overwrite a neighboring variable. There are no known exploitations of this vulnerability at this time, and no indication of ransomware groups targeting this specific issue. The GNU C Library has released a security advisory and fix for the vulnerability.",The Gnu C Library,Glibc,,,0.0004600000102072954,true CVE-2024-29824,https://securityvulnerability.io/vulnerability/CVE-2024-29824,Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM,"The vulnerability CVE-2024-29824 is an unauthenticated SQL injection vulnerability affecting Ivanti EPM 2022 SU5 and earlier. It allows unauthenticated attackers within the same network to execute arbitrary code, earning it a critical 9.8 out of 10 CVSS score. A proof-of-concept exploit has been developed for this vulnerability and has been published by researchers. Ivanti has responded to the issue by promptly releasing a patch for CVE-2024-29824 on May 24, and organizations are strongly advised to upgrade to the latest version to prevent exploitation. The exploit allows attackers to take over an Ivanti system, potentially affecting other systems and compromising the organization. Despite Ivanti's recent history of security problems, they have responded promptly to this vulnerability. It is also recommended to keep management interfaces protected from the wider web to prevent unauthorized access to the Endpoint Manager.",Ivanti,Epm,8.8,HIGH,0.363319993019104,true