Search
Search Results (1557 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24813 | 4 Apache, Debian, Netapp and 1 more | 7 Tomcat, Debian Linux, Bootstrap Os and 4 more | 2025-10-29 | 10 Critical |
| Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. | ||||
| CVE-2024-38226 | 1 Microsoft | 4 Office, Office 2019, Office Long Term Servicing Channel and 1 more | 2025-10-28 | 7.3 High |
| Microsoft Publisher Security Feature Bypass Vulnerability | ||||
| CVE-2024-21413 | 1 Microsoft | 5 365 Apps, Office, Office 2016 and 2 more | 2025-10-28 | 9.8 Critical |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-21338 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2025-10-28 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-21351 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-10-28 | 7.6 High |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | 9.8 Critical |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-21412 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2025-10-28 | 8.1 High |
| Internet Shortcut Files Security Feature Bypass Vulnerability | ||||
| CVE-2024-26169 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-10-28 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-29059 | 1 Microsoft | 16 .net, .net Framework, Windows 10 1507 and 13 more | 2025-10-28 | 7.5 High |
| .NET Framework Information Disclosure Vulnerability | ||||
| CVE-2024-29988 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2025-10-28 | 8.8 High |
| SmartScreen Prompt Security Feature Bypass Vulnerability | ||||
| CVE-2024-30040 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-10-28 | 8.8 High |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2024-30051 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-28 | 7.8 High |
| Windows DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2024-38014 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-28 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-38106 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-10-28 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-38107 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-10-28 | 7.8 High |
| Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | ||||
| CVE-2024-38178 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-10-28 | 7.5 High |
| Scripting Engine Memory Corruption Vulnerability | ||||
| CVE-2024-38189 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2025-10-28 | 8.8 High |
| Microsoft Project Remote Code Execution Vulnerability | ||||
| CVE-2024-38193 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-28 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2024-38213 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-10-28 | 6.5 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2024-38217 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-28 | 5.4 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||