CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2024-38112	High	92.6%	MicrosoftWindows	Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.	Jul 9, 2024	KEV
CVE-2024-38080	High	13.7%	MicrosoftWindows	Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.	Jul 9, 2024	KEV
CVE-2024-26169	High	34.6%	MicrosoftWindows	Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.	Jun 13, 2024	KEV
CVE-2024-5274	High	3.6%	GoogleChromium V8	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	May 28, 2024	KEV
CVE-2024-4761	High	6.4%	GoogleChromium V8	Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	May 16, 2024	KEV
CVE-2024-30051	High	48.4%	MicrosoftDWM Core Library	Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.	May 14, 2024	KEV
CVE-2024-30040	High	23.5%	MicrosoftWindows	Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.	May 14, 2024	KEV
CVE-2024-4671	High	0.5%	GoogleChromium	Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	May 13, 2024	KEV
CVE-2024-29988	High	66.8%	MicrosoftSmartScreen Prompt	Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.	Apr 30, 2024	KEV
CVE-2022-38028	High	5.0%	MicrosoftWindows	Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.	Apr 23, 2024	KEV
CVE-2023-24955	High	91.6%	MicrosoftSharePoint Server	Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.	Mar 26, 2024	KEV
CVE-2024-21338	High	78.1%	MicrosoftWindows	Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.	Mar 4, 2024	KEV
CVE-2023-29360	High	30.3%	MicrosoftStreaming Service	Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.	Feb 29, 2024	KEV
CVE-2024-21410	High	5.1%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.	Feb 15, 2024	KEV
CVE-2024-21351	High	10.8%	MicrosoftWindows	Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.	Feb 13, 2024	KEV
CVE-2024-21412	High	93.8%	MicrosoftWindows	Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.	Feb 13, 2024	KEV
CVE-2023-4762	High	54.8%	GoogleChromium V8	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Feb 6, 2024	KEV
CVE-2024-0519	High	0.4%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Jan 17, 2024	KEV
CVE-2023-29357	High	94.4%	MicrosoftSharePoint Server	Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.	Jan 10, 2024	KEV
CVE-2023-36584	High	15.4%	MicrosoftWindows	Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.	Nov 16, 2023	KEV

CVE-2024-38112KEV

High

Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

MicrosoftEPSS 92.6%

CVE-2024-38080KEV

High

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

MicrosoftEPSS 13.7%

CVE-2024-26169KEV

High

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

MicrosoftEPSS 34.6%

CVE-2024-5274KEV

High

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 3.6%

CVE-2024-4761KEV

High

Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 6.4%

CVE-2024-30051KEV

High

Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.

MicrosoftEPSS 48.4%

CVE-2024-30040KEV

High

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.

MicrosoftEPSS 23.5%

CVE-2024-4671KEV

High

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 0.5%

CVE-2024-29988KEV

High

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.

MicrosoftEPSS 66.8%

CVE-2022-38028KEV

High

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

MicrosoftEPSS 5.0%

CVE-2023-24955KEV

High

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

MicrosoftEPSS 91.6%

CVE-2024-21338KEV

High

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

MicrosoftEPSS 78.1%

CVE-2023-29360KEV

High

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

MicrosoftEPSS 30.3%

CVE-2024-21410KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 5.1%

CVE-2024-21351KEV

High

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

MicrosoftEPSS 10.8%

CVE-2024-21412KEV

High

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 0.4%

CVE-2023-29357KEV

High

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

MicrosoftEPSS 94.4%

CVE-2023-36584KEV

High

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

MicrosoftEPSS 15.4%

8 9 10 11 12 13 14