Search
Search Results (1482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24813 | 4 Apache, Debian, Netapp and 1 more | 7 Tomcat, Debian Linux, Bootstrap Os and 4 more | 2025-10-29 | 10 Critical |
| Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. | ||||
| CVE-2024-38226 | 1 Microsoft | 3 Office 2019, Office Long Term Servicing Channel, Publisher | 2025-10-28 | 7.3 High |
| Microsoft Publisher Security Feature Bypass Vulnerability | ||||
| CVE-2024-21413 | 1 Microsoft | 4 365 Apps, Office 2016, Office 2019 and 1 more | 2025-10-28 | 9.8 Critical |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-21338 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | 7.6 High |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | 9.8 Critical |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | 8.1 High |
| Internet Shortcut Files Security Feature Bypass Vulnerability | ||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-29059 | 1 Microsoft | 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more | 2025-10-28 | 7.5 High |
| .NET Framework Information Disclosure Vulnerability | ||||
| CVE-2024-29988 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | 8.8 High |
| SmartScreen Prompt Security Feature Bypass Vulnerability | ||||
| CVE-2024-30040 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | 8.8 High |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2024-30051 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-10-28 | 7.8 High |
| Windows DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2024-38014 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-38106 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-38107 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | 7.8 High |
| Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | ||||
| CVE-2024-38178 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | 7.5 High |
| Scripting Engine Memory Corruption Vulnerability | ||||
| CVE-2024-38189 | 1 Microsoft | 4 365 Apps, Office 2019, Office Long Term Servicing Channel and 1 more | 2025-10-28 | 8.8 High |
| Microsoft Project Remote Code Execution Vulnerability | ||||
| CVE-2024-38193 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2024-38213 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | 6.5 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2024-38217 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | 5.4 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||