Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38094

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-09 Jul, 2024 | 17:03
Updated At-30 Jul, 2025 | 01:36
Rejected At-
Credits

Microsoft SharePoint Deserialization Vulnerability

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Microsoft CorporationMicrosoft
Product:SharePoint
Added At:22 Oct, 2024
Due At:12 Nov, 2024

Microsoft SharePoint Deserialization Vulnerability

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

Used in Ransomware

:

Known

CWE

:
CWE-502

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:09 Jul, 2024 | 17:03
Updated At:30 Jul, 2025 | 01:36
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Enterprise Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.5456.1000 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.10412.20001 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Server Subscription Edition
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.17328.20424 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2024-10-22
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38094
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2024-38094 added to CISA KEV2024-10-22 00:00:00
Event: CVE-2024-38094 added to CISA KEV
Date: 2024-10-22 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:09 Jul, 2024 | 17:15
Updated At:27 Jan, 2025 | 21:35

Microsoft SharePoint Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2024-10-222024-11-12Microsoft SharePoint Deserialization VulnerabilityApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-10-22
Due Date: 2024-11-12
Vulnerability Name: Microsoft SharePoint Deserialization Vulnerability
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>sharepoint_server>>-
cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2016
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2019
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Secondarysecure@microsoft.com
CWE-502Primarynvd@nist.gov
CWE ID: CWE-502
Type: Secondary
Source: secure@microsoft.com
CWE ID: CWE-502
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094secure@microsoft.com
Patch
Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

329Records found
CVE-2025-29793
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-3.42% / 86.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-23338
Matching Score-10
Assigner-Snyk
ShareView Details
Matching Score-10
Assigner-Snyk
CVSS Score-6.6||MEDIUM
EPSS-5.10% / 89.43%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 15:50
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-qlibqlib
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-5741
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-7.2||HIGH
EPSS-45.57% / 97.52%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 12:02
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-31||Apply updates per vendor instructions.

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Action-Not Available
Vendor-plexn/aPlexMicrosoft Corporation
Product-media_serverwindowsPlex Media Server (Windows)Media Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21703
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Data Box Gateway Remote Code Execution Vulnerability

Azure Data Box Gateway Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_stack_edgeazure_data_box_gatewayAzure Data Box GatewayAzure Stack Edge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21710
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.77% / 72.46%
||
7 Day CHG+0.07%
Published-14 Feb, 2023 | 19:33
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-38023
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-12.02% / 93.52%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-43464
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-66.60% / 98.47%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-38024
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-14.44% / 94.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-30044
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-47.34% / 97.61%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-20858
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-4.66% / 88.88%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-carbon_black_app_controlwindowsVMware Carbon Black App Control
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-53779
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.14% / 34.19%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-27 Aug, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-23
Relative Path Traversal
CVE-2024-26233
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-26222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-26231
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-26221
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-1.48% / 80.19%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-26224
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-26208
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.12% / 83.41%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-26202
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Remote Code Execution Vulnerability

DHCP Server Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-26223
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-26195
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Remote Code Execution Vulnerability

DHCP Server Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-26227
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-21322
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-21324
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-4.04% / 88.03%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-1654
Matching Score-8
Assigner-PaperCut Software Pty Ltd
ShareView Details
Matching Score-8
Assigner-PaperCut Software Pty Ltd
CVSS Score-7.2||HIGH
EPSS-9.62% / 92.57%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 03:06
Updated-23 Jan, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized write operations in PaperCut NG/MF

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationPaperCut Software Pty LtdLinux Kernel Organization, Inc
Product-papercut_mfmacoswindowslinux_kernelpapercut_ngPaperCut NG, PaperCut MFpapercut_mfpapercut_ng
CWE ID-CWE-183
Permissive List of Allowed Inputs
CVE-2024-1882
Matching Score-8
Assigner-PaperCut Software Pty Ltd
ShareView Details
Matching Score-8
Assigner-PaperCut Software Pty Ltd
CVSS Score-7.2||HIGH
EPSS-9.16% / 92.36%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 03:08
Updated-23 Jan, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side resource injection in PaperCut NG/MF

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationPaperCut Software Pty LtdLinux Kernel Organization, Inc
Product-papercut_mfmacoswindowslinux_kernelpapercut_ngPaperCut NG, PaperCut MFpapercut_mfpapercut_ng
CWE ID-CWE-76
Improper Neutralization of Equivalent Special Elements
CVE-2021-35244
Matching Score-8
Assigner-SolarWinds
ShareView Details
Matching Score-8
Assigner-SolarWinds
CVSS Score-6.8||MEDIUM
EPSS-19.20% / 95.12%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-16 Sep, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.Microsoft Corporation
Product-windowsorion_platformOrion Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49666
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2019windows_server_2022windows_server_2016windows_server_2025Windows Server 2019Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-34474
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.79% / 72.89%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-01 Oct, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics Business Central Remote Code Execution Vulnerability

Dynamics Business Central Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_business_centralMicrosoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.3Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.14Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.8
CVE-2015-2062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.17% / 86.41%
||
7 Day CHG~0.00%
Published-08 Feb, 2020 | 17:08
Updated-06 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.

Action-Not Available
Vendor-huge-itn/aMicrosoft Corporation
Product-huge-it_sliderwindowsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-31196
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-3.92% / 87.83%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-11||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 21Microsoft Exchange Server 2019 Cumulative Update 10Microsoft Exchange Server 2016 Cumulative Update 20Exchange Server
CVE-2025-3944
Matching Score-8
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-8
Assigner-Honeywell International Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.81%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 12:44
Updated-04 Jun, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Action-Not Available
Vendor-tridiumTridiumMicrosoft CorporationBlackBerry LimitedLinux Kernel Organization, Inc
Product-niagara_enterprise_securityqnxwindowslinux_kernelniagaraNiagara FrameworkNiagara Enterprise Security
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-31200
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-8.10% / 91.79%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Common Utilities Remote Code Execution Vulnerability

Common Utilities Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-neural_network_intelligencecommon_utils.py
CVE-2023-0575
Matching Score-8
Assigner-Yugabyte, Inc.
ShareView Details
Matching Score-8
Assigner-Yugabyte, Inc.
CVSS Score-7.2||HIGH
EPSS-0.08% / 24.11%
||
7 Day CHG+0.01%
Published-09 Feb, 2023 | 16:12
Updated-24 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0

Action-Not Available
Vendor-yugabyteYugabyteDBMicrosoft CorporationLinux Kernel Organization, IncApple Inc.
Product-iphone_oslinux_kernelwindowsmacosyugabytedbYugabyteDB
CWE ID-CWE-642
External Control of Critical State Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-4551
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.2||HIGH
EPSS-0.12% / 32.15%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 20:56
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection via Task Scheduler

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.

Action-Not Available
Vendor-Open Text CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-appbuilderwindowslinux_kernelAppBuilderappbuilder
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27078
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-46.09% / 97.55%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2019 Cumulative Update 8
CVE-2021-26610
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:45
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
godomall5 remote code execution vulnerability

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

Action-Not Available
Vendor-nhn-commerceNHN COMMERCEMicrosoft Corporation
Product-windowsgodomall5godomall5 Std, godomall5 Pro
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-26412
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-36.55% / 97.00%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-19 Nov, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2019 Cumulative Update 8
CVE-2021-26422
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-13.10% / 93.84%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business and Lync Remote Code Execution Vulnerability

Skype for Business and Lync Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_serverskype_for_business_serverMicrosoft Lync Server 2013 CU10Skype for Business Server 2019 CU5Skype for Business Server 2015 CU11
CVE-2023-38156
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.24% / 46.94%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-01 Jan, 2025 | 02:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability

Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_hdinsightsAzure HDInsight
CWE ID-CWE-20
Improper Input Validation
CVE-2023-3864
Matching Score-8
Assigner-Snow Software
ShareView Details
Matching Score-8
Assigner-Snow Software
CVSS Score-7.2||HIGH
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 11:24
Updated-09 Oct, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in Snow License Manager

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

Action-Not Available
Vendor-snowsoftwareSnow SoftwaresnowsoftwareMicrosoft Corporation
Product-snow_license_managerwindowsSLMsnow_license_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-36786
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business Remote Code Execution Vulnerability

Skype for Business Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_business_serverSkype for Business Server 2015 CU13Skype for Business Server 2019 CU7
CWE ID-CWE-36
Absolute Path Traversal
CVE-2023-36789
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.73% / 71.64%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business Remote Code Execution Vulnerability

Skype for Business Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_business_serverSkype for Business Server 2015 CU13Skype for Business Server 2019 CU7
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-21348
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-1.43% / 79.81%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-285
Improper Authorization
CVE-2021-20081
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.2||HIGH
EPSS-64.53% / 98.38%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 11:01
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.Microsoft Corporation
Product-manageengine_servicedesk_pluswindowsManageEngine ServiceDesk Plus
CVE-2022-40139
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.2||HIGH
EPSS-26.56% / 96.14%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 18:01
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-06||Apply updates per vendor instructions.

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsapex_oneTrend Micro Apex OneApex One and Apex One as a Service
CVE-2020-8602
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.2||HIGH
EPSS-1.73% / 81.66%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 20:35
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsvulnerability_protectiondeep_security_managerTrend Micro Deep SecurityTrend Micro Vulnerability Management
CVE-2022-34883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.54% / 66.63%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 06:30
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Action-Not Available
Vendor-Docker, Inc.Hitachi, Ltd.Microsoft Corporation
Product-dockerwindowsraid_manager_storage_replication_adapterRAID Manager Storage Replication Adapter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33678
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-5.74% / 90.10%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:38
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
CVE-2020-7804
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-6.4||MEDIUM
EPSS-0.55% / 66.90%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 14:51
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.

Action-Not Available
Vendor-handysoftHandySoftMicrosoft Corporation
Product-windows_7windows_8groupwarewindows_10HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33676
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-5.74% / 90.10%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:38
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found