Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-43447

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 Nov, 2024 | 17:53
Updated At-08 Jul, 2025 | 15:41
Rejected At-
Credits

Windows SMBv3 Server Remote Code Execution Vulnerability

Windows SMBv3 Server Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 Nov, 2024 | 17:53
Updated At:08 Jul, 2025 | 15:41
Rejected At:
▼CVE Numbering Authority (CNA)
Windows SMBv3 Server Remote Code Execution Vulnerability

Windows SMBv3 Server Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.20348.0 before 10.0.20348.2849 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-415CWE-415: Double Free
Type: CWE
CWE ID: CWE-415
Description: CWE-415: Double Free
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 Nov, 2024 | 18:15
Updated At:19 Nov, 2024 | 20:52

Windows SMBv3 Server Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>windows_server_2022>>Versions before 10.0.20348.2849(exclusive)
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-415Secondarysecure@microsoft.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-415
Type: Secondary
Source: secure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

274Records found
CVE-2023-24903
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.72% / 72.73%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-415
Double Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2009-3671
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-54.11% / 98.04%
||
7 Day CHG~0.00%
Published-09 Dec, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_2000windows_server_2003n/aie
CWE ID-CWE-416
Use After Free
CVE-2009-2529
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-19.79% / 95.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_2000windows_server_2003n/aie
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2502
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-43.69% / 97.56%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewerplatform_sdkvisual_foxprowindows_vistaexcel_viewervisual_studiooffice_grooveworksoffice_compatibility_packreport_viewersql_serverofficeinternet_explorervisiowindows_server_2008expression_weboffice_powerpoint_vieweroffice_excel_viewerwindows_xp.net_frameworkvisual_studio_.netoffice_word_viewersql_server_reporting_serviceswindows_2003_serverforefront_client_securitywindows_2000projectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-24064
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.48% / 65.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Domain Name Service Remote Code Execution Vulnerability

Use after free in DNS Server allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2019windows_server_2025windows_server_2008windows_server_2012windows_server_2022windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-24035
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.15% / 34.70%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:58
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2012windows_server_2025windows_server_2019windows_11_23h2windows_server_2008windows_10_1809windows_server_2016windows_10_21h2windows_server_2022Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CVE-2026-40415
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.10% / 26.29%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-15 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Remote Code Execution Vulnerability

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_11_23h2Windows 11 Version 24H2Windows Server 2019Windows 11 Version 25H2Windows 11 version 26H1Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2020-1057
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-2.49% / 85.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-23 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scripting Engine Memory Corruption Vulnerability

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016chakracoreedgewindows_10windows_server_2019Microsoft Edge (EdgeHTML-based)ChakraCore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26919
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-4.81% / 89.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-37958
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-11.58% / 93.72%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:42
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 7Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1Windows Server 2012Windows 10 Version 1507Windows 10 Version 1607Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2016Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 8.1Windows Server 2016 (Server Core installation)
CVE-2022-26925
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-37.43% / 97.23%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-30 Oct, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-22||Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].
Windows LSA Spoofing Vulnerability

Windows LSA Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_10_21h2windows_10_1809windows_server_2022windows_rt_8.1windows_8.1windows_10_1507windows_10_1909windows_server_2008windows_10_21h1windows_10_20h2windows_10_1607windows_server_20h2windows_server_2019windows_11_21h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 7Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server version 20H2Windows
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-0665
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-7.35% / 91.78%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2025-13316
Matching Score-8
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-8
Assigner-Rapid7, Inc.
CVSS Score-8.2||HIGH
EPSS-71.68% / 98.76%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 17:53
Updated-25 Nov, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hard-coded encryption keys in Twonky Server

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

Action-Not Available
Vendor-lynxtechnologyLynxtechnologyLinux Kernel Organization, IncMicrosoft Corporation
Product-windowstwonky_serverlinux_kernelTwonky Server
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2014-9748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.48% / 65.13%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 16:54
Updated-06 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Action-Not Available
Vendor-libuvn/aMicrosoft CorporationNode.js (OpenJS Foundation)
Product-libuvwindows_xpnode.jswindows_server_2003n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-1424
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-3.23% / 87.21%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2026-33827
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.09% / 25.12%
||
7 Day CHG+0.01%
Published-14 Apr, 2026 | 16:58
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_11_26h1windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-25865
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-8.1||HIGH
EPSS-1.25% / 79.52%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 20:00
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-workspace-toolsworkspace-tools
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-24504
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.26% / 79.65%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-23270
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-48.39% / 97.78%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-34702
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.07% / 77.95%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:52
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_8.1windows_rt_8.1windows_server_2019windows_server_2022windows_server_2012windows_7windows_10windows_server_2016windows_server_2008windows_11Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 21H2Windows 7Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H1Windows 8.1Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 20H2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 11 version 21H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-21972
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-48.56% / 97.78%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-22038
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-5.48% / 90.30%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 21H2Windows 10 Version 21H1
CVE-2022-22029
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-3.78% / 88.19%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:36
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network File System Remote Code Execution Vulnerability

Windows Network File System Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)
CVE-2022-21991
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-5.82% / 90.62%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CVE-2022-22035
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.26% / 79.65%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-30797
Matching Score-8
Assigner-VULSec Labs
ShareView Details
Matching Score-8
Assigner-VULSec Labs
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 15:35
Updated-25 Mar, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler. This issue affects RustDesk Client: through 1.4.5.

Action-Not Available
Vendor-rustdeskrustdesk-clientGoogle LLCApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-windowsrustdeskandroidmacosiphone_oslinux_kernelRustDesk Client
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-862
Missing Authorization
CVE-2022-24545
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-4.08% / 88.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:04
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Remote Code Execution Vulnerability

Windows Kerberos Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2013-3894
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-27.04% / 96.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_server_2008windows_vistawindows_xpwindows_8windows_server_2012windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-20856
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.18% / 39.80%
||
7 Day CHG+0.06%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-20
Improper Input Validation
CVE-2025-68154
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.05% / 14.96%
||
7 Day CHG-0.02%
Published-16 Dec, 2025 | 18:18
Updated-19 Feb, 2026 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection in fsSize() on Windows

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.

Action-Not Available
Vendor-systeminformationsebhildebrandtMicrosoft Corporation
Product-systeminformationwindowssysteminformation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49115
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.35% / 57.24%
||
7 Day CHG-0.02%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2025windows_server_2022windows_server_2022_23h2windows_server_2019Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49106
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.24% / 47.63%
||
7 Day CHG-0.02%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2025windows_server_2022windows_server_2019Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49132
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.35% / 57.24%
||
7 Day CHG-0.02%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_1809windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_10_22h2windows_server_2022windows_server_2022_23h2windows_server_2019Windows 10 Version 22H2Windows Server 2019Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49118
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.32% / 54.67%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2016windows_10_1809windows_server_2012windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_server_2022_23h2windows_10_22h2windows_10_1507windows_server_2022windows_10_1607windows_server_2019Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49122
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-2.24% / 84.74%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2008windows_server_2016windows_10_1809windows_server_2012windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_server_2022_23h2windows_10_22h2windows_10_1507windows_server_2022windows_10_1607windows_server_2019Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49048
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.65% / 70.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TorchGeo Remote Code Execution Vulnerability

TorchGeo Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-torchgeoMicrosoft TorchGeo
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-49127
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.54% / 67.96%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2008windows_server_2016windows_10_1809windows_server_2012windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_server_2022_23h2windows_10_22h2windows_10_1507windows_server_2022windows_10_1607windows_server_2019Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49120
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.18% / 39.91%
||
7 Day CHG-0.01%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2025windows_server_2022windows_server_2022_23h2windows_server_2019Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-453
Insecure Default Variable Initialization
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-43582
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-26.04% / 96.34%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Protocol Server Remote Code Execution Vulnerability

Remote Desktop Protocol Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-416
Use After Free
CVE-2012-2950
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-5.38% / 90.21%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 21:08
Updated-06 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.

Action-Not Available
Vendor-gatewaygeomaticsn/aMicrosoft Corporation
Product-windowsmapservern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43598
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.68% / 82.37%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LightGBM Remote Code Execution Vulnerability

LightGBM Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-lightgbmLightGBM
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-43587
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.20% / 79.13%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 22:40
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-61787
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.14% / 33.08%
||
7 Day CHG-0.01%
Published-08 Oct, 2025 | 00:59
Updated-16 Oct, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deno is Vulnerable to Command Injection on Windows During Batch File Execution

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.

Action-Not Available
Vendor-denodenolandMicrosoft Corporation
Product-denowindowsdeno
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-38240
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-2.44% / 85.35%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38045
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-2.46% / 85.42%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Remote Code Execution Vulnerability

Windows TCP/IP Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-38176
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-3.65% / 87.99%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 21:26
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GroupMe Elevation of Privilege Vulnerability

An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-groupmeGroupMe
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-38229
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.97% / 76.79%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelvisual_studio_2022macos.netwindowsMicrosoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft Visual Studio 2022 version 17.11
CWE ID-CWE-416
Use After Free
CVE-2024-37325
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.77% / 82.87%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-17 Dec, 2025 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_data_science_virtual_machineAzure Data Science Virtual Machines
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-37966
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.38% / 80.46%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

Action-Not Available
Vendor-SambaMicrosoft CorporationNetApp, Inc.Fedora Project
Product-management_services_for_element_softwarewindows_server_2016windows_server_2012sambamanagement_services_for_netapp_hcifedorawindows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CVE-2024-35264
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-4.36% / 89.05%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-.netvisual_studio_2022Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.6.NET 8.0.NET 6.0
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found