) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Search Type: Search Last 3 Months
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-4766 |
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. Published: May 14, 2024; 2:15:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-4765 |
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. Published: May 14, 2024; 2:15:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-4764 |
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126. Published: May 14, 2024; 2:15:12 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-4367 |
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Published: May 14, 2024; 2:15:12 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-33485 |
SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component Published: May 14, 2024; 2:15:11 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-27110 |
Elevation of privilege vulnerability in GE HealthCare EchoPAC products Published: May 14, 2024; 2:15:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-31491 |
A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. Published: May 14, 2024; 1:17:24 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-31488 |
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests. Published: May 14, 2024; 1:17:23 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-30059 |
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability Published: May 14, 2024; 1:17:23 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2024-30054 |
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability Published: May 14, 2024; 1:17:22 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-30053 |
Azure Migrate Cross-Site Scripting Vulnerability Published: May 14, 2024; 1:17:22 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-30051 |
Windows DWM Core Library Elevation of Privilege Vulnerability Published: May 14, 2024; 1:17:21 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-30050 |
Windows Mark of the Web Security Feature Bypass Vulnerability Published: May 14, 2024; 1:17:21 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-30049 |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Published: May 14, 2024; 1:17:20 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-30048 |
Dynamics 365 Customer Insights Spoofing Vulnerability Published: May 14, 2024; 1:17:19 PM -0400 |
V4.0:(not available) V3.1: 7.6 HIGH V2.0:(not available) |
| CVE-2024-30047 |
Dynamics 365 Customer Insights Spoofing Vulnerability Published: May 14, 2024; 1:17:18 PM -0400 |
V4.0:(not available) V3.1: 7.6 HIGH V2.0:(not available) |
| CVE-2024-30046 |
Visual Studio Denial of Service Vulnerability Published: May 14, 2024; 1:17:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-30045 |
.NET and Visual Studio Remote Code Execution Vulnerability Published: May 14, 2024; 1:17:17 PM -0400 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0:(not available) |
| CVE-2024-30044 |
Microsoft SharePoint Server Remote Code Execution Vulnerability Published: May 14, 2024; 1:17:16 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2024-30043 |
Microsoft SharePoint Server Information Disclosure Vulnerability Published: May 14, 2024; 1:17:15 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |