Security News > 2024 > October > CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
2024-10-23 12:54
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result
News URL
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html
Related news
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-38094 | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Remote Code Execution Vulnerability | 0.0 |