Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2025-21326 Unspecified vulnerability in Microsoft Windows Server 2022 23H2 and Windows Server 2025
Internet Explorer Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8
2025-01-14 CVE-2025-21332 Unspecified vulnerability in Microsoft products
MapUrlToZone Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.8
2025-01-14 CVE-2025-21333 Unspecified vulnerability in Microsoft products
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
local
low complexity
microsoft
7.8
2025-01-14 CVE-2024-13180 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-22
7.5
2025-01-14 CVE-2023-37937 OS Command Injection vulnerability in Fortinet Fortiswitch
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
local
low complexity
fortinet CWE-78
7.8
2025-01-14 CVE-2024-11497 An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
network
low complexity
CWE-732
8.8
2025-01-14 CVE-2024-26012 OS Command Injection vulnerability in Fortinet Fortiap, Fortiap-S and Fortiap-W2
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
local
low complexity
fortinet CWE-78
7.8
2025-01-14 CVE-2024-27778 OS Command Injection vulnerability in Fortinet Fortisandbox
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
network
low complexity
fortinet CWE-78
8.8
2025-01-14 CVE-2024-33502 Path Traversal vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-22
7.2
2025-01-14 CVE-2024-33503 Unspecified vulnerability in Fortinet products
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
local
low complexity
fortinet
7.8