CVE-2024-29824

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security - CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited ...
6 months ago Helpnetsecurity.com CVE-2024-29824

Microsoft: Zero-day bug used in ransomware attacks on US real estate firms | The Record from Recorded Future News - Microsoft did not provide more information on the hackers behind the campaign, only referring to the threat actors as “Storm-2460.” CVE-2025-29824 was the only Patch Tuesday bug from Microsoft added to the Cybersecurity and Infrastructure ...
6 days ago Therecord.media CVE-2025-29824 RansomEXX

Ivanti Endpoint Manager Vulnerability Public Exploit is Now Used in Cyber Attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. As cyber threats continue to evolve, CISA remains committed to updating its catalog with ...
6 months ago Cybersecuritynews.com CVE-2024-29824

US CISA adds Ivanti EPM flaw to its Known Exploited Vulnerabilities catalog - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. U.S. Cybersecurity ...
6 months ago Securityaffairs.com CVE-2024-29824 CVE-2024-45519

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks - GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents. As cyber threats continue to evolve, CISA remains committed to updating ...
6 months ago Gbhackers.com CVE-2024-29824

Microsoft: Windows CLFS zero-day exploited by ransomware gang - Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. This ransomware gang has also targeted high-profile organizations, ...
6 days ago Bleepingcomputer.com CVE-2025-29824 RansomEXX

Microsoft Patch Tuesday April 2025: 121 Vulnerabilities Fixed Including 1 Actively Exploited Zero-Day - This month’s update addresses a significant array of threats, including elevation of privilege, remote code execution, and a single actively exploited zero-day vulnerability that has heightened urgency for users and administrators alike. ...
6 days ago Cybersecuritynews.com CVE-2025-29824

Windows CLFS Zero-Day Vulnerability Actively Exploited by Ransomware Group - A critical zero-day vulnerability in the Windows Common Log File System (CLFS) has been uncovered and is being actively exploited by a ransomware group, according to a recent report from the Microsoft Threat Intelligence Center (MSTIC) and Microsoft ...
6 days ago Cybersecuritynews.com CVE-2025-29824

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
6 months ago Feeds.dzone.com

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active ...
6 months ago Thehackernews.com CVE-2024-29824

CVE-2024-29824 - An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ...
4 months ago Tenable.com

CISA Adds High-Severity Ivanti Vuln to KEV Catalog - "Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems," Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an ...
6 months ago Darkreading.com CVE-2024-29824

CVE-2021-29824 - IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. ...
2 years ago

CVE-2022-29824 - In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, ...
2 years ago

CVE-2023-29824 - ** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. ...
1 year ago

CVE-2025-29824 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. ...
4 days ago CVE-2025-29824 CVE-2023-28252 CVE-2025-24983

Windows Common Log File System 0-Day Vulnerability Exploited in the Wild - Successful exploitation could allow attackers to gain SYSTEM-level access, bypassing critical security measures and potentially compromising sensitive data or system integrity. A critical zero-day vulnerability in the Windows Common Log File System ...
6 days ago Cybersecuritynews.com CVE-2025-29824

Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities - The CL0P ransomware group exploited vulnerabilities to access sensitive employee data, including names and Social Security numbers. SonicWall has patched three vulnerabilities in its NetExtender VPN client for Windows (versions prior to 10.3.2). ...
1 day ago Cybersecuritynews.com CVE-2025-29824 Scattered Spider SideCopy

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
10 months ago Tenable.com

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com

CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
6 months ago Tenable.com

CVE-2024-9255 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
6 months ago Tenable.com