List of recently analysed vulnerabilities
Below is a list of vulnerabilities we have recently analysed.
| ID | Year | CVE | Description | Target | Capability | Status | CISA KEV | Released Year |
|---|---|---|---|---|---|---|---|---|
| 1 | 2020 | CVE-2020-17096 | Microsoft Windows NTFS (ntfs.sys) Memory Corruption | Microsoft Windows | Denial of Service (DoS) | poc | False | 2024 |
| 2 | 2021 | CVE-2021-31956 | Microsoft Windows NTFS (ntfs.sys) Heap Buffer Overflow | Microsoft Windows | LPE | weaponized | True | 2024 |
| 3 | 2021 | CVE-2021-40466 | Microsoft Windows Common Log File System Driver (clfs.sys) Heap Buffer Overflow | Microsoft Windows | LPE | weaponized | False | 2024 |
| 4 | 2023 | CVE-2023-36845 | Juniper Firewall/VPN (JunOS) PHP External Variable Modification | Juniper | pre-auth RCE | weaponized | True | 2024 |
| 5 | 2024 | CVE-2024-11477 | 7-Zip Zstandard Decompression Integer Underflow RCE | 7-Zip | unexploitable | poc | False | 2024 |
| 6 | 2024 | CVE-2024-21338 | Microsoft Windows AppLocker (appid.sys) Untrusted Pointer Dereference | Microsoft Windows | LPE | weaponized | True | 2024 |
| 7 | 2024 | CVE-2024-30078 | Microsoft Windows Wi-Fi Driver (nwifi.sys) OOB Write | Microsoft Windows | OOB Write | poc | False | 2024 |
| 8 | 2024 | CVE-2024-30085 | Microsoft Windows Cloud Files Mini Filter (cldflt.sys) Heap Buffer Overflow | Microsoft Windows | LPE | weaponized | False | 2024 |
| 9 | 2024 | CVE-2024-30088 | Microsoft Windows Kernel TOCTOU Race Condition | Microsoft Windows | LPE | weaponized | True | 2024 |
| 10 | 2024 | CVE-2024-35250 | Microsoft Windows Kernel Streaming (ks.sys and ksthink.sys) Untrusted Pointer Dereference | Microsoft Windows | LPE | weaponized | True | 2025 |
| 11 | 2024 | CVE-2024-38054 | Microsoft Windows Kernel Streaming WOW Thunk Service (ksthunk.sys) Heap Based Overflow | Microsoft Windows | LPE | weaponized | False | 2024 |
| 12 | 2024 | CVE-2024-38077 | Microsoft Windows Remote Desktop Licensing Service (TermServLicensing) Heap Overflow RCE (madlicense) | Microsoft Windows | pre-auth RCE | weaponized | False | 2024 |
| 13 | 2024 | CVE-2024-38080 | Microsoft Windows Hyper-V Integer Overflow | Microsoft Windows | LPE | weaponized | True | 2024 |
| 14 | 2024 | CVE-2024-38193 | Microsoft Windows Ancillary Function Driver for WinSock (afd.sys) Use After Free | Microsoft Windows | LPE | weaponized | True | 2024 |
| 15 | 2024 | CVE-2024-43572 | Microsoft Windows Management Console | Microsoft Windows | RCE | weaponized | True | 2024 |
| 16 | 2024 | CVE-2024-43639 | Microsoft Windows KDC Proxy (kpssvc.dll) Numeric Truncation Error RCE | Microsoft Windows | unexploitable | poc | False | 2024 |
| 17 | 2024 | CVE-2024-46740 | Google Android (Linux Binder) Use After Free | Google Android | LPE | weaponized | False | 2025 |
| 18 | 2024 | CVE-2024-47575 | Fortinet Fortimanager Missing Authentication | Fortinet Fortimanager | pre-auth RCE | weaponized | True | 2024 |
| 19 | 2024 | CVE-2024-7965 | Google Chrome Android TurboFan Instruction Selection Bug | Google Chrome | RCE | weaponized | True | 2024 |
| 20 | 2024 | CVE-2024-43511 | Microsoft Windows Kernel TOCTOU Race Condition | Microsoft Windows | unexploitable | poc | False | 2024 |
| 21 | 2024 | CVE-2024-38178 | Microsoft Windows Scripting Engine (JScript9.dll) Internet Explorer/Edge Chakra Engine Type Confusion RCE | Microsoft Windows Internet Explorer/Edge | RCE | weaponized | True | 2025 |
| 22 | 2024 | CVE-2024-49090 | Microsoft Windows Common Log File System Driver (clfs.sys) Untrusted Pointer Dereference | Microsoft Windows | LPE | weaponized | False | 2025 |
