| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41266 | 0.26 | — | 0.85 | KEV | Aug 29, 2023 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate… | ||
| CVE-2023-38831 | 0.29 | — | 0.98 | KEV | Aug 23, 2023 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the… | ||
| CVE-2023-38035 | 0.29 | — | 1.00 | KEV | Aug 21, 2023 | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | ||
| CVE-2023-36846 | 0.20 | — | 0.94 | KEV | Aug 17, 2023 | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require… | ||
| CVE-2023-36845 | 0.23 | — | 0.94 | KEV | Aug 17, 2023 | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to… | ||
| CVE-2023-36844 | 0.20 | — | 0.90 | KEV | Aug 17, 2023 | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP… | ||
| CVE-2023-36847 | 0.20 | — | 0.85 | KEV | Aug 17, 2023 | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't… | ||
| CVE-2023-35082 | 0.26 | — | 1.00 | KEV | Aug 15, 2023 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. | ||
| CVE-2022-48503 | 0.12 | — | 0.03 | KEV | Aug 14, 2023 | The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. | ||
| CVE-2023-38180 | 0.12 | — | 0.16 | KEV | Aug 8, 2023 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2023-35081 | 0.19 | — | 0.63 | KEV | Aug 3, 2023 | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | ||
| CVE-2023-38950 | 0.19 | — | 0.85 | KEV | Aug 3, 2023 | A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime. | ||
| CVE-2023-37580 | 0.20 | — | 0.59 | KEV | Jul 31, 2023 | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | ||
| CVE-2023-38606 | 0.12 | — | 0.01 | KEV | Jul 26, 2023 | This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state.… | ||
| CVE-2023-37450 | 0.12 | — | 0.18 | KEV | Jul 26, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been… | ||
| CVE-2023-35078 | 0.26 | — | 1.00 | KEV | Jul 25, 2023 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | ||
| CVE-2023-38203 | 0.26 | — | 0.97 | KEV | Jul 20, 2023 | Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | ||
| CVE-2023-3519 | 0.28 | — | 0.99 | KEV | Jul 19, 2023 | Unauthenticated remote code execution | ||
| CVE-2023-29300 | 0.26 | — | 1.00 | KEV | Jul 12, 2023 | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | ||
| CVE-2023-29298 | 0.20 | — | 1.00 | KEV | Jul 12, 2023 | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the… | ||
| CVE-2023-36884 | 0.25 | — | 0.99 | KEV | Jul 11, 2023 | Windows Search Remote Code Execution Vulnerability | ||
| CVE-2023-35311 | 0.12 | — | 0.15 | KEV | Jul 11, 2023 | Microsoft Outlook Security Feature Bypass Vulnerability | ||
| CVE-2023-36874 | 0.21 | — | 0.32 | KEV | Jul 11, 2023 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ||
| CVE-2023-32049 | 0.13 | — | 0.04 | KEV | Jul 11, 2023 | Windows SmartScreen Security Feature Bypass Vulnerability | ||
| CVE-2023-32046 | 0.15 | — | 0.09 | KEV | Jul 11, 2023 | Windows MSHTML Platform Elevation of Privilege Vulnerability | ||
| CVE-2023-24489 | 0.20 | — | 0.95 | KEV | Jul 10, 2023 | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | ||
| CVE-2023-34192 | 0.19 | — | 0.77 | KEV | Jul 6, 2023 | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | ||
| CVE-2023-21237 | 0.12 | — | 0.00 | KEV | Jun 28, 2023 | In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | ||
| CVE-2023-32435 | 0.12 | — | 0.23 | KEV | Jun 23, 2023 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that… | ||
| CVE-2023-32434 | 0.16 | — | 0.52 | KEV | Jun 23, 2023 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute… | ||
| CVE-2023-32439 | 0.12 | — | 0.24 | KEV | Jun 23, 2023 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a… | ||
| CVE-2023-32373 | 0.12 | — | 0.12 | KEV | Jun 23, 2023 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code… | ||
| CVE-2023-28204 | 0.12 | — | 0.14 | KEV | Jun 23, 2023 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware… | ||
| CVE-2023-32409 | 0.12 | — | 0.17 | KEV | Jun 23, 2023 | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a… | ||
| CVE-2023-2533 | 0.15 | — | 0.29 | KEV | Jun 20, 2023 | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current… | ||
| CVE-2023-27992 | 0.19 | — | 0.84 | KEV | Jun 19, 2023 | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to… | ||
| CVE-2023-29360 | 0.14 | — | 0.22 | KEV | Jun 13, 2023 | Microsoft Streaming Service Elevation of Privilege Vulnerability | ||
| CVE-2023-29357 | 0.29 | — | 1.00 | KEV | Jun 13, 2023 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||
| CVE-2023-20867 | 0.12 | — | 0.14 | KEV | Jun 13, 2023 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | ||
| CVE-2023-27997 | 0.25 | — | 0.86 | KEV | Jun 13, 2023 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all… | ||
| CVE-2023-20887 | 0.23 | — | 0.98 | KEV | Jun 7, 2023 | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | ||
| CVE-2023-33538 | 0.19 | — | 0.42 | KEV | Jun 7, 2023 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | ||
| CVE-2023-3079 | 0.12 | — | 0.33 | KEV | Jun 5, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-34362 | 0.29 | — | 1.00 | KEV | Jun 2, 2023 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access… | ||
| CVE-2023-32315 | 0.16 | — | 1.00 | KEV | May 26, 2023 | Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the… | ||
| CVE-2023-2868 | 0.22 | — | 0.87 | KEV | May 24, 2023 | A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape… | ||
| CVE-2023-33246 | 0.16 | — | 0.97 | KEV | May 24, 2023 | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit… | ||
| CVE-2023-33009 | 0.12 | — | 0.28 | KEV | May 24, 2023 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions… | ||
| CVE-2023-33010 | 0.13 | — | 0.29 | KEV | May 24, 2023 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions… | ||
| CVE-2023-29336 | 0.21 | — | 0.41 | KEV | May 9, 2023 | Win32k Elevation of Privilege Vulnerability |
- risk 0.26cvss —epss 0.85
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate…
- risk 0.29cvss —epss 0.98
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the…
- risk 0.29cvss —epss 1.00
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
- risk 0.20cvss —epss 0.94
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require…
- risk 0.23cvss —epss 0.94
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to…
- risk 0.20cvss —epss 0.90
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP…
- risk 0.20cvss —epss 0.85
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't…
- risk 0.26cvss —epss 1.00
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
- risk 0.12cvss —epss 0.03
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
- risk 0.12cvss —epss 0.16
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.19cvss —epss 0.63
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
- risk 0.19cvss —epss 0.85
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
- risk 0.20cvss —epss 0.59
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
- risk 0.12cvss —epss 0.01
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state.…
- risk 0.12cvss —epss 0.18
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been…
- risk 0.26cvss —epss 1.00
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
- risk 0.26cvss —epss 0.97
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
- risk 0.28cvss —epss 0.99
Unauthenticated remote code execution
- risk 0.26cvss —epss 1.00
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
- risk 0.20cvss —epss 1.00
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the…
- risk 0.25cvss —epss 0.99
Windows Search Remote Code Execution Vulnerability
- risk 0.12cvss —epss 0.15
Microsoft Outlook Security Feature Bypass Vulnerability
- risk 0.21cvss —epss 0.32
Windows Error Reporting Service Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.04
Windows SmartScreen Security Feature Bypass Vulnerability
- risk 0.15cvss —epss 0.09
Windows MSHTML Platform Elevation of Privilege Vulnerability
- risk 0.20cvss —epss 0.95
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
- risk 0.19cvss —epss 0.77
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
- risk 0.12cvss —epss 0.00
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- risk 0.12cvss —epss 0.23
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that…
- risk 0.16cvss —epss 0.52
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute…
- risk 0.12cvss —epss 0.24
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a…
- risk 0.12cvss —epss 0.12
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code…
- risk 0.12cvss —epss 0.14
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware…
- risk 0.12cvss —epss 0.17
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a…
- risk 0.15cvss —epss 0.29
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current…
- risk 0.19cvss —epss 0.84
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to…
- risk 0.14cvss —epss 0.22
Microsoft Streaming Service Elevation of Privilege Vulnerability
- risk 0.29cvss —epss 1.00
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.14
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
- risk 0.25cvss —epss 0.86
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all…
- risk 0.23cvss —epss 0.98
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
- risk 0.19cvss —epss 0.42
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
- risk 0.12cvss —epss 0.33
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.29cvss —epss 1.00
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access…
- risk 0.16cvss —epss 1.00
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the…
- risk 0.22cvss —epss 0.87
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape…
- risk 0.16cvss —epss 0.97
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit…
- risk 0.12cvss —epss 0.28
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions…
- risk 0.13cvss —epss 0.29
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions…
- risk 0.21cvss —epss 0.41
Win32k Elevation of Privilege Vulnerability