Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-23222 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2024-23222)
vulnerability in Apple multiple-products (CVE-2024-23222). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-34048 KEV |
|
[KEV] Out-of-Bounds Write in Vmware vcenter-server (CVE-2023-34048)
out-of-bounds write in Vmware vcenter-server (CVE-2023-34048). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-51946 |
|
Cross-Site Scripting (XSS) in actidata (CVE-2023-51946)
cross-site scripting in actidata (CVE-2023-51946). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-51947 |
|
Vulnerability in actidata (CVE-2023-51947)
vulnerability in actidata (CVE-2023-51947). Confidential information can be exposed externally.
|
| CVE-2023-35082 KEV |
|
[KEV] Authentication Bypass in Ivanti endpoint-manager-mobile-epmm-and-mobileiron-core (CVE-2023-35082)
authentication bypass in Ivanti endpoint-manager-mobile-epmm-and-mobileiron-core (CVE-2023-35082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6549 KEV |
|
[KEV] Buffer Overflow in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6549)
vulnerability in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6549). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6548 KEV |
|
[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548)
code injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-0519 KEV |
|
[KEV] Out-of-Bounds Write in Google chromium-v8 (CVE-2024-0519)
out-of-bounds write in Google chromium-v8 (CVE-2024-0519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-15133 KEV |
|
[KEV] Unsafe Deserialization in laravel (CVE-2018-15133)
vulnerability in laravel (CVE-2018-15133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46474 |
|
Unrestricted File Upload in sigb (CVE-2023-46474)
vulnerability in sigb (CVE-2023-46474). Successful exploitation can lead to full system takeover.
|
| CVE-2023-29357 KEV |
|
[KEV] Vulnerability in Microsoft sharepoint-server (CVE-2023-29357)
vulnerability in Microsoft sharepoint-server (CVE-2023-29357). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46805 KEV |
|
[KEV] Authentication Bypass in Ivanti connect-secure-and-policy-secure (CVE-2023-46805)
authentication bypass in Ivanti connect-secure-and-policy-secure (CVE-2023-46805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21887 KEV |
|
[KEV] Command Injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887)
command injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6129 |
|
Vulnerability in dos (CVE-2023-6129)
vulnerability in dos (CVE-2023-6129). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-27098 |
|
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
|
| CVE-2023-27524 KEV |
|
[KEV] Vulnerability in Apache superset (CVE-2023-27524)
vulnerability in Apache superset (CVE-2023-27524). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-20017 KEV |
|
[KEV] Command Injection in D-link dsl-2750b-devices (CVE-2016-20017)
command injection in D-link dsl-2750b-devices (CVE-2016-20017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23752 KEV |
|
[KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-29300 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-29300)
vulnerability in Adobe coldfusion (CVE-2023-29300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38203 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-38203)
vulnerability in Adobe coldfusion (CVE-2023-38203). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41990 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2023-41990)
vulnerability in Apple multiple-products (CVE-2023-41990). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-0241 |
|
Vulnerability in rails (CVE-2024-0241)
vulnerability in rails (CVE-2024-0241). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37607 |
|
Path Traversal in path-traversal (CVE-2023-37607)
path traversal in path-traversal (CVE-2023-37607). Confidential information can be exposed externally.
|
| CVE-2024-0193 |
|
Use-After-Free in redhat (CVE-2024-0193)
vulnerability in redhat (CVE-2024-0193). Successful exploitation can lead to full system takeover.
|
| CVE-2023-7024 KEV |
|
[KEV] Out-of-Bounds Write in Google chromium-webrtc (CVE-2023-7024)
out-of-bounds write in Google chromium-webrtc (CVE-2023-7024). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-7101 KEV |
|
[KEV] Vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101)
vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-50470 |
|
Cross-Site Scripting (XSS) in seacms (CVE-2023-50470)
cross-site scripting in seacms (CVE-2023-50470). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-46987 |
|
Code Injection in seacms (CVE-2023-46987)
code injection in seacms (CVE-2023-46987). Successful exploitation can lead to full system takeover.
|
| CVE-2023-51767 |
|
Vulnerability in openbsd (CVE-2023-51767)
vulnerability in openbsd (CVE-2023-51767). Successful exploitation can lead to full system takeover.
|
| CVE-2023-49897 KEV |
|
[KEV] OS Command Injection in Fxc ae1021 (CVE-2023-49897)
OS command injection in Fxc ae1021 (CVE-2023-49897). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-47565 KEV |
|
[KEV] OS Command Injection in Qnap viostor-nvr (CVE-2023-47565)
OS command injection in Qnap viostor-nvr (CVE-2023-47565). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-50988 |
|
Out-of-Bounds Write in tenda (CVE-2023-50988)
out-of-bounds write in tenda (CVE-2023-50988). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50989 |
|
Command Injection in tenda (CVE-2023-50989)
command injection in tenda (CVE-2023-50989). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50990 |
|
Out-of-Bounds Write in tenda (CVE-2023-50990)
out-of-bounds write in tenda (CVE-2023-50990). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50992 |
|
Out-of-Bounds Write in tenda (CVE-2023-50992)
out-of-bounds write in tenda (CVE-2023-50992). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50983 |
|
Command Injection in tenda (CVE-2023-50983)
command injection in tenda (CVE-2023-50983). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50984 |
|
Out-of-Bounds Write in tenda (CVE-2023-50984)
out-of-bounds write in tenda (CVE-2023-50984). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50985 |
|
Out-of-Bounds Write in tenda (CVE-2023-50985)
out-of-bounds write in tenda (CVE-2023-50985). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50986 |
|
Out-of-Bounds Write in tenda (CVE-2023-50986)
out-of-bounds write in tenda (CVE-2023-50986). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50987 |
|
Out-of-Bounds Write in tenda (CVE-2023-50987)
out-of-bounds write in tenda (CVE-2023-50987). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6931 |
|
Out-of-Bounds Write in privilege-escalation (CVE-2023-6931)
out-of-bounds write in privilege-escalation (CVE-2023-6931). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6932 |
|
Use-After-Free in privilege-escalation (CVE-2023-6932)
vulnerability in privilege-escalation (CVE-2023-6932). Successful exploitation can lead to full system takeover.
|
| CVE-2023-51385 |
|
OS Command Injection in openbsd (CVE-2023-51385)
OS command injection in openbsd (CVE-2023-51385). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-51384 |
|
Vulnerability in openbsd (CVE-2023-51384)
vulnerability in openbsd (CVE-2023-51384). Confidential information can be exposed externally.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-6817 |
|
Use-After-Free in privilege-escalation (CVE-2023-6817)
vulnerability in privilege-escalation (CVE-2023-6817). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50918 |
|
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
|
| CVE-2023-36009 |
|
Microsoft Word Information Disclosure Vulnerability
Microsoft Word Information Disclosure Vulnerability
|
| CVE-2023-49494 |
|
Cross-Site Scripting (XSS) in dedecms (CVE-2023-49494)
cross-site scripting in dedecms (CVE-2023-49494). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-6448 KEV |
|
[KEV] Vulnerability in Unitronics vision-plc-and-hmi (CVE-2023-6448)
vulnerability in Unitronics vision-plc-and-hmi (CVE-2023-6448). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|