Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-26369 KEV |
|
[KEV] Out-of-Bounds Write in Adobe acrobat-and-reader (CVE-2023-26369)
out-of-bounds write in Adobe acrobat-and-reader (CVE-2023-26369). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-4039 |
|
Vulnerability in gnu (CVE-2023-4039)
vulnerability in gnu (CVE-2023-4039). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-20269 KEV |
|
[KEV] Vulnerability in Cisco adaptive-security-appliance-and-firepower-threat-defense (CVE-2023-20269)
vulnerability in Cisco adaptive-security-appliance-and-firepower-threat-defense (CVE-2023-20269). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-35674 KEV |
|
[KEV] Vulnerability in Android platform/frameworks/base (CVE-2023-35674)
vulnerability in Android platform/frameworks/base (CVE-2023-35674). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `13:2023-09-01` or later.
|
| CVE-2023-4863 KEV |
|
[KEV] Out-of-Bounds Write in Google chromium-webp (CVE-2023-4863)
out-of-bounds write in Google chromium-webp (CVE-2023-4863). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-36761 KEV |
|
[KEV] Vulnerability in Microsoft word (CVE-2023-36761)
vulnerability in Microsoft word (CVE-2023-36761). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-36802 KEV |
|
[KEV] Use-After-Free in Microsoft streaming-service-proxy (CVE-2023-36802)
vulnerability in Microsoft streaming-service-proxy (CVE-2023-36802). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41064 KEV |
|
[KEV] Vulnerability in Apple ios (CVE-2023-41064)
vulnerability in Apple ios (CVE-2023-41064). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41061 KEV |
|
[KEV] Vulnerability in Apple ios (CVE-2023-41061)
vulnerability in Apple ios (CVE-2023-41061). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-45811 |
|
SQL Injection in sqli (CVE-2021-45811)
SQL injection in sqli (CVE-2021-45811). Confidential information can be exposed externally.
|
| CVE-2023-33246 KEV |
|
[KEV] Code Injection in Apache rocketmq (CVE-2023-33246)
code injection in Apache rocketmq (CVE-2023-33246). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-4781 |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
|
| CVE-2023-4733 |
|
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
|
| CVE-2023-4750 |
|
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
|
| CVE-2023-4736 |
|
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
|
| CVE-2023-4735 |
|
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
|
| CVE-2023-4734 |
|
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
|
| CVE-2023-38831 KEV |
|
[KEV] Vulnerability in Rarlab winrar (CVE-2023-38831)
vulnerability in Rarlab winrar (CVE-2023-38831). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-32315 KEV |
|
[KEV] Path Traversal in Ignite realtime ignite-realtime (CVE-2023-32315)
path traversal in Ignite realtime ignite-realtime (CVE-2023-32315). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41098 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2023-41098)
cross-site scripting in misp-project (CVE-2023-41098). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-38035 KEV |
|
[KEV] Authorization Flaw in Ivanti sentry (CVE-2023-38035)
vulnerability in Ivanti sentry (CVE-2023-38035). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27532 KEV |
|
[KEV] Vulnerability in Veeam backup-replication (CVE-2023-27532)
vulnerability in Veeam backup-replication (CVE-2023-27532). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39785 |
|
Out-of-Bounds Write in tenda (CVE-2023-39785)
out-of-bounds write in tenda (CVE-2023-39785). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39786 |
|
Out-of-Bounds Write in tenda (CVE-2023-39786)
out-of-bounds write in tenda (CVE-2023-39786). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39807 |
|
SQL Injection in sqli (CVE-2023-39807)
SQL injection in sqli (CVE-2023-39807). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39809 |
|
Command Injection in nvki (CVE-2023-39809)
command injection in nvki (CVE-2023-39809). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39784 |
|
Out-of-Bounds Write in tenda (CVE-2023-39784)
out-of-bounds write in tenda (CVE-2023-39784). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-26359 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-26359)
vulnerability in Adobe coldfusion (CVE-2023-26359). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38838 |
|
SQL Injection in sqli (CVE-2023-38838)
SQL injection in sqli (CVE-2023-38838). Confidential information can be exposed externally.
|
| CVE-2023-24489 KEV |
|
[KEV] Vulnerability in Citrix content-collaboration (CVE-2023-24489)
vulnerability in Citrix content-collaboration (CVE-2023-24489). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39805 |
|
SQL Injection in sqli (CVE-2023-39805)
SQL injection in sqli (CVE-2023-39805). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38180 KEV |
|
[KEV] Vulnerability in Microsoft net-core-and-visual-studio (CVE-2023-38180)
vulnerability in Microsoft net-core-and-visual-studio (CVE-2023-38180). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39086 |
|
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.
|
| CVE-2023-36897 |
|
Visual Studio Tools for Office Runtime Spoofing Vulnerability
Visual Studio Tools for Office Runtime Spoofing Vulnerability
|
| CVE-2017-18368 KEV |
|
[KEV] OS Command Injection in Zyxel p660hn-t1a-routers (CVE-2017-18368)
OS command injection in Zyxel p660hn-t1a-routers (CVE-2017-18368). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38952 |
|
Vulnerability in zkteco (CVE-2023-38952)
vulnerability in zkteco (CVE-2023-38952). Confidential information can be exposed externally.
|
| CVE-2023-38951 |
|
Path Traversal in path-traversal (CVE-2023-38951)
path traversal in path-traversal (CVE-2023-38951). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38949 |
|
Vulnerability in zkteco (CVE-2023-38949)
vulnerability in zkteco (CVE-2023-38949). Data can be tampered with by attackers.
|
| CVE-2023-38954 |
|
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
|
| CVE-2023-38955 |
|
Vulnerability in zkteco (CVE-2023-38955)
vulnerability in zkteco (CVE-2023-38955). Confidential information can be exposed externally.
|
| CVE-2023-38956 |
|
Path Traversal in path-traversal (CVE-2023-38956)
path traversal in path-traversal (CVE-2023-38956). Confidential information can be exposed externally.
|
| CVE-2023-38958 |
|
Authorization Flaw in zkteco (CVE-2023-38958)
vulnerability in zkteco (CVE-2023-38958). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-38559 |
|
Out-of-Bounds Read in c (CVE-2023-38559)
vulnerability in c (CVE-2023-38559). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-34842 |
|
Code Injection in dedecms (CVE-2023-34842)
code injection in dedecms (CVE-2023-34842). Successful exploitation can lead to full system takeover.
|
| CVE-2023-37647 |
|
SQL Injection in sqli (CVE-2023-37647)
SQL injection in sqli (CVE-2023-37647). Successful exploitation can lead to full system takeover.
|
| CVE-2023-35081 KEV |
|
[KEV] Path Traversal in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35081)
path traversal in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35081). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-37580 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2023-37580)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2023-37580). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-26911 |
|
Vulnerability in asus (CVE-2023-26911)
vulnerability in asus (CVE-2023-26911). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38606 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2023-38606)
vulnerability in Apple multiple-products (CVE-2023-38606). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-35078 KEV |
|
[KEV] Authentication Bypass in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35078)
authentication bypass in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35078). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|