Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-39197 KEV |
|
[KEV] Vulnerability in Fortra cobalt-strike (CVE-2022-39197)
vulnerability in Fortra cobalt-strike (CVE-2022-39197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-38181 KEV |
|
[KEV] Use-After-Free in Arm :unknown: (CVE-2022-38181)
vulnerability in Arm :unknown: (CVE-2022-38181). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-04-05` or later.
|
| CVE-2022-22706 KEV |
|
[KEV] Buffer Overflow in Arm :unknown: (CVE-2022-22706)
vulnerability in Arm :unknown: (CVE-2022-22706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-06-05` or later.
|
| CVE-2017-7494 KEV |
|
[KEV] Code Injection in samba (CVE-2017-7494)
code injection in samba (CVE-2017-7494). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-0266 KEV |
|
[KEV] Use-After-Free in Linux kernel (CVE-2023-0266)
vulnerability in Linux kernel (CVE-2023-0266). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-3038 KEV |
|
[KEV] Use-After-Free in Google chromium-network-service (CVE-2022-3038)
vulnerability in Google chromium-network-service (CVE-2022-3038). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-30900 KEV |
|
[KEV] Vulnerability in Apple ios (CVE-2021-30900)
vulnerability in Apple ios (CVE-2021-30900). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-3163 KEV |
|
[KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)
code injection in Microsoft internet-explorer (CVE-2013-3163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-1652 |
|
Use-After-Free in c (CVE-2023-1652)
vulnerability in c (CVE-2023-1652). Confidential information can be exposed externally.
|
| CVE-2023-24094 |
|
Out-of-Bounds Write in dos (CVE-2023-24094)
out-of-bounds write in dos (CVE-2023-24094). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-28884 |
|
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
|
| CVE-2023-28531 |
|
Vulnerability in openbsd (CVE-2023-28531)
vulnerability in openbsd (CVE-2023-28531). Successful exploitation can lead to full system takeover.
|
| CVE-2023-26360 KEV |
|
[KEV] Vulnerability in Adobe coldfusion (CVE-2023-26360)
vulnerability in Adobe coldfusion (CVE-2023-26360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23398 |
|
Microsoft Excel Spoofing Vulnerability
Microsoft Excel Spoofing Vulnerability
|
| CVE-2023-23391 |
|
Office for Android Spoofing Vulnerability
Office for Android Spoofing Vulnerability
|
| CVE-2022-41328 KEV |
|
[KEV] Path Traversal in Fortinet fortios (CVE-2022-41328)
path traversal in Fortinet fortios (CVE-2022-41328). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23397 KEV |
|
[KEV] Vulnerability in Microsoft office (CVE-2023-23397)
vulnerability in Microsoft office (CVE-2023-23397). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-24880 KEV |
|
[KEV] Authorization Flaw in Microsoft windows (CVE-2023-24880)
vulnerability in Microsoft windows (CVE-2023-24880). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23328 |
|
Unrestricted File Upload in avantfax (CVE-2023-23328)
vulnerability in avantfax (CVE-2023-23328). Successful exploitation can lead to full system takeover.
|
| CVE-2021-39144 KEV |
|
[KEV] Code Injection in xstream (CVE-2021-39144)
code injection in xstream (CVE-2021-39144). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-5741 KEV |
|
[KEV] Unsafe Deserialization in Plex media-server (CVE-2020-5741)
vulnerability in Plex media-server (CVE-2020-5741). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-33891 KEV |
|
[KEV] OS Command Injection in Apache pyspark (CVE-2022-33891)
OS command injection in Apache pyspark (CVE-2022-33891). Successful exploitation can lead to full system takeover. Exploitable via ``spark.acls.enable``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2022-28810 KEV |
|
[KEV] OS Command Injection in Zoho manageengine (CVE-2022-28810)
OS command injection in Zoho manageengine (CVE-2022-28810). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-35914 KEV |
|
[KEV] Vulnerability in Teclib glpi (CVE-2022-35914)
vulnerability in Teclib glpi (CVE-2022-35914). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-42248 |
|
Cross-Site Scripting (XSS) in qlik (CVE-2022-42248)
cross-site scripting in qlik (CVE-2022-42248). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-35377 |
|
Cross-Site Scripting (XSS) in vicidial (CVE-2021-35377)
cross-site scripting in vicidial (CVE-2021-35377). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-36537 KEV |
|
[KEV] Vulnerability in Zk framework zk-framework (CVE-2022-36537)
vulnerability in Zk framework zk-framework (CVE-2022-36537). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-24317 |
|
Unrestricted File Upload in judging-management-system-project (CVE-2023-24317)
vulnerability in judging-management-system-project (CVE-2023-24317). Confidential information can be exposed externally.
|
| CVE-2022-41223 KEV |
|
[KEV] Code Injection in Mitel mivoice-connect (CVE-2022-41223)
code injection in Mitel mivoice-connect (CVE-2022-41223). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-40765 KEV |
|
[KEV] Command Injection in Mitel mivoice-connect (CVE-2022-40765)
command injection in Mitel mivoice-connect (CVE-2022-40765). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-47986 KEV |
|
[KEV] Unsafe Deserialization in Ibm aspera-faspex (CVE-2022-47986)
vulnerability in Ibm aspera-faspex (CVE-2022-47986). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-48328 |
|
Vulnerability in misp-project (CVE-2022-48328)
vulnerability in misp-project (CVE-2022-48328). Successful exploitation can lead to full system takeover.
|
| CVE-2022-48329 |
|
Vulnerability in misp-project (CVE-2022-48329)
vulnerability in misp-project (CVE-2022-48329). Successful exploitation can lead to full system takeover.
|
| CVE-2023-0882 |
|
Vulnerability in krontech (CVE-2023-0882)
vulnerability in krontech (CVE-2023-0882). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46169 KEV |
|
[KEV] Vulnerability in cacti (CVE-2022-46169)
vulnerability in cacti (CVE-2022-46169). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23529 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2023-23529)
vulnerability in Apple multiple-products (CVE-2023-23529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21715 KEV |
|
[KEV] Authorization Flaw in Microsoft office (CVE-2023-21715)
vulnerability in Microsoft office (CVE-2023-21715). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23376 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2023-23376)
vulnerability in Microsoft windows (CVE-2023-23376). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21823 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2023-21823)
vulnerability in Microsoft windows (CVE-2023-21823). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-45088 |
|
Vulnerability in gruparge (CVE-2022-45088)
vulnerability in gruparge (CVE-2022-45088). Successful exploitation can lead to full system takeover.
|
| CVE-2023-0669 KEV |
|
[KEV] Unsafe Deserialization in Fortra goanywhere-mft (CVE-2023-0669)
vulnerability in Fortra goanywhere-mft (CVE-2023-0669). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-2291 KEV |
|
[KEV] Vulnerability in Intel ethernet-diagnostics-driver-for-windows (CVE-2015-2291)
vulnerability in Intel ethernet-diagnostics-driver-for-windows (CVE-2015-2291). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24990 KEV |
|
[KEV] Vulnerability in terramaster (CVE-2022-24990)
vulnerability in terramaster (CVE-2022-24990). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-25136 |
|
Vulnerability in openbsd (CVE-2023-25136)
vulnerability in openbsd (CVE-2023-25136). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21587 KEV |
|
[KEV] Vulnerability in Oracle e-business-suite (CVE-2022-21587)
vulnerability in Oracle e-business-suite (CVE-2022-21587). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-22952 KEV |
|
[KEV] Vulnerability in Sugarcrm multiple-products (CVE-2023-22952)
vulnerability in Sugarcrm multiple-products (CVE-2023-22952). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-31902 |
|
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().
|
| CVE-2020-22452 |
|
SQL Injection in sqli (CVE-2020-22452)
SQL injection in sqli (CVE-2020-22452). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11357 KEV |
|
[KEV] Vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11357)
vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11357). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-47966 KEV |
|
[KEV] Vulnerability in Zoho manageengine (CVE-2022-47966)
vulnerability in Zoho manageengine (CVE-2022-47966). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|