Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2021-27876 KEV [KEV] Authentication Bypass in Veritas backup-exec-agent (CVE-2021-27876)
authentication bypass in Veritas backup-exec-agent (CVE-2021-27876). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-27877 KEV [KEV] Authentication Bypass in Veritas backup-exec-agent (CVE-2021-27877)
authentication bypass in Veritas backup-exec-agent (CVE-2021-27877). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-27878 KEV [KEV] Authentication Bypass in Veritas backup-exec-agent (CVE-2021-27878)
authentication bypass in Veritas backup-exec-agent (CVE-2021-27878). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-1388 KEV [KEV] Privilege Escalation in Microsoft windows (CVE-2019-1388)
vulnerability in Microsoft windows (CVE-2019-1388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-26083 KEV [KEV] Vulnerability in Arm mali-graphics-processing-unit-gpu (CVE-2023-26083)
vulnerability in Arm mali-graphics-processing-unit-gpu (CVE-2023-26083). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-27926 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27926)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27926). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-27160 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27160)
SSRF in ssrf (CVE-2023-27160). Successful exploitation can lead to full system takeover.
CVE-2023-27159 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27159)
SSRF in ssrf (CVE-2023-27159). Confidential information can be exposed externally.
CVE-2023-1014 Vulnerability in dizayn (CVE-2023-1014)
vulnerability in dizayn (CVE-2023-1014). Confidential information can be exposed externally.
CVE-2013-3163 KEV [KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)
code injection in Microsoft internet-explorer (CVE-2013-3163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-7494 KEV [KEV] Code Injection in samba (CVE-2017-7494)
code injection in samba (CVE-2017-7494). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-42948 KEV [KEV] Cross-Site Scripting (XSS) in Fortra cobalt-strike (CVE-2022-42948)
cross-site scripting in Fortra cobalt-strike (CVE-2022-42948). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-39197 KEV [KEV] Vulnerability in Fortra cobalt-strike (CVE-2022-39197)
vulnerability in Fortra cobalt-strike (CVE-2022-39197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-30900 KEV [KEV] Vulnerability in Apple ios (CVE-2021-30900)
vulnerability in Apple ios (CVE-2021-30900). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-38181 KEV [KEV] Use-After-Free in Arm :unknown: (CVE-2022-38181)
vulnerability in Arm :unknown: (CVE-2022-38181). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-04-05` or later.
CVE-2023-0266 KEV [KEV] Use-After-Free in Linux kernel (CVE-2023-0266)
vulnerability in Linux kernel (CVE-2023-0266). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-3038 KEV [KEV] Use-After-Free in Google chromium-network-service (CVE-2022-3038)
vulnerability in Google chromium-network-service (CVE-2022-3038). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22706 KEV [KEV] Buffer Overflow in Arm :unknown: (CVE-2022-22706)
vulnerability in Arm :unknown: (CVE-2022-22706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-06-05` or later.
CVE-2023-1652 Use-After-Free in c (CVE-2023-1652)
vulnerability in c (CVE-2023-1652). Confidential information can be exposed externally.
CVE-2023-25260 Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
CVE-2023-25262 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-25262)
SSRF in ssrf (CVE-2023-25262). Confidential information can be exposed externally.
CVE-2023-24094 Out-of-Bounds Write in dos (CVE-2023-24094)
out-of-bounds write in dos (CVE-2023-24094). Risk of unauthorized operations or information disclosure.
CVE-2023-1462 Vulnerability in vadi (CVE-2023-1462)
vulnerability in vadi (CVE-2023-1462). Successful exploitation can lead to full system takeover.
CVE-2023-26769 Vulnerability in c (CVE-2023-26769)
vulnerability in c (CVE-2023-26769). Risk of unauthorized operations or information disclosure.
CVE-2023-26360 KEV [KEV] Vulnerability in Adobe coldfusion (CVE-2023-26360)
vulnerability in Adobe coldfusion (CVE-2023-26360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-23398 Microsoft Excel Spoofing Vulnerability
Microsoft Excel Spoofing Vulnerability
CVE-2023-23397 KEV [KEV] Vulnerability in Microsoft office (CVE-2023-23397)
vulnerability in Microsoft office (CVE-2023-23397). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-24880 KEV [KEV] Authorization Flaw in Microsoft windows (CVE-2023-24880)
vulnerability in Microsoft windows (CVE-2023-24880). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-41328 KEV [KEV] Path Traversal in Fortinet fortios (CVE-2022-41328)
path traversal in Fortinet fortios (CVE-2022-41328). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-23328 Unrestricted File Upload in avantfax (CVE-2023-23328)
vulnerability in avantfax (CVE-2023-23328). Successful exploitation can lead to full system takeover.
CVE-2023-1246 Vulnerability in saysis (CVE-2023-1246)
vulnerability in saysis (CVE-2023-1246). Confidential information can be exposed externally.
CVE-2023-27161 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27161)
SSRF in ssrf (CVE-2023-27161). Confidential information can be exposed externally.
CVE-2021-39144 KEV [KEV] Code Injection in xstream (CVE-2021-39144)
code injection in xstream (CVE-2021-39144). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-5741 KEV [KEV] Unsafe Deserialization in Plex media-server (CVE-2020-5741)
vulnerability in Plex media-server (CVE-2020-5741). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-28810 KEV [KEV] OS Command Injection in Zoho manageengine (CVE-2022-28810)
OS command injection in Zoho manageengine (CVE-2022-28810). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-33891 KEV [KEV] OS Command Injection in Apache pyspark (CVE-2022-33891)
OS command injection in Apache pyspark (CVE-2022-33891). Successful exploitation can lead to full system takeover. Exploitable via ``spark.acls.enable``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `3.2.2` or later.
CVE-2022-35914 KEV [KEV] Vulnerability in Teclib glpi (CVE-2022-35914)
vulnerability in Teclib glpi (CVE-2022-35914). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-45552 Vulnerability in zbt (CVE-2022-45552)
vulnerability in zbt (CVE-2022-45552). Confidential information can be exposed externally.
CVE-2022-45608 Privilege Escalation in thingsboard (CVE-2022-45608)
vulnerability in thingsboard (CVE-2022-45608). Successful exploitation can lead to full system takeover.
CVE-2021-3855 Command Injection in liman (CVE-2021-3855)
command injection in liman (CVE-2021-3855). Successful exploitation can lead to full system takeover.
CVE-2022-45697 Vulnerability in razer (CVE-2022-45697)
vulnerability in razer (CVE-2022-45697). Successful exploitation can lead to full system takeover.
CVE-2022-36537 KEV [KEV] Vulnerability in Zk framework zk-framework (CVE-2022-36537)
vulnerability in Zk framework zk-framework (CVE-2022-36537). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-48363 Vulnerability in musicpd (CVE-2022-48363)
vulnerability in musicpd (CVE-2022-48363). Risk of unauthorized operations or information disclosure.
CVE-2023-24317 Unrestricted File Upload in judging-management-system-project (CVE-2023-24317)
vulnerability in judging-management-system-project (CVE-2023-24317). Confidential information can be exposed externally.
CVE-2023-26314 Vulnerability in dos (CVE-2023-26314)
vulnerability in dos (CVE-2023-26314). Successful exploitation can lead to full system takeover.
CVE-2022-47986 KEV [KEV] Unsafe Deserialization in Ibm aspera-faspex (CVE-2022-47986)
vulnerability in Ibm aspera-faspex (CVE-2022-47986). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-41223 KEV [KEV] Code Injection in Mitel mivoice-connect (CVE-2022-41223)
code injection in Mitel mivoice-connect (CVE-2022-41223). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-40765 KEV [KEV] Command Injection in Mitel mivoice-connect (CVE-2022-40765)
command injection in Mitel mivoice-connect (CVE-2022-40765). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-45701 Command Injection in commscope (CVE-2022-45701)
command injection in commscope (CVE-2022-45701). Successful exploitation can lead to full system takeover.
CVE-2023-0882 Vulnerability in krontech (CVE-2023-0882)
vulnerability in krontech (CVE-2023-0882). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →