CISA Known Exploited Vulnerabilities that may lack vendor patches
Last updated: 2025-12-24 04:52 UTC | Total KEV entries: 1483
| CVE ↕ | CVSS ↕ | Vendor ↕ | Product ↕ | Status ↕ | Ransomware ↕ | Published ↕ | KEV Added ↓ | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52163 | 8.8 | Digiever | DS-2105 Pro | Unpatched | Unknown | 2025-02-03 | 2025-12-22 | Digiever DS-2105 Pro contains a missing authorization vulner... |
| CVE-2025-14733 | 9.8 | WatchGuard | Firebox | Mitigation | Unknown | 2025-12-19 | 2025-12-19 | WatchGuard Fireware OS iked process contains an out of bound... |
| CVE-2025-59374 | 9.8 | ASUS | Live Update | Mitigation | Unknown | 2025-12-17 | 2025-12-17 | ASUS Live Update contains an embedded malicious code vulnera... |
| CVE-2025-40602 | 6.6 | SonicWall | SMA1000 appliance | Mitigation | Unknown | 2025-12-18 | 2025-12-17 | SonicWall SMA1000 contains a missing authorization vulnerabi... |
| CVE-2025-20393 | 10.0 | Cisco | Multiple Products | Mitigation | Unknown | 2025-12-17 | 2025-12-17 | Cisco Secure Email Gateway, Secure Email, AsyncOS Software, ... |
| CVE-2025-59718 | 9.8 | Fortinet | Multiple Products | Mitigation | Unknown | 2025-12-09 | 2025-12-16 | Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWe... |
| CVE-2025-14611 | 9.8 | Gladinet | CentreStack and Triofox | Unpatched | Unknown | 2025-12-12 | 2025-12-15 | Gladinet CentreStack and TrioFox contain a hardcoded cryptog... |
| CVE-2025-43529 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2025-12-17 | 2025-12-15 | Apple iOS, iPadOS, macOS, and other Apple products contain a... |
| CVE-2018-4063 | 8.8 | Sierra Wireless | AirLink ALEOS | Unpatched | Unknown | 2019-05-06 | 2025-12-12 | Sierra Wireless AirLink ALEOS contains an unrestricted uploa... |
| CVE-2025-14174 | 8.8 | Chromium | Unpatched | Unknown | 2025-12-12 | 2025-12-12 | Google Chromium contains an out of bounds memory access vuln... | |
| CVE-2025-58360 | 8.2 | OSGeo | GeoServer | Mitigation | Unknown | 2025-11-25 | 2025-12-11 | OSGeo GeoServer contains an improper restriction of XML exte... |
| CVE-2025-6218 | 7.8 | RARLAB | WinRAR | Unpatched | Unknown | 2025-06-21 | 2025-12-09 | RARLAB WinRAR contains a path traversal vulnerability allowi... |
| CVE-2025-62221 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-12-09 | 2025-12-09 | Microsoft Windows Cloud Files Mini Filter Driver contains a ... |
| CVE-2025-66644 | 7.2 | Array Networks | ArrayOS AG | Unpatched | Unknown | 2025-12-05 | 2025-12-08 | Array Networks ArrayOS AG contains an OS command injection v... |
| CVE-2022-37055 | 9.8 | D-Link | Routers | Patched | Unknown | 2022-08-28 | 2025-12-08 | D-Link Routers contains a buffer overflow vulnerability that... |
| CVE-2025-55182 | 10.0 | Meta | React Server Components | Patched | Known | 2025-12-03 | 2025-12-05 | Meta React Server Components contains a remote code executio... |
| CVE-2021-26828 | 8.8 | OpenPLC | ScadaBR | Patched | Unknown | 2021-06-11 | 2025-12-03 | OpenPLC ScadaBR contains an unrestricted upload of file with... |
| CVE-2025-48572 | 7.8 | Android | Framework | Mitigation | Unknown | 2025-12-08 | 2025-12-02 | Android Framework contains an unspecified vulnerability that... |
| CVE-2025-48633 | 5.5 | Android | Framework | Patched | Unknown | 2025-12-08 | 2025-12-02 | Android Framework contains an unspecified vulnerability that... |
| CVE-2021-26829 | 5.4 | OpenPLC | ScadaBR | Mitigation | Unknown | 2021-06-11 | 2025-11-28 | OpenPLC ScadaBR contains a cross-site scripting vulnerabilit... |
| CVE-2025-61757 | 9.8 | Oracle | Fusion Middleware | Mitigation | Unknown | 2025-10-21 | 2025-11-21 | Oracle Fusion Middleware contains a missing authentication f... |
| CVE-2025-13223 | 8.8 | Chromium V8 | Mitigation | Unknown | 2025-11-17 | 2025-11-19 | Google Chromium V8 contains a type confusion vulnerability t... | |
| CVE-2025-58034 | 7.2 | Fortinet | FortiWeb | Mitigation | Unknown | 2025-11-18 | 2025-11-18 | Fortinet FortiWeb contains an OS command Injection vulnerabi... |
| CVE-2025-64446 | 9.8 | Fortinet | FortiWeb | Mitigation | Unknown | 2025-11-14 | 2025-11-14 | Fortinet FortiWeb contains a relative path traversal vulnera... |
| CVE-2025-12480 | 9.1 | Gladinet | Triofox | Unpatched | Unknown | 2025-11-10 | 2025-11-12 | Gladinet Triofox contains an improper access control vulnera... |
| CVE-2025-62215 | 7.0 | Microsoft | Windows | Mitigation | Unknown | 2025-11-11 | 2025-11-12 | Microsoft Windows Kernel contains a race condition vulnerabi... |
| CVE-2025-9242 | 9.8 | WatchGuard | Firebox | Mitigation | Unknown | 2025-09-17 | 2025-11-12 | WatchGuard Firebox contains an out-of-bounds write vulnerabi... |
| CVE-2025-21042 | 8.8 | Samsung | Mobile Devices | Mitigation | Unknown | 2025-09-12 | 2025-11-10 | Samsung mobile devices contain an out-of-bounds write vulner... |
| CVE-2025-48703 | 9.0 | CWP | Control Web Panel | Unpatched | Unknown | 2025-09-19 | 2025-11-04 | CWP Control Web Panel (formerly CentOS Web Panel) contains a... |
| CVE-2025-11371 | 7.5 | Gladinet | CentreStack and Triofox | Unpatched | Unknown | 2025-10-09 | 2025-11-04 | Gladinet CentreStack and Triofox contains a files or directo... |
| CVE-2025-41244 | 7.8 | Broadcom | VMware Aria Operations and VMware Tools | Mitigation | Unknown | 2025-09-29 | 2025-10-30 | Broadcom VMware Aria Operations and VMware Tools contain a p... |
| CVE-2025-24893 | 9.8 | XWiki | Platform | Patched | Unknown | 2025-02-20 | 2025-10-30 | XWiki Platform contains an eval injection vulnerability that... |
| CVE-2025-6204 | 8.0 | Dassault Systèmes | DELMIA Apriso | Mitigation | Unknown | 2025-08-04 | 2025-10-28 | Dassault Systèmes DELMIA Apriso contains a code injection vu... |
| CVE-2025-6205 | 9.1 | Dassault Systèmes | DELMIA Apriso | Mitigation | Unknown | 2025-08-04 | 2025-10-28 | Dassault Systèmes DELMIA Apriso contains a missing authoriza... |
| CVE-2025-54236 | 9.1 | Adobe | Commerce and Magento | Mitigation | Unknown | 2025-09-09 | 2025-10-24 | Adobe Commerce and Magento Open Source contain an improper i... |
| CVE-2025-59287 | 9.8 | Microsoft | Windows | Mitigation | Unknown | 2025-10-14 | 2025-10-24 | Microsoft Windows Server Update Service (WSUS) contains a de... |
| CVE-2025-61932 | 9.8 | Motex | LANSCOPE Endpoint Manager | Mitigation | Unknown | 2025-10-20 | 2025-10-22 | Motex LANSCOPE Endpoint Manager contains an improper verific... |
| CVE-2022-48503 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2023-08-14 | 2025-10-20 | Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspe... |
| CVE-2025-33073 | 8.8 | Microsoft | Windows | Mitigation | Unknown | 2025-06-10 | 2025-10-20 | Microsoft Windows SMB Client contains an improper access con... |
| CVE-2025-61884 | 7.5 | Oracle | E-Business Suite | Mitigation | Known | 2025-10-12 | 2025-10-20 | Oracle E-Business Suite contains a server-side request forge... |
| CVE-2025-2746 | 9.8 | Kentico | Xperience CMS | Patched | Unknown | 2025-03-24 | 2025-10-20 | Kentico Xperience CMS contains an authentication bypass usin... |
| CVE-2025-2747 | 9.8 | Kentico | Xperience CMS | Patched | Unknown | 2025-03-24 | 2025-10-20 | Kentico Xperience CMS contains an authentication bypass usin... |
| CVE-2025-54253 | 10.0 | Adobe | Experience Manager (AEM) Forms | Mitigation | Unknown | 2025-08-05 | 2025-10-15 | Adobe Experience Manager Forms in JEE contains an unspecifie... |
| CVE-2025-47827 | 4.6 | IGEL | IGEL OS | Unpatched | Unknown | 2025-06-05 | 2025-10-14 | IGEL OS contains a use of a key past its expiration date vul... |
| CVE-2025-24990 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-10-14 | 2025-10-14 | Microsoft Windows Agere Modem Driver contains an untrusted p... |
| CVE-2025-59230 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-10-14 | 2025-10-14 | Microsoft Windows contains an improper access control vulner... |
| CVE-2016-7836 | 9.8 | SKYSEA | Client View | Mitigation | Unknown | 2017-06-09 | 2025-10-14 | SKYSEA Client View contains an improper authentication vulne... |
| CVE-2021-43798 | 7.5 | Grafana Labs | Grafana | Patched | Unknown | 2021-12-07 | 2025-10-09 | Grafana contains a path traversal vulnerability that could a... |
| CVE-2025-27915 | 5.4 | Synacor | Zimbra Collaboration Suite (ZCS) | Unpatched | Unknown | 2025-03-12 | 2025-10-07 | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-si... |
| CVE-2011-3402 | 8.8 | Microsoft | Windows | Mitigation | Unknown | 2011-11-04 | 2025-10-06 | Microsoft Windows Kernel contains an unspecified vulnerabili... |
| CVE-2010-3765 | 9.8 | Mozilla | Multiple Products | Mitigation | Unknown | 2010-10-28 | 2025-10-06 | Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspe... |
| CVE-2025-61882 | 9.8 | Oracle | E-Business Suite | Mitigation | Known | 2025-10-05 | 2025-10-06 | Oracle E-Business Suite contains an unspecified vulnerabilit... |
| CVE-2021-22555 | 8.3 | Linux | Kernel | Patched | Unknown | 2021-07-07 | 2025-10-06 | Linux Kernel contains a heap out-of-bounds write vulnerabili... |
| CVE-2010-3962 | 8.1 | Microsoft | Internet Explorer | Patched | Unknown | 2010-11-05 | 2025-10-06 | Microsoft Internet Explorer contains an uninitialized memory... |
| CVE-2021-43226 | 7.8 | Microsoft | Windows | Patched | Unknown | 2021-12-15 | 2025-10-06 | Microsoft Windows Common Log File System Driver contains a p... |
| CVE-2013-3918 | 8.8 | Microsoft | Windows | Patched | Unknown | 2013-11-12 | 2025-10-06 | Microsoft Windows contains an out-of-bounds write vulnerabil... |
| CVE-2015-7755 | 9.8 | Juniper | ScreenOS | Mitigation | Unknown | 2015-12-19 | 2025-10-02 | Juniper ScreenOS contains an improper authentication vulnera... |
| CVE-2025-21043 | 8.8 | Samsung | Mobile Devices | Mitigation | Unknown | 2025-09-12 | 2025-10-02 | Samsung mobile devices contain an out-of-bounds write vulner... |
| CVE-2025-4008 | 8.8 | Smartbedded | Meteobridge | Mitigation | Unknown | 2025-05-21 | 2025-10-02 | Smartbedded Meteobridge contains a command injection vulnera... |
| CVE-2014-6278 | 8.8 | GNU | GNU Bash | Patched | Unknown | 2014-09-30 | 2025-10-02 | GNU Bash contains an OS command injection vulnerability whic... |
| CVE-2017-1000353 | 9.8 | Jenkins | Jenkins | Patched | Unknown | 2018-01-29 | 2025-10-02 | Jenkins contains a remote code execution vulnerability. This... |
| CVE-2025-32463 | 9.3 | Sudo | Sudo | Mitigation | Unknown | 2025-06-30 | 2025-09-29 | Sudo contains an inclusion of functionality from untrusted c... |
| CVE-2025-59689 | 6.1 | Libraesva | Email Security Gateway | Mitigation | Unknown | 2025-09-19 | 2025-09-29 | Libraesva Email Security Gateway (ESG) contains a command in... |
| CVE-2025-10035 | 10.0 | Fortra | GoAnywhere MFT | Mitigation | Known | 2025-09-18 | 2025-09-29 | Fortra GoAnywhere MFT contains a deserialization of untruste... |
| CVE-2025-20352 | 7.7 | Cisco | IOS and IOS XE | Mitigation | Unknown | 2025-09-24 | 2025-09-29 | Cisco IOS and IOS XE contains a stack-based buffer overflow ... |
| CVE-2021-21311 | 7.2 | Adminer | Adminer | Patched | Unknown | 2021-02-11 | 2025-09-29 | Adminer contains a server-side request forgery vulnerability... |
| CVE-2025-20362 | 6.5 | Cisco | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Mitigation | Unknown | 2025-09-25 | 2025-09-25 | Cisco Secure Firewall Adaptive Security (ASA) Appliance and ... |
| CVE-2025-20333 | 9.9 | Cisco | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Mitigation | Unknown | 2025-09-25 | 2025-09-25 | Cisco Secure Firewall Adaptive Security (ASA) Appliance and ... |
| CVE-2025-10585 | 9.8 | Chromium V8 | Mitigation | Unknown | 2025-09-24 | 2025-09-23 | Google Chromium contains a type confusion vulnerability in t... | |
| CVE-2025-5086 | 9.0 | Dassault Systèmes | DELMIA Apriso | Mitigation | Unknown | 2025-06-02 | 2025-09-11 | Dassault Systèmes DELMIA Apriso contains a deserialization o... |
| CVE-2025-53690 | 9.0 | Sitecore | Multiple Products | Mitigation | Unknown | 2025-09-03 | 2025-09-04 | Sitecore Experience Manager (XM), Experience Platform (XP), ... |
| CVE-2025-38352 | 7.4 | Linux | Kernel | Patched | Unknown | 2025-07-22 | 2025-09-04 | Linux kernel contains a time-of-check time-of-use (TOCTOU) r... |
| CVE-2025-48543 | 8.8 | Android | Runtime | Patched | Unknown | 2025-09-04 | 2025-09-04 | Android Runtime contains a use-after-free vulnerability pote... |
| CVE-2023-50224 | 6.5 | TP-Link | TL-WR841N | Unpatched | Unknown | 2024-05-03 | 2025-09-03 | TP-Link TL-WR841N contains an authentication bypass by spoof... |
| CVE-2025-9377 | 7.2 | TP-Link | Multiple Routers | Mitigation | Unknown | 2025-08-29 | 2025-09-03 | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS com... |
| CVE-2020-24363 | 8.8 | TP-Link | TL-WA855RE | Unpatched | Unknown | 2020-08-31 | 2025-09-02 | TP-link TL-WA855RE contains a missing authentication for cri... |
| CVE-2025-55177 | 5.4 | Meta Platforms | Mitigation | Unknown | 2025-08-29 | 2025-09-02 | Meta Platforms WhatsApp contains an incorrect authorization ... | |
| CVE-2025-57819 | 9.8 | Sangoma | FreePBX | Mitigation | Unknown | 2025-08-28 | 2025-08-29 | Sangoma FreePBX contains an authentication bypass vulnerabil... |
| CVE-2025-7775 | 9.8 | Citrix | NetScaler | Mitigation | Unknown | 2025-08-26 | 2025-08-26 | Citrix NetScaler ADC and NetScaler Gateway contain a memory ... |
| CVE-2025-48384 | 8.0 | Git | Git | Mitigation | Unknown | 2025-07-08 | 2025-08-25 | Git contains a link following vulnerability that stems from ... |
| CVE-2024-8068 | 8.0 | Citrix | Session Recording | Mitigation | Unknown | 2024-11-12 | 2025-08-25 | Citrix Session Recording contains an improper privilege mana... |
| CVE-2024-8069 | 8.0 | Citrix | Session Recording | Mitigation | Unknown | 2024-11-12 | 2025-08-25 | Citrix Session Recording contains a deserialization of untru... |
| CVE-2025-43300 | 10.0 | Apple | iOS, iPadOS, and macOS | Mitigation | Unknown | 2025-08-21 | 2025-08-21 | Apple iOS, iPadOS, and macOS contain an out-of-bounds write ... |
| CVE-2025-54948 | 9.4 | Trend Micro | Apex One | Patched | Unknown | 2025-08-05 | 2025-08-18 | Trend Micro Apex One Management Console (on-premise) contain... |
| CVE-2025-8876 | 8.8 | N-able | N-Central | Unpatched | Unknown | 2025-08-14 | 2025-08-13 | N-able N-Central contains a command injection vulnerability ... |
| CVE-2025-8875 | 7.8 | N-able | N-Central | Unpatched | Unknown | 2025-08-14 | 2025-08-13 | N-able N-Central contains an insecure deserialization vulner... |
| CVE-2025-8088 | 8.8 | RARLAB | WinRAR | Mitigation | Unknown | 2025-08-08 | 2025-08-12 | RARLAB WinRAR contains a path traversal vulnerability affect... |
| CVE-2007-0671 | 8.8 | Microsoft | Office | Mitigation | Unknown | 2007-02-03 | 2025-08-12 | Microsoft Office Excel contains a remote code execution vuln... |
| CVE-2013-3893 | 8.8 | Microsoft | Internet Explorer | Mitigation | Unknown | 2013-09-18 | 2025-08-12 | Microsoft Internet Explorer contains a memory corruption vul... |
| CVE-2022-40799 | 8.8 | D-Link | DNR-322L | Unpatched | Unknown | 2022-11-29 | 2025-08-05 | D-Link DNR-322L contains a download of code without integrit... |
| CVE-2020-25078 | 7.5 | D-Link | DCS-2530L and DCS-2670L Devices | Patched | Unknown | 2020-09-02 | 2025-08-05 | D-Link DCS-2530L and DCS-2670L devices contains an unspecifi... |
| CVE-2020-25079 | 8.8 | D-Link | DCS-2530L and DCS-2670L Devices | Patched | Unknown | 2020-09-02 | 2025-08-05 | D-Link DCS-2530L and DCS-2670L devices contains a command in... |
| CVE-2023-2533 | 8.4 | PaperCut | NG/MF | Mitigation | Unknown | 2023-06-20 | 2025-07-28 | PaperCut NG/MF contains a cross-site request forgery (CSRF) ... |
| CVE-2025-20337 | 10.0 | Cisco | Identity Services Engine | Mitigation | Unknown | 2025-07-16 | 2025-07-28 | Cisco Identity Services Engine contains an injection vulnera... |
| CVE-2025-20281 | 10.0 | Cisco | Identity Services Engine | Mitigation | Unknown | 2025-06-25 | 2025-07-28 | Cisco Identity Services Engine contains an injection vulnera... |
| CVE-2025-2775 | 9.3 | SysAid | SysAid On-Prem | Unpatched | Unknown | 2025-05-07 | 2025-07-22 | SysAid On-Prem contains an improper restriction of XML exter... |
| CVE-2025-2776 | 9.3 | SysAid | SysAid On-Prem | Unpatched | Unknown | 2025-05-07 | 2025-07-22 | SysAid On-Prem contains an improper restriction of XML exter... |
| CVE-2025-6558 | 8.8 | Chromium | Unpatched | Unknown | 2025-07-15 | 2025-07-22 | Google Chromium contains an improper input validation vulner... | |
| CVE-2025-54309 | 9.0 | CrushFTP | CrushFTP | Mitigation | Unknown | 2025-07-18 | 2025-07-22 | CrushFTP contains an unprotected alternate channel vulnerabi... |
| CVE-2025-49704 | 8.8 | Microsoft | SharePoint | Mitigation | Known | 2025-07-08 | 2025-07-22 | Microsoft SharePoint contains a code injection vulnerability... |
| CVE-2025-49706 | 6.5 | Microsoft | SharePoint | Mitigation | Known | 2025-07-08 | 2025-07-22 | Microsoft SharePoint contains an improper authentication vul... |
| CVE-2025-53770 | 9.8 | Microsoft | SharePoint | Mitigation | Known | 2025-07-20 | 2025-07-20 | Microsoft SharePoint Server on-premises contains a deseriali... |
| CVE-2025-25257 | 9.8 | Fortinet | FortiWeb | Mitigation | Unknown | 2025-07-17 | 2025-07-18 | Fortinet FortiWeb contains a SQL injection vulnerability tha... |
| CVE-2025-47812 | 10.0 | Wing FTP Server | Wing FTP Server | Mitigation | Unknown | 2025-07-10 | 2025-07-14 | Wing FTP Server contains an improper neutralization of null ... |
| CVE-2025-5777 | 7.5 | Citrix | NetScaler ADC and Gateway | Mitigation | Known | 2025-06-17 | 2025-07-10 | Citrix NetScaler ADC and Gateway contain an out-of-bounds re... |
| CVE-2014-3931 | 9.8 | Looking Glass | Multi-Router Looking Glass (MRLG) | Unpatched | Unknown | 2017-03-31 | 2025-07-07 | Multi-Router Looking Glass (MRLG) contains a buffer overflow... |
| CVE-2019-9621 | 7.5 | Synacor | Zimbra Collaboration Suite (ZCS) | Mitigation | Unknown | 2019-04-30 | 2025-07-07 | Synacor Zimbra Collaboration Suite (ZCS) contains a server-s... |
| CVE-2019-5418 | 7.5 | Rails | Ruby on Rails | Patched | Unknown | 2019-03-27 | 2025-07-07 | Rails Ruby on Rails contains a path traversal vulnerability ... |
| CVE-2016-10033 | 9.8 | PHP | PHPMailer | Patched | Unknown | 2016-12-30 | 2025-07-07 | PHPMailer contains a command injection vulnerability because... |
| CVE-2025-6554 | 8.1 | Chromium V8 | Mitigation | Unknown | 2025-06-30 | 2025-07-02 | Google Chromium V8 contains a type confusion vulnerability t... | |
| CVE-2025-48928 | 4.0 | TeleMessage | TM SGNL | Unpatched | Unknown | 2025-05-28 | 2025-07-01 | TeleMessage TM SGNL contains an exposure of core dump file t... |
| CVE-2025-48927 | 5.3 | TeleMessage | TM SGNL | Unpatched | Unknown | 2025-05-28 | 2025-07-01 | TeleMessage TM SGNL contains an initialization of a resource... |
| CVE-2025-6543 | 9.8 | Citrix | NetScaler ADC and Gateway | Mitigation | Unknown | 2025-06-25 | 2025-06-30 | Citrix NetScaler ADC and Gateway contain a buffer overflow v... |
| CVE-2019-6693 | 6.5 | Fortinet | FortiOS | Mitigation | Known | 2019-11-21 | 2025-06-25 | Fortinet FortiOS contains a use of hard-coded credentials vu... |
| CVE-2024-0769 | 5.3 | D-Link | DIR-859 Router | Mitigation | Unknown | 2024-01-21 | 2025-06-25 | D-Link DIR-859 routers contain a path traversal vulnerabilit... |
| CVE-2024-54085 | 9.8 | AMI | MegaRAC SPx | Mitigation | Unknown | 2025-03-11 | 2025-06-25 | AMI MegaRAC SPx contains an authentication bypass by spoofin... |
| CVE-2023-0386 | 7.8 | Linux | Kernel | Patched | Unknown | 2023-03-22 | 2025-06-17 | Linux Kernel contains an improper ownership management vulne... |
| CVE-2023-33538 | 8.8 | TP-Link | Multiple Routers | Unpatched | Unknown | 2023-06-07 | 2025-06-16 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/... |
| CVE-2025-43200 | 4.2 | Apple | Multiple Products | Mitigation | Unknown | 2025-06-16 | 2025-06-16 | Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an ... |
| CVE-2025-33053 | 8.8 | Microsoft | Windows | Mitigation | Unknown | 2025-06-10 | 2025-06-10 | Microsoft Windows contains an external control of file name ... |
| CVE-2025-24016 | 9.9 | Wazuh | Wazuh Server | Mitigation | Unknown | 2025-02-10 | 2025-06-10 | Wazuh contains a deserialization of untrusted data vulnerabi... |
| CVE-2024-42009 | 9.3 | Roundcube | Webmail | Mitigation | Unknown | 2024-08-05 | 2025-06-09 | RoundCube Webmail contains a cross-site scripting vulnerabil... |
| CVE-2025-32433 | 10.0 | Erlang | Erlang/OTP | Patched | Unknown | 2025-04-16 | 2025-06-09 | Erlang Erlang/OTP SSH server contains a missing authenticati... |
| CVE-2025-5419 | 8.8 | Chromium V8 | Unpatched | Unknown | 2025-06-03 | 2025-06-05 | Google Chromium V8 contains an out-of-bounds read and write ... | |
| CVE-2025-21479 | 8.6 | Qualcomm | Multiple Chipsets | Mitigation | Unknown | 2025-06-03 | 2025-06-03 | Multiple Qualcomm chipsets contain an incorrect authorizatio... |
| CVE-2025-21480 | 8.6 | Qualcomm | Multiple Chipsets | Mitigation | Unknown | 2025-06-03 | 2025-06-03 | Multiple Qualcomm chipsets contain an incorrect authorizatio... |
| CVE-2025-27038 | 7.5 | Qualcomm | Multiple Chipsets | Mitigation | Unknown | 2025-06-03 | 2025-06-03 | Multiple Qualcomm chipsets contain a use-after-free vulnerab... |
| CVE-2021-32030 | 9.8 | ASUS | Routers | Unpatched | Unknown | 2021-05-06 | 2025-06-02 | ASUS Lyra Mini and ASUS GT-AC2900 devices contain an imprope... |
| CVE-2023-39780 | 8.8 | ASUS | RT-AX55 Routers | Unpatched | Unknown | 2023-09-11 | 2025-06-02 | ASUS RT-AX55 devices contain an OS command injection vulnera... |
| CVE-2025-3935 | 8.1 | ConnectWise | ScreenConnect | Mitigation | Unknown | 2025-04-25 | 2025-06-02 | ConnectWise ScreenConnect contains an improper authenticatio... |
| CVE-2025-35939 | 5.3 | Craft CMS | Craft CMS | Patched | Unknown | 2025-05-07 | 2025-06-02 | Craft CMS contains an external control of assumed-immutable ... |
| CVE-2024-56145 | 9.8 | Craft CMS | Craft CMS | Patched | Unknown | 2024-12-18 | 2025-06-02 | Craft CMS contains a code injection vulnerability. Users wit... |
| CVE-2025-4632 | 9.8 | Samsung | MagicINFO 9 Server | Patched | Unknown | 2025-05-13 | 2025-05-22 | Samsung MagicINFO 9 Server contains a path traversal vulnera... |
| CVE-2023-38950 | 7.5 | ZKTeco | BioTime | Unpatched | Unknown | 2023-08-03 | 2025-05-19 | ZKTeco BioTime contains a path traversal vulnerability in th... |
| CVE-2024-27443 | 6.1 | Synacor | Zimbra Collaboration Suite (ZCS) | Unpatched | Unknown | 2024-08-12 | 2025-05-19 | Zimbra Collaboration contains a cross-site scripting (XSS) v... |
| CVE-2024-11182 | 6.1 | MDaemon | Email Server | Unpatched | Unknown | 2024-11-15 | 2025-05-19 | MDaemon Email Server contains a cross-site scripting (XSS) v... |
| CVE-2025-27920 | 7.2 | Srimax | Output Messenger | Mitigation | Unknown | 2025-05-05 | 2025-05-19 | Srimax Output Messenger contains a directory traversal vulne... |
| CVE-2025-4428 | 7.2 | Ivanti | Endpoint Manager Mobile (EPMM) | Mitigation | Unknown | 2025-05-13 | 2025-05-19 | Ivanti Endpoint Manager Mobile (EPMM) contains a code inject... |
| CVE-2025-4427 | 5.3 | Ivanti | Endpoint Manager Mobile (EPMM) | Mitigation | Unknown | 2025-05-13 | 2025-05-19 | Ivanti Endpoint Manager Mobile (EPMM) contains an authentica... |
| CVE-2024-12987 | 7.3 | DrayTek | Vigor Routers | Unpatched | Unknown | 2024-12-27 | 2025-05-15 | DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain ... |
| CVE-2025-42999 | 9.1 | SAP | NetWeaver | Mitigation | Unknown | 2025-05-13 | 2025-05-15 | SAP NetWeaver Visual Composer Metadata Uploader contains a d... |
| CVE-2025-32756 | 9.8 | Fortinet | Multiple Products | Mitigation | Unknown | 2025-05-13 | 2025-05-14 | Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail conta... |
| CVE-2025-32709 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-05-13 | 2025-05-13 | Microsoft Windows Ancillary Function Driver for WinSock cont... |
| CVE-2025-30397 | 7.5 | Microsoft | Windows | Mitigation | Unknown | 2025-05-13 | 2025-05-13 | Microsoft Windows Scripting Engine contains a type confusion... |
| CVE-2025-32706 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-05-13 | 2025-05-13 | Microsoft Windows Common Log File System (CLFS) Driver conta... |
| CVE-2025-32701 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-05-13 | 2025-05-13 | Microsoft Windows Common Log File System (CLFS) Driver conta... |
| CVE-2025-30400 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-05-13 | 2025-05-13 | Microsoft Windows DWM Core Library contains a use-after-free... |
| CVE-2025-47729 | 1.9 | TeleMessage | TM SGNL | Unpatched | Unknown | 2025-05-08 | 2025-05-12 | TeleMessage TM SGNL contains a hidden functionality vulnerab... |
| CVE-2024-11120 | 9.8 | GeoVision | Multiple Devices | Unpatched | Unknown | 2024-11-15 | 2025-05-07 | Multiple GeoVision devices contain an OS command injection v... |
| CVE-2024-6047 | 9.8 | GeoVision | Multiple Devices | Unpatched | Unknown | 2024-06-17 | 2025-05-07 | Multiple GeoVision devices contain an OS command injection v... |
| CVE-2025-27363 | 8.1 | FreeType | FreeType | Unpatched | Unknown | 2025-03-11 | 2025-05-06 | FreeType contains an out-of-bounds write vulnerability when ... |
| CVE-2025-3248 | 9.8 | Langflow | Langflow | Patched | Unknown | 2025-04-07 | 2025-05-05 | Langflow contains a missing authentication vulnerability in ... |
| CVE-2025-34028 | 10.0 | Commvault | Command Center | Mitigation | Unknown | 2025-04-22 | 2025-05-02 | Commvault Command Center contains a path traversal vulnerabi... |
| CVE-2024-58136 | 9.0 | Yiiframework | Yii | Patched | Unknown | 2025-04-10 | 2025-05-02 | Yii Framework contains an improper protection of alternate p... |
| CVE-2023-44221 | 7.2 | SonicWall | SMA100 Appliances | Mitigation | Unknown | 2023-12-05 | 2025-05-01 | SonicWall SMA100 appliances contain an OS command injection ... |
| CVE-2024-38475 | 9.1 | Apache | HTTP Server | Patched | Unknown | 2024-07-01 | 2025-05-01 | Apache HTTP Server contains an improper escaping of output v... |
| CVE-2025-31324 | 10.0 | SAP | NetWeaver | Mitigation | Known | 2025-04-24 | 2025-04-29 | SAP NetWeaver Visual Composer Metadata Uploader contains an ... |
| CVE-2025-1976 | 6.7 | Broadcom | Brocade Fabric OS | Mitigation | Unknown | 2025-04-24 | 2025-04-28 | Broadcom Brocade Fabric OS contains a code injection vulnera... |
| CVE-2025-42599 | 9.8 | Qualitia | Active! Mail | Mitigation | Unknown | 2025-04-18 | 2025-04-28 | Qualitia Active! Mail contains a stack-based buffer overflow... |
| CVE-2025-3928 | 8.8 | Commvault | Web Server | Mitigation | Unknown | 2025-04-25 | 2025-04-28 | Commvault Web Server contains an unspecified vulnerability t... |
| CVE-2025-24054 | 6.5 | Microsoft | Windows | Mitigation | Unknown | 2025-03-11 | 2025-04-17 | Microsoft Windows NTLM contains an external control of file ... |
| CVE-2025-31201 | 9.8 | Apple | Multiple Products | Mitigation | Unknown | 2025-04-16 | 2025-04-17 | Apple iOS, iPadOS, macOS, and other Apple products contain a... |
| CVE-2025-31200 | 9.8 | Apple | Multiple Products | Mitigation | Unknown | 2025-04-16 | 2025-04-17 | Apple iOS, iPadOS, macOS, and other Apple products contain a... |
| CVE-2021-20035 | 6.5 | SonicWall | SMA100 Appliances | Mitigation | Unknown | 2021-09-27 | 2025-04-16 | SonicWall SMA100 appliances contain an OS command injection ... |
| CVE-2024-53150 | 7.1 | Linux | Kernel | Patched | Unknown | 2024-12-24 | 2025-04-09 | Linux Kernel contains an out-of-bounds read vulnerability in... |
| CVE-2024-53197 | 7.8 | Linux | Kernel | Patched | Unknown | 2024-12-27 | 2025-04-09 | Linux Kernel contains an out-of-bounds access vulnerability ... |
| CVE-2025-29824 | 7.8 | Microsoft | Windows | Mitigation | Known | 2025-04-08 | 2025-04-08 | Microsoft Windows Common Log File System (CLFS) Driver conta... |
| CVE-2025-30406 | 9.0 | Gladinet | CentreStack | Patched | Unknown | 2025-04-03 | 2025-04-08 | Gladinet CentreStack and Triofox contains a use of hard-code... |
| CVE-2025-31161 | 9.8 | CrushFTP | CrushFTP | Mitigation | Known | 2025-04-03 | 2025-04-07 | CrushFTP contains an authentication bypass vulnerability in ... |
| CVE-2025-22457 | 9.0 | Ivanti | Connect Secure, Policy Secure, and ZTA Gateways | Mitigation | Known | 2025-04-03 | 2025-04-04 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways conta... |
| CVE-2025-24813 | 9.8 | Apache | Tomcat | Mitigation | Unknown | 2025-03-10 | 2025-04-01 | Apache Tomcat contains a path equivalence vulnerability that... |
| CVE-2024-20439 | 9.8 | Cisco | Smart Licensing Utility | Mitigation | Unknown | 2024-09-04 | 2025-03-31 | Cisco Smart Licensing Utility contains a static credential v... |
| CVE-2025-2783 | 8.3 | Chromium Mojo | Unpatched | Unknown | 2025-03-26 | 2025-03-27 | Google Chromium Mojo on Windows contains a sandbox escape vu... | |
| CVE-2019-9875 | 8.8 | Sitecore | CMS and Experience Platform (XP) | Patched | Unknown | 2019-05-31 | 2025-03-26 | Sitecore CMS and Experience Platform (XP) contain a deserial... |
| CVE-2019-9874 | 9.8 | Sitecore | CMS and Experience Platform (XP) | Patched | Unknown | 2019-05-31 | 2025-03-26 | Sitecore CMS and Experience Platform (XP) contain a deserial... |
| CVE-2025-30154 | 8.6 | reviewdog | action-setup GitHub Action | Patched | Unknown | 2025-03-19 | 2025-03-24 | reviewdog action-setup GitHub Action contains an embedded ma... |
| CVE-2017-12637 | 7.5 | SAP | NetWeaver | Unpatched | Unknown | 2017-08-07 | 2025-03-19 | SAP NetWeaver Application Server (AS) Java contains a direct... |
| CVE-2024-48248 | 8.6 | NAKIVO | Backup and Replication | Unpatched | Unknown | 2025-03-04 | 2025-03-19 | NAKIVO Backup and Replication contains an absolute path trav... |
| CVE-2025-1316 | 9.8 | Edimax | IC-7100 IP Camera | Mitigation | Unknown | 2025-03-05 | 2025-03-19 | Edimax IC-7100 IP camera contains an OS command injection vu... |
| CVE-2025-30066 | 8.6 | tj-actions | changed-files GitHub Action | Mitigation | Unknown | 2025-03-15 | 2025-03-18 | tj-actions/changed-files GitHub Action contains an embedded ... |
| CVE-2025-24472 | 8.1 | Fortinet | FortiOS and FortiProxy | Mitigation | Known | 2025-02-11 | 2025-03-18 | Fortinet FortiOS and FortiProxy contain an authentication b... |
| CVE-2025-21590 | 4.4 | Juniper | Junos OS | Mitigation | Unknown | 2025-03-12 | 2025-03-13 | Juniper Junos OS contains an improper isolation or compartme... |
| CVE-2025-24201 | 10.0 | Apple | Multiple Products | Mitigation | Unknown | 2025-03-11 | 2025-03-13 | Apple iOS, iPadOS, macOS, and other Apple products contain a... |
| CVE-2025-24993 | 7.8 | Microsoft | Windows | Mitigation | Unknown | 2025-03-11 | 2025-03-11 | Microsoft Windows New Technology File System (NTFS) contains... |
| CVE-2025-24991 | 5.5 | Microsoft | Windows | Mitigation | Unknown | 2025-03-11 | 2025-03-11 | Microsoft Windows New Technology File System (NTFS) contains... |
| CVE-2025-26633 | 7.0 | Microsoft | Windows | Mitigation | Known | 2025-03-11 | 2025-03-11 | Microsoft Windows Management Console (MMC) contains an impro... |
| CVE-2025-24985 | 7.8 | Microsoft | Windows | Patched | Unknown | 2025-03-11 | 2025-03-11 | Microsoft Windows Fast FAT File System Driver contains an in... |
| CVE-2025-24984 | 4.6 | Microsoft | Windows | Patched | Unknown | 2025-03-11 | 2025-03-11 | Microsoft Windows New Technology File System (NTFS) contains... |
| CVE-2025-24983 | 7.0 | Microsoft | Windows | Patched | Unknown | 2025-03-11 | 2025-03-11 | Microsoft Windows Win32 Kernel Subsystem contains a use-afte... |
| CVE-2024-57968 | 9.9 | Advantive | VeraCore | Unpatched | Unknown | 2025-02-03 | 2025-03-10 | Advantive VeraCore contains an unrestricted file upload vuln... |
| CVE-2025-25181 | 5.8 | Advantive | VeraCore | Unpatched | Unknown | 2025-02-03 | 2025-03-10 | Advantive VeraCore contains a SQL injection vulnerability in... |
| CVE-2024-13161 | 9.8 | Ivanti | Endpoint Manager (EPM) | Mitigation | Unknown | 2025-01-14 | 2025-03-10 | Ivanti Endpoint Manager (EPM) contains an absolute path trav... |
| CVE-2024-13160 | 9.8 | Ivanti | Endpoint Manager (EPM) | Mitigation | Unknown | 2025-01-14 | 2025-03-10 | Ivanti Endpoint Manager (EPM) contains an absolute path trav... |
| CVE-2024-13159 | 9.8 | Ivanti | Endpoint Manager (EPM) | Mitigation | Unknown | 2025-01-14 | 2025-03-10 | Ivanti Endpoint Manager (EPM) contains an absolute path trav... |
| CVE-2025-22226 | 7.1 | VMware | ESXi, Workstation, and Fusion | Mitigation | Unknown | 2025-03-04 | 2025-03-04 | VMware ESXi, Workstation, and Fusion contain an information ... |
| CVE-2025-22225 | 8.2 | VMware | ESXi | Mitigation | Unknown | 2025-03-04 | 2025-03-04 | VMware ESXi contains an arbitrary write vulnerability. Succe... |
| CVE-2025-22224 | 9.3 | VMware | ESXi and Workstation | Mitigation | Unknown | 2025-03-04 | 2025-03-04 | VMware ESXi and Workstation contain a time-of-check time-of-... |
| CVE-2024-50302 | 5.5 | Linux | Kernel | Patched | Unknown | 2024-11-19 | 2025-03-04 | The Linux kernel contains a use of uninitialized resource vu... |
| CVE-2024-4885 | 9.8 | Progress | WhatsUp Gold | Mitigation | Unknown | 2024-06-25 | 2025-03-03 | Progress WhatsUp Gold contains a path traversal vulnerabilit... |
| CVE-2022-43769 | 8.8 | Hitachi Vantara | Pentaho Business Analytics (BA) Server | Mitigation | Unknown | 2023-04-03 | 2025-03-03 | Hitachi Vantara Pentaho BA Server contains a special element... |
| CVE-2022-43939 | 8.6 | Hitachi Vantara | Pentaho Business Analytics (BA) Server | Mitigation | Unknown | 2023-04-03 | 2025-03-03 | Hitachi Vantara Pentaho BA Server contains a use of non-cano... |
| CVE-2023-20118 | 6.5 | Cisco | Small Business RV Series Routers | Mitigation | Unknown | 2023-04-13 | 2025-03-03 | Multiple Cisco Small Business RV Series Routers contains a c... |
| CVE-2018-8639 | 7.8 | Microsoft | Windows | Patched | Known | 2018-12-12 | 2025-03-03 | Microsoft Windows Win32k contains an improper resource shutd... |
| CVE-2023-34192 | 9.0 | Synacor | Zimbra Collaboration Suite (ZCS) | Mitigation | Unknown | 2023-07-06 | 2025-02-25 | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-si... |
| CVE-2024-49035 | 8.7 | Microsoft | Partner Center | Mitigation | Unknown | 2024-11-26 | 2025-02-25 | Microsoft Partner Center contains an improper access control... |
| CVE-2024-20953 | 8.8 | Oracle | Agile Product Lifecycle Management (PLM) | Mitigation | Unknown | 2024-02-17 | 2025-02-24 | Oracle Agile Product Lifecycle Management (PLM) contains a d... |
| CVE-2017-3066 | 9.8 | Adobe | ColdFusion | Patched | Unknown | 2017-04-27 | 2025-02-24 | Adobe ColdFusion contains a deserialization vulnerability in... |
| CVE-2025-24989 | 8.2 | Microsoft | Power Pages | Patched | Unknown | 2025-02-19 | 2025-02-21 | Microsoft Power Pages contains an improper access control vu... |
| CVE-2025-0111 | 6.5 | Palo Alto Networks | PAN-OS | Mitigation | Unknown | 2025-02-12 | 2025-02-20 | Palo Alto Networks PAN-OS contains an external control of fi... |
| CVE-2025-23209 | 8.0 | Craft CMS | Craft CMS | Patched | Unknown | 2025-01-18 | 2025-02-20 | Craft CMS contains a code injection vulnerability caused by ... |
| CVE-2025-0108 | 9.1 | Palo Alto Networks | PAN-OS | Mitigation | Unknown | 2025-02-12 | 2025-02-18 | Palo Alto Networks PAN-OS contains an authentication bypass ... |
| CVE-2024-53704 | 9.8 | SonicWall | SonicOS | Mitigation | Known | 2025-01-09 | 2025-02-18 | SonicWall SonicOS contains an improper authentication vulner... |
| CVE-2024-57727 | 7.5 | SimpleHelp | SimpleHelp | Unpatched | Known | 2025-01-15 | 2025-02-13 | SimpleHelp remote support software contains multiple path tr... |
| CVE-2025-24200 | 6.1 | Apple | iOS and iPadOS | Mitigation | Unknown | 2025-02-10 | 2025-02-12 | Apple iOS and iPadOS contains an incorrect authorization vul... |
| CVE-2024-41710 | 7.2 | Mitel | SIP Phones | Mitigation | Unknown | 2024-08-12 | 2025-02-12 | Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones,... |
| CVE-2025-21418 | 7.8 | Microsoft | Windows | Patched | Unknown | 2025-02-11 | 2025-02-11 | Microsoft Windows Ancillary Function Driver for WinSock cont... |
| CVE-2025-21391 | 7.1 | Microsoft | Windows | Patched | Unknown | 2025-02-11 | 2025-02-11 | Microsoft Windows Storage contains a link following vulnerab... |
| CVE-2025-0994 | 8.8 | Trimble | Cityworks | Mitigation | Unknown | 2025-02-06 | 2025-02-07 | Trimble Cityworks contains a deserialization vulnerability. ... |
| CVE-2020-15069 | 9.8 | Sophos | XG Firewall | Mitigation | Unknown | 2020-06-29 | 2025-02-06 | Sophos XG Firewall contains a buffer overflow vulnerability ... |
| CVE-2022-23748 | 7.8 | Audinate | Dante Discovery | Mitigation | Unknown | 2022-11-17 | 2025-02-06 | Dante Discovery contains a process control vulnerability in ... |
| CVE-2025-0411 | 7.0 | 7-Zip | 7-Zip | Mitigation | Unknown | 2025-01-25 | 2025-02-06 | 7-Zip contains a protection mechanism failure vulnerability ... |
| CVE-2024-21413 | 9.8 | Microsoft | Office Outlook | Patched | Unknown | 2024-02-13 | 2025-02-06 | Microsoft Outlook contains an improper input validation vuln... |
| CVE-2024-53104 | 7.8 | Linux | Kernel | Patched | Unknown | 2024-12-02 | 2025-02-05 | Linux kernel contains an out-of-bounds write vulnerability i... |
| CVE-2018-19410 | 9.8 | Paessler | PRTG Network Monitor | Unpatched | Unknown | 2018-11-21 | 2025-02-04 | Paessler PRTG Network Monitor contains a local file inclusio... |
| CVE-2018-9276 | 7.2 | Paessler | PRTG Network Monitor | Mitigation | Unknown | 2018-07-02 | 2025-02-04 | Paessler PRTG Network Monitor contains an OS command injecti... |
| CVE-2024-29059 | 7.5 | Microsoft | .NET Framework | Mitigation | Unknown | 2024-03-23 | 2025-02-04 | Microsoft .NET Framework contains an information disclosure ... |
| CVE-2024-45195 | 7.5 | Apache | OFBiz | Mitigation | Unknown | 2024-09-04 | 2025-02-04 | Apache OFBiz contains a forced browsing vulnerability that a... |
| CVE-2025-24085 | 10.0 | Apple | Multiple Products | Mitigation | Unknown | 2025-01-27 | 2025-01-29 | Apple iOS, macOS, and other Apple products contain a user-af... |
| CVE-2025-23006 | 9.8 | SonicWall | SMA1000 Appliances | Mitigation | Known | 2025-01-23 | 2025-01-24 | SonicWall SMA1000 Appliance Management Console (AMC) and Cen... |
| CVE-2020-11023 | 6.9 | JQuery | JQuery | Patched | Unknown | 2020-04-29 | 2025-01-23 | JQuery contains a persistent cross-site scripting (XSS) vuln... |
| CVE-2024-50603 | 10.0 | Aviatrix | Controllers | Mitigation | Unknown | 2025-01-08 | 2025-01-16 | Aviatrix Controllers contain an OS command injection vulnera... |
| CVE-2024-55591 | 9.8 | Fortinet | FortiOS and FortiProxy | Mitigation | Known | 2025-01-14 | 2025-01-14 | Fortinet FortiOS and FortiProxy contain an authentication by... |
| CVE-2025-21335 | 7.8 | Microsoft | Windows | Patched | Unknown | 2025-01-14 | 2025-01-14 | Microsoft Windows Hyper-V NT Kernel Integration VSP contains... |
| CVE-2025-21334 | 7.8 | Microsoft | Windows | Patched | Unknown | 2025-01-14 | 2025-01-14 | Microsoft Windows Hyper-V NT Kernel Integration VSP contains... |
| CVE-2025-21333 | 7.8 | Microsoft | Windows | Patched | Unknown | 2025-01-14 | 2025-01-14 | Microsoft Windows Hyper-V NT Kernel Integration VSP contains... |
| CVE-2023-48365 | 9.6 | Qlik | Sense | Mitigation | Known | 2023-11-15 | 2025-01-13 | Qlik Sense contains an HTTP tunneling vulnerability that all... |
| CVE-2024-12686 | 6.6 | BeyondTrust | Privileged Remote Access (PRA) and Remote Support (RS) | Mitigation | Unknown | 2024-12-18 | 2025-01-13 | BeyondTrust Privileged Remote Access (PRA) and Remote Suppor... |
| CVE-2025-0282 | 9.0 | Ivanti | Connect Secure, Policy Secure, and ZTA Gateways | Mitigation | Known | 2025-01-08 | 2025-01-08 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways conta... |
| CVE-2020-2883 | 9.8 | Oracle | WebLogic Server | Mitigation | Unknown | 2020-04-15 | 2025-01-07 | Oracle WebLogic Server, a product within the Fusion Middlewa... |
| CVE-2024-55550 | 2.7 | Mitel | MiCollab | Mitigation | Known | 2024-12-10 | 2025-01-07 | Mitel MiCollab contains a path traversal vulnerability that ... |
| CVE-2024-41713 | 9.1 | Mitel | MiCollab | Mitigation | Known | 2024-10-21 | 2025-01-07 | Mitel MiCollab contains a path traversal vulnerability that ... |
| CVE-2024-3393 | 7.5 | Palo Alto Networks | PAN-OS | Mitigation | Unknown | 2024-12-27 | 2024-12-30 | Palo Alto Networks PAN-OS contains a vulnerability in parsin... |
| CVE-2021-44207 | 8.1 | Acclaim Systems | USAHERDS | Mitigation | Unknown | 2021-12-21 | 2024-12-23 | Acclaim Systems USAHERDS contains a hard-coded credentials v... |
| CVE-2024-12356 | 9.8 | BeyondTrust | Privileged Remote Access (PRA) and Remote Support (RS) | Mitigation | Unknown | 2024-12-17 | 2024-12-19 | BeyondTrust Privileged Remote Access (PRA) and Remote Suppor... |
| CVE-2024-55956 | 9.8 | Cleo | Multiple Products | Mitigation | Known | 2024-12-13 | 2024-12-17 | Cleo Harmony, VLTrader, and LexiCom, which are managed file ... |
| CVE-2024-20767 | 7.4 | Adobe | ColdFusion | Mitigation | Unknown | 2024-03-18 | 2024-12-16 | Adobe ColdFusion contains an improper access control vulnera... |
| CVE-2024-35250 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-06-11 | 2024-12-16 | Microsoft Windows Kernel-Mode Driver contains an untrusted p... |
| CVE-2024-50623 | 9.8 | Cleo | Multiple Products | Mitigation | Known | 2024-10-28 | 2024-12-13 | Cleo Harmony, VLTrader, and LexiCom, which are managed file ... |
| CVE-2024-49138 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-12-12 | 2024-12-10 | Microsoft Windows Common Log File System (CLFS) driver conta... |
| CVE-2024-51378 | 10.0 | CyberPersons | CyberPanel | Patched | Known | 2024-10-29 | 2024-12-04 | CyberPanel contains an incorrect default permissions vulnera... |
| CVE-2024-11667 | 7.5 | Zyxel | Multiple Firewalls | Mitigation | Known | 2024-11-27 | 2024-12-03 | Multiple Zyxel firewalls contain a path traversal vulnerabil... |
| CVE-2023-45727 | 7.5 | North Grid | Proself | Mitigation | Unknown | 2023-10-18 | 2024-12-03 | North Grid Proself Enterprise/Standard, Gateway, and Mail Sa... |
| CVE-2024-11680 | 9.8 | ProjectSend | ProjectSend | Patched | Unknown | 2024-11-26 | 2024-12-03 | ProjectSend contains an improper authentication vulnerabilit... |
| CVE-2023-28461 | 9.8 | Array Networks | AG/vxAG ArrayOS | Mitigation | Known | 2023-03-15 | 2024-11-25 | Array Networks AG and vxAG ArrayOS contain a missing authent... |
| CVE-2024-21287 | 7.5 | Oracle | Agile Product Lifecycle Management (PLM) | Mitigation | Unknown | 2024-11-18 | 2024-11-21 | Oracle Agile Product Lifecycle Management (PLM) contains an ... |
| CVE-2024-44309 | 6.1 | Apple | Multiple Products | Mitigation | Unknown | 2024-11-20 | 2024-11-21 | Apple iOS, macOS, and other Apple products contain an unspec... |
| CVE-2024-44308 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2024-11-20 | 2024-11-21 | Apple iOS, macOS, and other Apple products contain an unspec... |
| CVE-2024-38813 | 7.5 | VMware | vCenter Server | Mitigation | Unknown | 2024-09-17 | 2024-11-20 | VMware vCenter contains an improper check for dropped privil... |
| CVE-2024-38812 | 9.8 | VMware | vCenter Server | Mitigation | Unknown | 2024-09-17 | 2024-11-20 | VMware vCenter Server contains a heap-based buffer overflow ... |
| CVE-2024-1212 | 10.0 | Progress | Kemp LoadMaster | Unpatched | Unknown | 2024-02-21 | 2024-11-18 | Progress Kemp LoadMaster contains an OS command injection vu... |
| CVE-2024-9474 | 7.2 | Palo Alto Networks | PAN-OS | Mitigation | Known | 2024-11-18 | 2024-11-18 | Palo Alto Networks PAN-OS contains an OS command injection v... |
| CVE-2024-0012 | 9.8 | Palo Alto Networks | PAN-OS | Mitigation | Known | 2024-11-18 | 2024-11-18 | Palo Alto Networks PAN-OS contains an authentication bypass ... |
| CVE-2024-9465 | 9.1 | Palo Alto Networks | Expedition | Mitigation | Unknown | 2024-10-09 | 2024-11-14 | Palo Alto Networks Expedition contains a SQL injection vulne... |
| CVE-2024-9463 | 7.5 | Palo Alto Networks | Expedition | Mitigation | Unknown | 2024-10-09 | 2024-11-14 | Palo Alto Networks Expedition contains an OS command injecti... |
| CVE-2021-26086 | 5.3 | Atlassian | Jira Server and Data Center | Mitigation | Unknown | 2021-08-16 | 2024-11-12 | Atlassian Jira Server and Data Center contain a path travers... |
| CVE-2014-2120 | 6.1 | Cisco | Adaptive Security Appliance (ASA) | Mitigation | Unknown | 2014-03-19 | 2024-11-12 | Cisco Adaptive Security Appliance (ASA) contains a cross-sit... |
| CVE-2021-41277 | 10.0 | Metabase | Metabase | Patched | Unknown | 2021-11-17 | 2024-11-12 | Metabase contains a local file inclusion vulnerability in th... |
| CVE-2024-43451 | 6.5 | Microsoft | Windows | Patched | Unknown | 2024-11-12 | 2024-11-12 | Microsoft Windows contains an NTLMv2 hash spoofing vulnerabi... |
| CVE-2024-49039 | 8.8 | Microsoft | Windows | Patched | Unknown | 2024-11-12 | 2024-11-12 | Microsoft Windows Task Scheduler contains a privilege escala... |
| CVE-2019-16278 | 9.8 | Nostromo | nhttpd | Unpatched | Unknown | 2019-10-14 | 2024-11-07 | Nostromo nhttpd contains a directory traversal vulnerability... |
| CVE-2024-5910 | 9.8 | Palo Alto Networks | Expedition | Mitigation | Unknown | 2024-07-10 | 2024-11-07 | Palo Alto Networks Expedition contains a missing authenticat... |
| CVE-2024-51567 | 10.0 | CyberPersons | CyberPanel | Patched | Unknown | 2024-10-29 | 2024-11-07 | CyberPanel contains an incorrect default permissions vulnera... |
| CVE-2024-43093 | 7.3 | Android | Framework | Patched | Unknown | 2024-11-13 | 2024-11-07 | Android Framework contains an unspecified vulnerability that... |
| CVE-2024-8956 | 9.1 | PTZOptics | PT30X-SDI/NDI Cameras | Unpatched | Unknown | 2024-09-17 | 2024-11-04 | PTZOptics PT30X-SDI/NDI cameras contain an insecure direct o... |
| CVE-2024-8957 | 7.2 | PTZOptics | PT30X-SDI/NDI Cameras | Unpatched | Unknown | 2024-09-17 | 2024-11-04 | PTZOptics PT30X-SDI/NDI cameras contain an OS command inject... |
| CVE-2024-20481 | 5.8 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Mitigation | Unknown | 2024-10-23 | 2024-10-24 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat... |
| CVE-2024-37383 | 6.1 | Roundcube | Webmail | Patched | Unknown | 2024-06-07 | 2024-10-24 | RoundCube Webmail contains a cross-site scripting (XSS) vuln... |
| CVE-2024-47575 | 9.8 | Fortinet | FortiManager | Mitigation | Unknown | 2024-10-23 | 2024-10-23 | Fortinet FortiManager contains a missing authentication vuln... |
| CVE-2024-38094 | 7.2 | Microsoft | SharePoint | Patched | Known | 2024-07-09 | 2024-10-22 | Microsoft SharePoint contains a deserialization vulnerabilit... |
| CVE-2024-9537 | 9.8 | ScienceLogic | SL1 | Mitigation | Unknown | 2024-10-18 | 2024-10-21 | ScienceLogic SL1 (formerly EM7) is affected by an unspecifie... |
| CVE-2024-40711 | 9.8 | Veeam | Backup & Replication | Mitigation | Known | 2024-09-07 | 2024-10-17 | Veeam Backup and Replication contains a deserialization vuln... |
| CVE-2024-28987 | 9.1 | SolarWinds | Web Help Desk | Mitigation | Unknown | 2024-08-21 | 2024-10-15 | SolarWinds Web Help Desk contains a hardcoded credential vul... |
| CVE-2024-9680 | 9.8 | Mozilla | Firefox | Patched | Unknown | 2024-10-09 | 2024-10-15 | Mozilla Firefox and Firefox ESR contain a use-after-free vul... |
| CVE-2024-30088 | 7.0 | Microsoft | Windows | Patched | Unknown | 2024-06-11 | 2024-10-15 | Microsoft Windows Kernel contains a time-of-check to time-of... |
| CVE-2024-23113 | 9.8 | Fortinet | Multiple Products | Mitigation | Unknown | 2024-02-15 | 2024-10-09 | Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain... |
| CVE-2024-43573 | 6.5 | Microsoft | Windows | Patched | Unknown | 2024-10-08 | 2024-10-08 | Microsoft Windows MSHTML Platform contains an unspecified sp... |
| CVE-2024-43572 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-10-08 | 2024-10-08 | Microsoft Windows Management Console contains unspecified vu... |
| CVE-2024-43047 | 7.8 | Qualcomm | Multiple Chipsets | Patched | Unknown | 2024-10-07 | 2024-10-08 | Multiple Qualcomm chipsets contain a use-after-free vulnerab... |
| CVE-2024-45519 | 10.0 | Synacor | Zimbra Collaboration Suite (ZCS) | Unpatched | Unknown | 2024-10-02 | 2024-10-03 | Synacor Zimbra Collaboration Suite (ZCS) contains an unspeci... |
| CVE-2024-29824 | 8.8 | Ivanti | Endpoint Manager (EPM) | Mitigation | Unknown | 2024-05-31 | 2024-10-02 | Ivanti Endpoint Manager (EPM) contains a SQL injection vulne... |
| CVE-2019-0344 | 9.8 | SAP | Commerce Cloud | Mitigation | Unknown | 2019-08-14 | 2024-09-30 | SAP Commerce Cloud (formerly known as Hybris) contains a des... |
| CVE-2020-15415 | 9.8 | DrayTek | Multiple Vigor Routers | Mitigation | Unknown | 2020-06-30 | 2024-09-30 | DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain ... |
| CVE-2024-7593 | 9.8 | Ivanti | Virtual Traffic Manager | Patched | Unknown | 2024-08-13 | 2024-09-24 | Ivanti Virtual Traffic Manager contains an authentication by... |
| CVE-2020-14644 | 9.8 | Oracle | WebLogic Server | Mitigation | Unknown | 2020-07-15 | 2024-09-18 | Oracle WebLogic Server, a product within the Fusion Middlewa... |
| CVE-2022-21445 | 9.8 | Oracle | ADF Faces | Mitigation | Unknown | 2022-04-19 | 2024-09-18 | Oracle ADF Faces library, included with Oracle JDeveloper Di... |
| CVE-2024-27348 | 9.8 | Apache | HugeGraph-Server | Mitigation | Unknown | 2024-04-22 | 2024-09-18 | Apache HugeGraph-Server contains an improper access control ... |
| CVE-2020-0618 | 8.8 | Microsoft | SQL Server | Patched | Unknown | 2020-02-11 | 2024-09-18 | Microsoft SQL Server Reporting Services contains a deseriali... |
| CVE-2024-6670 | 9.8 | Progress | WhatsUp Gold | Mitigation | Known | 2024-08-29 | 2024-09-16 | Progress WhatsUp Gold contains a SQL injection vulnerability... |
| CVE-2024-43461 | 8.8 | Microsoft | Windows | Patched | Unknown | 2024-09-10 | 2024-09-16 | Microsoft Windows MSHTML Platform contains a user interface ... |
| CVE-2024-38217 | 5.4 | Microsoft | Windows | Patched | Unknown | 2024-09-10 | 2024-09-10 | Microsoft Windows Mark of the Web (MOTW) contains a protecti... |
| CVE-2024-38014 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-09-10 | 2024-09-10 | Microsoft Windows Installer contains an improper privilege m... |
| CVE-2024-38226 | 7.3 | Microsoft | Publisher | Patched | Unknown | 2024-09-10 | 2024-09-10 | Microsoft Publisher contains a protection mechanism failure ... |
| CVE-2024-40766 | 9.8 | SonicWall | SonicOS | Mitigation | Known | 2024-08-23 | 2024-09-09 | SonicWall SonicOS contains an improper access control vulner... |
| CVE-2017-1000253 | 7.8 | Linux | Kernel | Patched | Known | 2017-10-05 | 2024-09-09 | Linux kernel contains a position-independent executable (PIE... |
| CVE-2016-3714 | 8.4 | ImageMagick | ImageMagick | Patched | Unknown | 2016-05-05 | 2024-09-09 | ImageMagick contains an improper input validation vulnerabil... |
| CVE-2021-20124 | 7.5 | DrayTek | VigorConnect | Unpatched | Unknown | 2021-10-13 | 2024-09-03 | Draytek VigorConnect contains a path traversal vulnerability... |
| CVE-2021-20123 | 7.5 | DrayTek | VigorConnect | Unpatched | Unknown | 2021-10-13 | 2024-09-03 | Draytek VigorConnect contains a path traversal vulnerability... |
| CVE-2024-7262 | 7.8 | Kingsoft | WPS Office | Mitigation | Unknown | 2024-08-15 | 2024-09-03 | Kingsoft WPS Office contains a path traversal vulnerability ... |
| CVE-2024-7965 | 8.8 | Chromium V8 | Unpatched | Unknown | 2024-08-21 | 2024-08-28 | Google Chromium V8 contains an inappropriate implementation ... | |
| CVE-2024-38856 | 9.8 | Apache | OFBiz | Patched | Unknown | 2024-08-05 | 2024-08-27 | Apache OFBiz contains an incorrect authorization vulnerabili... |
| CVE-2024-7971 | 9.6 | Chromium V8 | Patched | Unknown | 2024-08-21 | 2024-08-26 | Google Chromium V8 contains a type confusion vulnerability t... | |
| CVE-2024-39717 | 7.2 | Versa | Director | Mitigation | Unknown | 2024-08-22 | 2024-08-23 | The Versa Director GUI contains an unrestricted upload of fi... |
| CVE-2021-33045 | 9.8 | Dahua | IP Camera Firmware | Mitigation | Unknown | 2021-09-15 | 2024-08-21 | Dahua IP cameras and related products contain an authenticat... |
| CVE-2021-33044 | 9.8 | Dahua | IP Camera Firmware | Mitigation | Unknown | 2021-09-15 | 2024-08-21 | Dahua IP cameras and related products contain an authenticat... |
| CVE-2021-31196 | 7.2 | Microsoft | Exchange Server | Patched | Unknown | 2021-07-14 | 2024-08-21 | Microsoft Exchange Server contains an information disclosure... |
| CVE-2022-0185 | 8.4 | Linux | Kernel | Patched | Unknown | 2022-02-11 | 2024-08-21 | Linux kernel contains a heap-based buffer overflow vulnerabi... |
| CVE-2024-23897 | 9.8 | Jenkins | Jenkins Command Line Interface (CLI) | Mitigation | Known | 2024-01-24 | 2024-08-19 | Jenkins Command Line Interface (CLI) contains a path travers... |
| CVE-2024-28986 | 9.8 | SolarWinds | Web Help Desk | Mitigation | Unknown | 2024-08-13 | 2024-08-15 | SolarWinds Web Help Desk contains a deserialization of untru... |
| CVE-2024-38107 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-08-13 | 2024-08-13 | Microsoft Windows Power Dependency Coordinator contains an u... |
| CVE-2024-38106 | 7.0 | Microsoft | Windows | Patched | Unknown | 2024-08-13 | 2024-08-13 | Microsoft Windows Kernel contains an unspecified vulnerabili... |
| CVE-2024-38193 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-08-13 | 2024-08-13 | Microsoft Windows Ancillary Function Driver for WinSock cont... |
| CVE-2024-38213 | 6.5 | Microsoft | Windows | Patched | Unknown | 2024-08-13 | 2024-08-13 | Microsoft Windows SmartScreen contains a security feature by... |
| CVE-2024-38178 | 7.5 | Microsoft | Windows | Patched | Unknown | 2024-08-13 | 2024-08-13 | Microsoft Windows Scripting Engine contains a memory corrupt... |
| CVE-2024-38189 | 8.8 | Microsoft | Project | Patched | Unknown | 2024-08-13 | 2024-08-13 | Microsoft Project contains an unspecified vulnerability that... |
| CVE-2024-32113 | 9.8 | Apache | OFBiz | Patched | Unknown | 2024-05-08 | 2024-08-07 | Apache OFBiz contains a path traversal vulnerability that co... |
| CVE-2024-36971 | 7.8 | Android | Kernel | Patched | Unknown | 2024-06-10 | 2024-08-07 | Android contains an unspecified vulnerability in the kernel ... |
| CVE-2018-0824 | 8.8 | Microsoft | Windows | Patched | Unknown | 2018-05-09 | 2024-08-05 | Microsoft COM for Windows contains a deserialization of untr... |
| CVE-2024-37085 | 6.8 | VMware | ESXi | Patched | Known | 2024-06-25 | 2024-07-30 | VMware ESXi contains an authentication bypass vulnerability.... |
| CVE-2023-45249 | 9.8 | Acronis | Cyber Infrastructure (ACI) | Mitigation | Unknown | 2024-07-24 | 2024-07-29 | Acronis Cyber Infrastructure (ACI) allows an unauthenticated... |
| CVE-2024-5217 | 9.8 | ServiceNow | Utah, Vancouver, and Washington DC Now Platform | Mitigation | Unknown | 2024-07-10 | 2024-07-29 | ServiceNow Washington DC, Vancouver, and earlier Now Platfor... |
| CVE-2024-4879 | 9.8 | ServiceNow | Utah, Vancouver, and Washington DC Now Platform | Mitigation | Unknown | 2024-07-10 | 2024-07-29 | ServiceNow Utah, Vancouver, and Washington DC Now Platform r... |
| CVE-2024-39891 | 5.3 | Twilio | Authy | Unpatched | Unknown | 2024-07-02 | 2024-07-23 | Twilio Authy contains an information disclosure vulnerabilit... |
| CVE-2024-28995 | 8.6 | SolarWinds | Serv-U | Mitigation | Unknown | 2024-06-06 | 2024-07-17 | SolarWinds Serv-U contains a path traversal vulnerability th... |
| CVE-2024-34102 | 9.8 | Adobe | Commerce and Magento Open Source | Mitigation | Unknown | 2024-06-13 | 2024-07-17 | Adobe Commerce and Magento Open Source contain an improper r... |
| CVE-2022-22948 | 6.5 | VMware | vCenter Server | Patched | Unknown | 2022-03-29 | 2024-07-17 | VMware vCenter Server contains an incorrect default file per... |
| CVE-2024-36401 | 9.8 | OSGeo | GeoServer | Patched | Unknown | 2024-07-01 | 2024-07-15 | OSGeo GeoServer GeoTools contains an improper neutralization... |
| CVE-2024-23692 | 9.8 | Rejetto | HTTP File Server | Patched | Unknown | 2024-05-31 | 2024-07-09 | Rejetto HTTP File Server contains an improper neutralization... |
| CVE-2024-38080 | 7.8 | Microsoft | Windows | Patched | Unknown | 2024-07-09 | 2024-07-09 | Microsoft Windows Hyper-V contains a privilege escalation vu... |
| CVE-2024-38112 | 7.5 | Microsoft | Windows | Patched | Unknown | 2024-07-09 | 2024-07-09 | Microsoft Windows MSHTML Platform contains a spoofing vulner... |
| CVE-2024-20399 | 6.0 | Cisco | NX-OS | Mitigation | Unknown | 2024-07-01 | 2024-07-02 | Cisco NX-OS contains a command injection vulnerability in th... |
| CVE-2020-13965 | 6.1 | Roundcube | Webmail | Patched | Unknown | 2020-06-09 | 2024-06-26 | Roundcube Webmail contains a cross-site scripting (XSS) vuln... |
| CVE-2022-2586 | 5.3 | Linux | Kernel | Patched | Unknown | 2024-01-08 | 2024-06-26 | Linux Kernel contains a use-after-free vulnerability in the ... |
| CVE-2022-24816 | 10.0 | OSGeo | JAI-EXT | Patched | Unknown | 2022-04-13 | 2024-06-26 | OSGeo GeoServer JAI-EXT contains a code injection vulnerabil... |
| CVE-2024-4358 | 9.8 | Progress | Telerik Report Server | Mitigation | Unknown | 2024-05-29 | 2024-06-13 | Progress Telerik Report Server contains an authorization byp... |
| CVE-2024-32896 | 7.8 | Android | Pixel | Mitigation | Unknown | 2024-06-13 | 2024-06-13 | Android Pixel contains an unspecified vulnerability in the f... |
| CVE-2024-26169 | 7.8 | Microsoft | Windows | Patched | Known | 2024-03-12 | 2024-06-13 | Microsoft Windows Error Reporting Service contains an improp... |
| CVE-2024-4610 | 7.8 | Arm | Mali GPU Kernel Driver | Mitigation | Unknown | 2024-06-07 | 2024-06-12 | Arm Bifrost and Valhall GPU kernel drivers contain a use-aft... |
| CVE-2024-4577 | 9.8 | PHP Group | PHP | Patched | Known | 2024-06-09 | 2024-06-12 | PHP, specifically Windows-based PHP used in CGI mode, contai... |
| CVE-2017-3506 | 7.4 | Oracle | WebLogic Server | Patched | Unknown | 2017-04-24 | 2024-06-03 | Oracle WebLogic Server, a product within the Fusion Middlewa... |
| CVE-2024-1086 | 7.8 | Linux | Kernel | Patched | Known | 2024-01-31 | 2024-05-30 | Linux kernel contains a use-after-free vulnerability in the ... |
| CVE-2024-24919 | 8.6 | Check Point | Quantum Security Gateways | Patched | Known | 2024-05-28 | 2024-05-30 | Check Point Quantum Security Gateways contain an unspecified... |
| CVE-2024-4978 | 8.4 | Justice AV Solutions | Viewer | Unpatched | Unknown | 2024-05-23 | 2024-05-29 | Justice AV Solutions (JAVS) Viewer installer contains a mali... |
| CVE-2024-5274 | 9.6 | Chromium V8 | Unpatched | Unknown | 2024-05-28 | 2024-05-28 | Google Chromium V8 contains a type confusion vulnerability t... | |
| CVE-2020-17519 | 7.5 | Apache | Flink | Mitigation | Unknown | 2021-01-05 | 2024-05-23 | Apache Flink contains an improper access control vulnerabili... |
| CVE-2023-43208 | 9.8 | NextGen Healthcare | Mirth Connect | Unpatched | Known | 2023-10-26 | 2024-05-20 | NextGen Healthcare Mirth Connect contains a deserialization ... |
| CVE-2024-4947 | 9.6 | Chromium V8 | Mitigation | Unknown | 2024-05-15 | 2024-05-20 | Google Chromium V8 contains a type confusion vulnerability t... | |
| CVE-2024-4761 | 8.8 | Chromium V8 | Mitigation | Unknown | 2024-05-14 | 2024-05-16 | Google Chromium V8 Engine contains an unspecified out-of-bou... | |
| CVE-2024-30040 | 8.8 | Microsoft | Windows | Patched | Unknown | 2024-05-14 | 2024-05-14 | Microsoft Windows MSHTML Platform contains an unspecified vu... |
| CVE-2024-30051 | 7.8 | Microsoft | DWM Core Library | Patched | Known | 2024-05-14 | 2024-05-14 | Microsoft DWM Core Library contains a privilege escalation v... |
| CVE-2024-4671 | 9.6 | Chromium | Mitigation | Unknown | 2024-05-14 | 2024-05-13 | Google Chromium Visuals contains a use-after-free vulnerabil... | |
| CVE-2023-7028 | 10.0 | GitLab | GitLab CE/EE | Mitigation | Unknown | 2024-01-12 | 2024-05-01 | GitLab Community and Enterprise Editions contain an improper... |
| CVE-2024-29988 | 8.8 | Microsoft | SmartScreen Prompt | Patched | Unknown | 2024-04-09 | 2024-04-30 | Microsoft SmartScreen Prompt contains a security feature byp... |
| CVE-2024-20359 | 6.0 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Mitigation | Unknown | 2024-04-24 | 2024-04-24 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat... |
| CVE-2024-20353 | 8.6 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Mitigation | Unknown | 2024-04-24 | 2024-04-24 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat... |
| CVE-2024-4040 | 9.8 | CrushFTP | CrushFTP | Patched | Unknown | 2024-04-22 | 2024-04-24 | CrushFTP contains an unspecified sandbox escape vulnerabilit... |
| CVE-2022-38028 | 7.8 | Microsoft | Windows | Patched | Unknown | 2022-10-11 | 2024-04-23 | Microsoft Windows Print Spooler service contains a privilege... |
| CVE-2024-3400 | 10.0 | Palo Alto Networks | PAN-OS | Mitigation | Known | 2024-04-12 | 2024-04-12 | Palo Alto Networks PAN-OS GlobalProtect feature contains a c... |
| CVE-2024-29748 | 7.8 | Android | Pixel | Mitigation | Unknown | 2024-04-05 | 2024-04-04 | Android Pixel contains a privilege escalation vulnerability ... |
| CVE-2024-29745 | 5.5 | Android | Pixel | Mitigation | Unknown | 2024-04-05 | 2024-04-04 | Android Pixel contains an information disclosure vulnerabili... |
| CVE-2023-24955 | 7.2 | Microsoft | SharePoint Server | Patched | Known | 2023-05-09 | 2024-03-26 | Microsoft SharePoint Server contains a code injection vulner... |
| CVE-2023-48788 | 9.8 | Fortinet | FortiClient EMS | Mitigation | Known | 2024-03-12 | 2024-03-25 | Fortinet FortiClient EMS contains a SQL injection vulnerabil... |
| CVE-2021-44529 | 9.8 | Ivanti | Endpoint Manager Cloud Service Appliance (EPM CSA) | Patched | Known | 2021-12-08 | 2024-03-25 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) co... |
| CVE-2024-27198 | 9.8 | JetBrains | TeamCity | Mitigation | Known | 2024-03-04 | 2024-03-07 | JetBrains TeamCity contains an authentication bypass vulnera... |
| CVE-2024-23225 | 7.8 | Apple | Multiple Products | Mitigation | Unknown | 2024-03-05 | 2024-03-06 | Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel... |
| CVE-2024-23296 | 7.8 | Apple | Multiple Products | Mitigation | Unknown | 2024-03-05 | 2024-03-06 | Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a ... |
| CVE-2021-36380 | 9.8 | Sunhillo | SureLine | Unpatched | Unknown | 2021-08-13 | 2024-03-05 | Sunhillo SureLine contains an OS command injection vulnerabi... |
| CVE-2023-21237 | 5.5 | Android | Pixel | Mitigation | Unknown | 2023-06-28 | 2024-03-05 | Android Pixel contains a vulnerability in the Framework comp... |
| CVE-2024-21338 | 7.8 | Microsoft | Windows | Patched | Known | 2024-02-13 | 2024-03-04 | Microsoft Windows Kernel contains an exposed IOCTL with insu... |
| CVE-2023-29360 | 8.4 | Microsoft | Streaming Service | Patched | Unknown | 2023-06-14 | 2024-02-29 | Microsoft Streaming Service contains an untrusted pointer de... |
| CVE-2024-1709 | 10.0 | ConnectWise | ScreenConnect | Patched | Known | 2024-02-21 | 2024-02-22 | ConnectWise ScreenConnect contains an authentication bypass ... |
| CVE-2020-3259 | 7.5 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Mitigation | Known | 2020-05-06 | 2024-02-15 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat... |
| CVE-2024-21410 | 9.8 | Microsoft | Exchange Server | Patched | Unknown | 2024-02-13 | 2024-02-15 | Microsoft Exchange Server contains an unspecified vulnerabil... |
| CVE-2024-21412 | 8.1 | Microsoft | Windows | Patched | Known | 2024-02-13 | 2024-02-13 | Microsoft Windows Internet Shortcut Files contains an unspec... |
| CVE-2024-21351 | 7.6 | Microsoft | Windows | Patched | Unknown | 2024-02-13 | 2024-02-13 | Microsoft Windows SmartScreen contains a security feature by... |
| CVE-2023-43770 | 6.1 | Roundcube | Webmail | Patched | Unknown | 2023-09-22 | 2024-02-12 | Roundcube Webmail contains a persistent cross-site scripting... |
| CVE-2024-21762 | 9.8 | Fortinet | FortiOS | Mitigation | Known | 2024-02-09 | 2024-02-09 | Fortinet FortiOS contains an out-of-bound write vulnerabilit... |
| CVE-2023-4762 | 8.8 | Chromium V8 | Patched | Unknown | 2023-09-05 | 2024-02-06 | Google Chromium V8 contains a type confusion vulnerability t... | |
| CVE-2022-48618 | 7.0 | Apple | Multiple Products | Mitigation | Unknown | 2024-01-09 | 2024-01-31 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-o... |
| CVE-2024-21893 | 8.2 | Ivanti | Connect Secure, Policy Secure, and Neurons | Mitigation | Known | 2024-01-31 | 2024-01-31 | Ivanti Connect Secure (ICS, formerly known as Pulse Connect ... |
| CVE-2023-22527 | 9.8 | Atlassian | Confluence Data Center and Server | Mitigation | Known | 2024-01-16 | 2024-01-24 | Atlassian Confluence Data Center and Server contain an unaut... |
| CVE-2024-23222 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2024-01-23 | 2024-01-23 | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a ... |
| CVE-2023-34048 | 9.8 | VMware | vCenter Server | Mitigation | Unknown | 2023-10-25 | 2024-01-22 | VMware vCenter Server contains an out-of-bounds write vulner... |
| CVE-2023-35082 | 9.8 | Ivanti | Endpoint Manager Mobile (EPMM) and MobileIron Core | Mitigation | Known | 2023-08-15 | 2024-01-18 | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core co... |
| CVE-2024-0519 | 8.8 | Chromium V8 | Unpatched | Unknown | 2024-01-16 | 2024-01-17 | Google Chromium V8 Engine contains an out-of-bounds memory a... | |
| CVE-2023-6549 | 8.2 | Citrix | NetScaler ADC and NetScaler Gateway | Mitigation | Unknown | 2024-01-17 | 2024-01-17 | Citrix NetScaler ADC and NetScaler Gateway contain a buffer ... |
| CVE-2023-6548 | 5.5 | Citrix | NetScaler ADC and NetScaler Gateway | Mitigation | Unknown | 2024-01-17 | 2024-01-17 | Citrix NetScaler ADC and NetScaler Gateway contain a code in... |
| CVE-2018-15133 | 8.1 | Laravel | Laravel Framework | Mitigation | Unknown | 2018-08-09 | 2024-01-16 | Laravel Framework contains a deserialization of untrusted da... |
| CVE-2023-46805 | 8.2 | Ivanti | Connect Secure and Policy Secure | Mitigation | Known | 2024-01-12 | 2024-01-10 | Ivanti Connect Secure (ICS, formerly known as Pulse Connect ... |
| CVE-2024-21887 | 9.1 | Ivanti | Connect Secure and Policy Secure | Mitigation | Known | 2024-01-12 | 2024-01-10 | Ivanti Connect Secure (ICS, formerly known as Pulse Connect ... |
| CVE-2023-29357 | 9.8 | Microsoft | SharePoint Server | Patched | Known | 2023-06-14 | 2024-01-10 | Microsoft SharePoint Server contains an unspecified vulnerab... |
| CVE-2023-23752 | 5.3 | Joomla! | Joomla! | Mitigation | Unknown | 2023-02-16 | 2024-01-08 | Joomla! contains an improper access control vulnerability th... |
| CVE-2023-41990 | 7.8 | Apple | Multiple Products | Mitigation | Unknown | 2023-09-12 | 2024-01-08 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspe... |
| CVE-2023-27524 | 8.9 | Apache | Superset | Mitigation | Unknown | 2023-04-24 | 2024-01-08 | Apache Superset contains an insecure default initialization ... |
| CVE-2023-29300 | 9.8 | Adobe | ColdFusion | Mitigation | Known | 2023-07-12 | 2024-01-08 | Adobe ColdFusion contains a deserialization of untrusted dat... |
| CVE-2016-20017 | 9.8 | D-Link | DSL-2750B Devices | Patched | Unknown | 2022-10-19 | 2024-01-08 | D-Link DSL-2750B devices contain a command injection vulnera... |
| CVE-2023-38203 | 9.8 | Adobe | ColdFusion | Patched | Known | 2023-07-20 | 2024-01-08 | Adobe ColdFusion contains a deserialization of untrusted dat... |
| CVE-2023-7024 | 8.8 | Chromium WebRTC | Mitigation | Unknown | 2023-12-21 | 2024-01-02 | Google Chromium WebRTC, an open-source project providing web... | |
| CVE-2023-7101 | 7.8 | Spreadsheet::ParseExcel | Spreadsheet::ParseExcel | Patched | Unknown | 2023-12-24 | 2024-01-02 | Spreadsheet::ParseExcel contains a remote code execution vul... |
| CVE-2023-49897 | 8.8 | FXC | AE1021, AE1021PE | Mitigation | Unknown | 2023-12-06 | 2023-12-21 | FXC AE1021 and AE1021PE contain an OS command injection vuln... |
| CVE-2023-47565 | 8.0 | QNAP | VioStor NVR | Mitigation | Unknown | 2023-12-08 | 2023-12-21 | QNAP VioStar NVR contains an OS command injection vulnerabil... |
| CVE-2023-6448 | 9.8 | Unitronics | Vision PLC and HMI | Mitigation | Unknown | 2023-12-05 | 2023-12-11 | Unitronics Vision Series PLCs and HMIs ship with an insecure... |
| CVE-2023-41266 | 8.2 | Qlik | Sense | Mitigation | Known | 2023-08-29 | 2023-12-07 | Qlik Sense contains a path traversal vulnerability that allo... |
| CVE-2023-41265 | 9.6 | Qlik | Sense | Mitigation | Known | 2023-08-29 | 2023-12-07 | Qlik Sense contains an HTTP tunneling vulnerability that all... |
| CVE-2023-33107 | 8.4 | Qualcomm | Multiple Chipsets | Patched | Unknown | 2023-12-05 | 2023-12-05 | Multiple Qualcomm chipsets contain an integer overflow vulne... |
| CVE-2023-33106 | 8.4 | Qualcomm | Multiple Chipsets | Patched | Unknown | 2023-12-05 | 2023-12-05 | Multiple Qualcomm chipsets contain a use of out-of-range poi... |
| CVE-2023-33063 | 7.8 | Qualcomm | Multiple Chipsets | Patched | Unknown | 2023-12-05 | 2023-12-05 | Multiple Qualcomm chipsets contain a use-after-free vulnerab... |
| CVE-2022-22071 | 8.4 | Qualcomm | Multiple Chipsets | Patched | Unknown | 2022-06-14 | 2023-12-05 | Multiple Qualcomm chipsets contain a use-after-free vulnerab... |
| CVE-2023-42917 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2023-11-30 | 2023-12-04 | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory... |
| CVE-2023-42916 | 6.5 | Apple | Multiple Products | Mitigation | Unknown | 2023-11-30 | 2023-12-04 | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-o... |
| CVE-2023-6345 | 9.6 | Chromium Skia | Unpatched | Unknown | 2023-11-29 | 2023-11-30 | Google Chromium Skia contains an integer overflow vulnerabil... | |
| CVE-2023-49103 | 10.0 | ownCloud | ownCloud graphapi | Mitigation | Unknown | 2023-11-21 | 2023-11-30 | ownCloud graphapi contains an information disclosure vulnera... |
| CVE-2023-4911 | 7.8 | GNU | GNU C Library | Patched | Unknown | 2023-10-03 | 2023-11-21 | GNU C Library's dynamic loader ld.so contains a buffer overf... |
| CVE-2023-1671 | 9.8 | Sophos | Web Appliance | Mitigation | Unknown | 2023-04-04 | 2023-11-16 | Sophos Web Appliance contains a command injection vulnerabil... |
| CVE-2023-36584 | 5.4 | Microsoft | Windows | Patched | Unknown | 2023-10-10 | 2023-11-16 | Microsoft Windows Mark of the Web (MOTW) contains a security... |
| CVE-2020-2551 | 9.8 | Oracle | Fusion Middleware | Patched | Unknown | 2020-01-15 | 2023-11-16 | Oracle Fusion Middleware contains an unspecified vulnerabili... |
| CVE-2023-36033 | 7.8 | Microsoft | Windows | Patched | Unknown | 2023-11-14 | 2023-11-14 | Microsoft Windows Desktop Window Manager (DWM) Core Library ... |
| CVE-2023-36025 | 8.8 | Microsoft | Windows | Patched | Unknown | 2023-11-14 | 2023-11-14 | Microsoft Windows SmartScreen contains a security feature by... |
| CVE-2023-36036 | 7.8 | Microsoft | Windows | Patched | Unknown | 2023-11-14 | 2023-11-14 | Microsoft Windows Cloud Files Mini Filter Driver contains a ... |
| CVE-2023-47246 | 9.8 | SysAid | SysAid Server | Mitigation | Known | 2023-11-10 | 2023-11-13 | SysAid Server (on-premises version) contains a path traversa... |
| CVE-2023-36844 | 5.3 | Juniper | Junos OS | Mitigation | Unknown | 2023-08-17 | 2023-11-13 | Juniper Junos OS on EX Series contains a PHP external variab... |
| CVE-2023-36845 | 9.8 | Juniper | Junos OS | Mitigation | Unknown | 2023-08-17 | 2023-11-13 | Juniper Junos OS on EX Series and SRX Series contains a PHP ... |
| CVE-2023-36846 | 5.3 | Juniper | Junos OS | Mitigation | Unknown | 2023-08-17 | 2023-11-13 | Juniper Junos OS on SRX Series contains a missing authentica... |
| CVE-2023-36847 | 5.3 | Juniper | Junos OS | Mitigation | Unknown | 2023-08-17 | 2023-11-13 | Juniper Junos OS on EX Series contains a missing authenticat... |
| CVE-2023-36851 | 5.3 | Juniper | Junos OS | Mitigation | Unknown | 2023-09-27 | 2023-11-13 | Juniper Junos OS on SRX Series contains a missing authentica... |
| CVE-2023-29552 | 7.5 | IETF | Service Location Protocol (SLP) | Unpatched | Unknown | 2023-04-25 | 2023-11-08 | The Service Location Protocol (SLP) contains a denial-of-ser... |
| CVE-2023-22518 | 9.8 | Atlassian | Confluence Data Center and Server | Mitigation | Known | 2023-10-31 | 2023-11-07 | Atlassian Confluence Data Center and Server contain an impro... |
| CVE-2023-46604 | 10.0 | Apache | ActiveMQ | Mitigation | Known | 2023-10-27 | 2023-11-02 | Apache ActiveMQ contains a deserialization of untrusted data... |
| CVE-2023-46748 | 8.8 | F5 | BIG-IP Configuration Utility | Mitigation | Unknown | 2023-10-26 | 2023-10-31 | F5 BIG-IP Configuration utility contains an SQL injection vu... |
| CVE-2023-46747 | 9.8 | F5 | BIG-IP Configuration Utility | Mitigation | Known | 2023-10-26 | 2023-10-31 | F5 BIG-IP Configuration utility contains an authentication b... |
| CVE-2023-5631 | 6.1 | Roundcube | Webmail | Patched | Unknown | 2023-10-18 | 2023-10-26 | Roundcube Webmail contains a persistent cross-site scripting... |
| CVE-2023-20273 | 7.2 | Cisco | Cisco IOS XE Web UI | Mitigation | Unknown | 2023-10-25 | 2023-10-23 | Cisco IOS XE contains a command injection vulnerability in t... |
| CVE-2023-4966 | 9.4 | Citrix | NetScaler ADC and NetScaler Gateway | Mitigation | Known | 2023-10-10 | 2023-10-18 | Citrix NetScaler ADC and NetScaler Gateway contain a buffer ... |
| CVE-2023-20198 | 10.0 | Cisco | IOS XE Web UI | Mitigation | Unknown | 2023-10-16 | 2023-10-16 | Cisco IOS XE Web UI contains a privilege escalation vulnerab... |
| CVE-2023-21608 | 7.8 | Adobe | Acrobat and Reader | Mitigation | Unknown | 2023-01-18 | 2023-10-10 | Adobe Acrobat and Reader contains a use-after-free vulnerabi... |
| CVE-2023-20109 | 6.6 | Cisco | IOS and IOS XE | Mitigation | Unknown | 2023-09-27 | 2023-10-10 | Cisco IOS and IOS XE contain an out-of-bounds write vulnerab... |
| CVE-2023-41763 | 5.3 | Microsoft | Skype for Business | Patched | Unknown | 2023-10-10 | 2023-10-10 | Microsoft Skype for Business contains an unspecified vulnera... |
| CVE-2023-36563 | 6.5 | Microsoft | WordPad | Patched | Unknown | 2023-10-10 | 2023-10-10 | Microsoft WordPad contains an unspecified vulnerability that... |
| CVE-2023-44487 | 7.5 | IETF | HTTP/2 | Patched | Unknown | 2023-10-10 | 2023-10-10 | HTTP/2 contains a rapid reset vulnerability that allows for ... |
| CVE-2023-22515 | 9.8 | Atlassian | Confluence Data Center and Server | Mitigation | Known | 2023-10-04 | 2023-10-05 | Atlassian Confluence Data Center and Server contains a broke... |
| CVE-2023-40044 | 10.0 | Progress | WS_FTP Server | Mitigation | Known | 2023-09-27 | 2023-10-05 | Progress WS_FTP Server contains a deserialization of untrust... |
| CVE-2023-42824 | 7.8 | Apple | iOS and iPadOS | Mitigation | Unknown | 2023-10-04 | 2023-10-05 | Apple iOS and iPadOS contain an unspecified vulnerability th... |
| CVE-2023-42793 | 9.8 | JetBrains | TeamCity | Mitigation | Known | 2023-09-19 | 2023-10-04 | JetBrains TeamCity contains an authentication bypass vulnera... |
| CVE-2023-28229 | 7.0 | Microsoft | Windows CNG Key Isolation Service | Patched | Unknown | 2023-04-11 | 2023-10-04 | Microsoft Windows Cryptographic Next Generation (CNG) Key Is... |
| CVE-2023-4211 | 5.5 | Arm | Mali GPU Kernel Driver | Mitigation | Unknown | 2023-10-01 | 2023-10-03 | Arm Mali GPU Kernel Driver contains a use-after-free vulnera... |
| CVE-2023-5217 | 8.8 | Chromium libvpx | Patched | Unknown | 2023-09-28 | 2023-10-02 | Google Chromium libvpx contains a heap buffer overflow vulne... | |
| CVE-2018-14667 | 9.8 | Red Hat | JBoss RichFaces Framework | Mitigation | Unknown | 2018-11-06 | 2023-09-28 | Red Hat JBoss RichFaces Framework contains an expression lan... |
| CVE-2023-41991 | 5.5 | Apple | Multiple Products | Mitigation | Unknown | 2023-09-21 | 2023-09-25 | Apple iOS, iPadOS, macOS, and watchOS contain an improper ce... |
| CVE-2023-41992 | 7.8 | Apple | Multiple Products | Mitigation | Unknown | 2023-09-21 | 2023-09-25 | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified... |
| CVE-2023-41993 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2023-09-21 | 2023-09-25 | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspe... |
| CVE-2023-41179 | 7.2 | Trend Micro | Apex One and Worry-Free Business Security | Unpatched | Unknown | 2023-09-19 | 2023-09-21 | Trend Micro Apex One and Worry-Free Business Security contai... |
| CVE-2023-28434 | 8.8 | MinIO | MinIO | Patched | Unknown | 2023-03-22 | 2023-09-19 | MinIO contains a security feature bypass vulnerability that ... |
| CVE-2017-6884 | 8.8 | Zyxel | EMG2926 Routers | Unpatched | Known | 2017-04-06 | 2023-09-18 | Zyxel EMG2926 routers contain a command injection vulnerabil... |
| CVE-2022-22265 | 5.0 | Samsung | Mobile Devices | Mitigation | Unknown | 2022-01-10 | 2023-09-18 | Samsung devices with selected Exynos chipsets contain a use-... |
| CVE-2014-8361 | 9.8 | Realtek | SDK | Mitigation | Unknown | 2015-05-01 | 2023-09-18 | Realtek SDK contains an improper input validation vulnerabil... |
| CVE-2021-3129 | 9.8 | Laravel | Ignition | Patched | Known | 2021-01-12 | 2023-09-18 | Laravel Ignition contains a file upload vulnerability that a... |
| CVE-2023-26369 | 7.8 | Adobe | Acrobat and Reader | Mitigation | Unknown | 2023-09-13 | 2023-09-14 | Adobe Acrobat and Reader contains an out-of-bounds write vul... |
| CVE-2023-20269 | 5.0 | Cisco | Adaptive Security Appliance and Firepower Threat Defense | Mitigation | Known | 2023-09-06 | 2023-09-13 | Cisco Adaptive Security Appliance and Firepower Threat Defen... |
| CVE-2023-35674 | 7.8 | Android | Framework | Patched | Unknown | 2023-09-11 | 2023-09-13 | Android Framework contains an unspecified vulnerability that... |
| CVE-2023-4863 | 8.8 | Chromium WebP | Patched | Unknown | 2023-09-12 | 2023-09-13 | Google Chromium WebP contains a heap-based buffer overflow v... | |
| CVE-2023-36761 | 6.5 | Microsoft | Word | Patched | Unknown | 2023-09-12 | 2023-09-12 | Microsoft Word contains an unspecified vulnerability that al... |
| CVE-2023-36802 | 7.8 | Microsoft | Streaming Service Proxy | Patched | Unknown | 2023-09-12 | 2023-09-12 | Microsoft Streaming Service Proxy contains an unspecified vu... |
| CVE-2023-41064 | 7.8 | Apple | iOS, iPadOS, and macOS | Mitigation | Unknown | 2023-09-07 | 2023-09-11 | Apple iOS, iPadOS, and macOS contain a buffer overflow vulne... |
| CVE-2023-41061 | 7.8 | Apple | iOS, iPadOS, and watchOS | Mitigation | Unknown | 2023-09-07 | 2023-09-11 | Apple iOS, iPadOS, and watchOS contain an unspecified vulner... |
| CVE-2023-33246 | 9.8 | Apache | RocketMQ | Mitigation | Unknown | 2023-05-24 | 2023-09-06 | Several components of Apache RocketMQ, including NameServer,... |
| CVE-2023-38831 | 7.8 | RARLAB | WinRAR | Unpatched | Known | 2023-08-23 | 2023-08-24 | RARLAB WinRAR contains an unspecified vulnerability that all... |
| CVE-2023-32315 | 8.6 | Ignite Realtime | Openfire | Patched | Unknown | 2023-05-26 | 2023-08-24 | Ignite Realtime Openfire contains a path traversal vulnerabi... |
| CVE-2023-38035 | 9.8 | Ivanti | Sentry | Mitigation | Known | 2023-08-21 | 2023-08-22 | Ivanti Sentry, formerly known as MobileIron Sentry, contains... |
| CVE-2023-27532 | 7.5 | Veeam | Backup & Replication | Mitigation | Known | 2023-03-10 | 2023-08-22 | Veeam Backup & Replication Cloud Connect component contains ... |
| CVE-2023-26359 | 9.8 | Adobe | ColdFusion | Patched | Unknown | 2023-03-23 | 2023-08-21 | Adobe ColdFusion contains a deserialization of untrusted dat... |
| CVE-2023-24489 | 9.8 | Citrix | Content Collaboration | Mitigation | Unknown | 2023-07-10 | 2023-08-16 | Citrix Content Collaboration contains an improper access con... |
| CVE-2023-38180 | 7.5 | Microsoft | .NET Core and Visual Studio | Patched | Unknown | 2023-08-08 | 2023-08-09 | Microsoft .NET Core and Visual Studio contain an unspecified... |
| CVE-2017-18368 | 9.8 | Zyxel | P660HN-T1A Routers | Unpatched | Unknown | 2019-05-02 | 2023-08-07 | Zyxel P660HN-T1A routers contain a command injection vulnera... |
| CVE-2023-35081 | 7.2 | Ivanti | Endpoint Manager Mobile (EPMM) | Mitigation | Unknown | 2023-08-03 | 2023-07-31 | Ivanti Endpoint Manager Mobile (EPMM) contains a path traver... |
| CVE-2023-37580 | 6.1 | Synacor | Zimbra Collaboration Suite (ZCS) | Patched | Unknown | 2023-07-31 | 2023-07-27 | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-si... |
| CVE-2023-38606 | 5.5 | Apple | Multiple Products | Mitigation | Unknown | 2023-07-27 | 2023-07-26 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspe... |
| CVE-2023-35078 | 9.8 | Ivanti | Endpoint Manager Mobile (EPMM) | Mitigation | Known | 2023-07-25 | 2023-07-25 | Ivanti Endpoint Manager Mobile (EPMM, previously branded Mob... |
| CVE-2023-29298 | 7.5 | Adobe | ColdFusion | Mitigation | Unknown | 2023-07-12 | 2023-07-20 | Adobe ColdFusion contains an improper access control vulnera... |
| CVE-2023-38205 | 7.5 | Adobe | ColdFusion | Mitigation | Unknown | 2023-09-14 | 2023-07-20 | Adobe ColdFusion contains an improper access control vulnera... |
| CVE-2023-3519 | 9.8 | Citrix | NetScaler ADC and NetScaler Gateway | Mitigation | Known | 2023-07-19 | 2023-07-19 | Citrix NetScaler ADC and NetScaler Gateway contains a code i... |
| CVE-2023-36884 | 7.5 | Microsoft | Windows | Patched | Known | 2023-07-11 | 2023-07-17 | Microsoft Windows Search contains an unspecified vulnerabili... |
| CVE-2022-29303 | 9.8 | SolarView | Compact | Unpatched | Unknown | 2022-05-12 | 2023-07-13 | SolarView Compact contains a command injection vulnerability... |
| CVE-2023-37450 | 8.8 | Apple | Multiple Products | Mitigation | Unknown | 2023-07-27 | 2023-07-13 | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspe... |
| CVE-2022-31199 | 9.8 | Netwrix | Auditor | Unpatched | Known | 2022-11-08 | 2023-07-11 | Netwrix Auditor User Activity Video Recording component cont... |
| CVE-2023-32046 | 7.8 | Microsoft | Windows | Patched | Unknown | 2023-07-11 | 2023-07-11 | Microsoft Windows MSHTML Platform contains an unspecified vu... |
| CVE-2023-32049 | 8.8 | Microsoft | Windows | Patched | Unknown | 2023-07-11 | 2023-07-11 | Microsoft Windows Defender SmartScreen contains a security f... |
| CVE-2023-35311 | 8.8 | Microsoft | Outlook | Patched | Unknown | 2023-07-11 | 2023-07-11 | Microsoft Outlook contains a security feature bypass vulnera... |
| CVE-2023-36874 | 7.8 | Microsoft | Windows | Patched | Unknown | 2023-07-11 | 2023-07-11 | Microsoft Windows Error Reporting Service contains an unspec... |
| CVE-2021-29256 | 8.8 | Arm | Mali Graphics Processing Unit (GPU) | Mitigation | Unknown | 2021-05-24 | 2023-07-07 | Arm Mali GPU Kernel Driver contains a use-after-free vulnera... |
| CVE-2021-25487 | 7.3 | Samsung | Mobile Devices | Mitigation | Unknown | 2021-10-06 | 2023-06-29 | Samsung mobile devices contain an out-of-bounds read vulnera... |
| CVE-2021-25489 | 3.3 | Samsung | Mobile Devices | Mitigation | Unknown | 2021-10-06 | 2023-06-29 | Samsung mobile devices contain an improper input validation ... |
| CVE-2021-25394 | 6.4 | Samsung | Mobile Devices | Mitigation | Unknown | 2021-06-11 | 2023-06-29 | Samsung mobile devices contain a race condition vulnerabilit... |
| CVE-2021-25395 | 6.4 | Samsung | Mobile Devices | Mitigation | Unknown | 2021-06-11 | 2023-06-29 | Samsung mobile devices contain a race condition vulnerabilit... |
| CVE-2021-25371 | 6.1 | Samsung | Mobile Devices | Mitigation | Unknown | 2021-03-26 | 2023-06-29 | Samsung mobile devices contain an unspecified vulnerability ... |
| CVE-2021-25372 | 6.1 | Samsung | Mobile Devices | Mitigation | Unknown | 2021-03-26 | 2023-06-29 | Samsung mobile devices contain an improper boundary check vu... |
| CVE-2019-17621 | 9.8 | D-Link | DIR-859 Router | Patched | Unknown | 2019-12-30 | 2023-06-29 | D-Link DIR-859 router contains a command execution vulnerabi... |
| CVE-2019-20500 | 7.8 | D-Link | DWL-2600AP Access Point | Patched | Unknown | 2020-03-05 | 2023-06-29 | D-Link DWL-2600AP access point contains an authenticated com... |