31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 451–500 of 1,619 in KEV · page 10 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2023-42793 | JetBrains TeamCity Authentication Bypass Vulnerability KEVJetBrains | JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. |
| CVE-2023-4211 | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability KEVArm | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations t… |
| CVE-2023-41993 | Apple Multiple Products WebKit Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. … |
| CVE-2023-41992 | Apple Multiple Products Kernel Privilege Escalation Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. |
| CVE-2023-41991 | Apple Multiple Products Improper Certificate Validation Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. |
| CVE-2023-41990 | Apple Multiple Products Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. |
| CVE-2023-41974 | Apple iOS and iPadOS Use-After-Free Vulnerability KEVApple | Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2023-41763 | Microsoft Skype for Business Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-41266 | Qlik Sense Path Traversal Vulnerability KEVQlik | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted… |
| CVE-2023-41265 | Qlik Sense HTTP Tunneling Vulnerability KEVQlik | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the … |
| CVE-2023-41179 | Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability KEVTrend Micro | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attack… |
| CVE-2023-41064 | Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability KEVApple | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. … |
| CVE-2023-41061 | Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may re… |
| CVE-2023-40044 | Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability KEVProgress | Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execut… |
| CVE-2023-39780 | ASUS RT-AX55 Routers OS Command Injection Vulnerability KEVASUS | ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represen… |
| CVE-2023-38950 | ZKTeco BioTime Path Traversal Vulnerability KEVZKTeco | ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafte… |
| CVE-2023-38831 | RARLAB WinRAR Code Execution Vulnerability KEVRARLAB | RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. |
| CVE-2023-38606 | Apple Multiple Products Kernel Unspecified Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. |
| CVE-2023-38205 | Adobe ColdFusion Improper Access Control Vulnerability KEVAdobe | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. |
| CVE-2023-38203 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability KEVAdobe | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. |
| CVE-2023-38180 | Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability KEVMicrosoft | Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS). |
| CVE-2023-38035 | Ivanti Sentry Authentication Bypass Vulnerability KEVIvanti | Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication control… |
| CVE-2023-37580 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. |
| CVE-2023-37450 | Apple Multiple Products WebKit Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. … |
| CVE-2023-36884 | Microsoft Windows Search Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted ma… |
| CVE-2023-36874 | Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-36851 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability KEVJuniper | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to … |
| CVE-2023-36847 | Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability KEVJuniper | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to c… |
| CVE-2023-36846 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability KEVJuniper | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to … |
| CVE-2023-36845 | Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability KEVJuniper | Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker… |
| CVE-2023-36844 | Juniper Junos OS EX Series PHP External Variable Modification Vulnerability KEVJuniper | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control cer… |
| CVE-2023-36802 | Microsoft Streaming Service Proxy Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability KEVMicrosoft | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. |
| CVE-2023-36584 | Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security… |
| CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability KEVMicrosoft | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. |
| CVE-2023-36424 | Microsoft Windows Out-of-Bounds Read Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation |
| CVE-2023-36036 | Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. |
| CVE-2023-36033 | Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-36025 | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and t… |
| CVE-2023-35674 | Android Framework Privilege Escalation Vulnerability KEVAndroid | Android Framework contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. |
| CVE-2023-3519 | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability KEVCitrix | Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. |
| CVE-2023-35082 | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability KEVIvanti | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted fu… |
| CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability KEVIvanti | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to t… |
| CVE-2023-35078 | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability KEVIvanti | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to… |
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability KEVProgress | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's d… |
| CVE-2023-34192 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary c… |
| CVE-2023-34048 | VMware vCenter Server Out-of-Bounds Write Vulnerability KEVVMware | VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code… |
| CVE-2023-33538 | TP-Link Multiple Routers Command Injection Vulnerability KEVTP-Link | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacte… |
| CVE-2023-33246 | Apache RocketMQ Command Execution Vulnerability KEVApache | Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker … |