31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 551–600 of 1,619 in KEV · page 12 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2023-23376 | CVE-2023-23376 KEVCVSS 7.8microsoft | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-22952 | CVE-2023-22952 KEVCVSS 8.8sugarcrm | In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. |
| CVE-2023-22527 | Atlassian Confluence Data Center and Server Template Injection Vulnerability KEVAtlassian | Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. |
| CVE-2023-22518 | Atlassian Confluence Data Center and Server Improper Authorization Vulnerability KEVAtlassian | Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unaut… |
| CVE-2023-22515 | Atlassian Confluence Data Center and Server Broken Access Control Vulnerability KEVAtlassian | Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administra… |
| CVE-2023-21839 | CVE-2023-21839 KEVCVSS 7.5oracle | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1… |
| CVE-2023-21823 | CVE-2023-21823 KEVCVSS 7.8microsoft | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2023-21715 | CVE-2023-21715 KEVCVSS 7.3microsoft | Microsoft Publisher Security Feature Bypass Vulnerability |
| CVE-2023-21674 | CVE-2023-21674 KEVCVSS 8.8microsoft | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
| CVE-2023-21608 | CVE-2023-21608 KEVCVSS 7.8adobe | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerabil… |
| CVE-2023-21529 | CVE-2023-21529 KEVCVSS 8.8microsoft | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-21492 | Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability KEVSamsung | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local… |
| CVE-2023-2136 | Google Chrome Skia Integer Overflow Vulnerability KEVGoogle | Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform… |
| CVE-2023-21237 | Android Pixel Information Disclosure Vulnerability KEVAndroid | Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground servi… |
| CVE-2023-20963 | Android Framework Privilege Escalation Vulnerability KEVAndroid | Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional ex… |
| CVE-2023-20887 | Vmware Aria Operations for Networks Command Injection Vulnerability KEVVMware | VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network a… |
| CVE-2023-20867 | VMware Tools Authentication Bypass Vulnerability KEVVMware | VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate… |
| CVE-2023-2033 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2023-20273 | Cisco IOS XE Web UI Command Injection Vulnerability KEVCisco | Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local us… |
| CVE-2023-20269 | Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability KEVCisco | Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacke… |
| CVE-2023-20198 | Cisco IOS XE Web UI Privilege Escalation Vulnerability KEVCisco | Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an ac… |
| CVE-2023-20118 | Cisco Small Business RV Series Routers Command Injection Vulnerability KEVCisco | Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could… |
| CVE-2023-20109 | Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability KEVCisco | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, rem… |
| CVE-2023-1671 | Sophos Web Appliance Command Injection Vulnerability KEVSophos | Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. |
| CVE-2023-1389 | TP-Link Archer AX-21 Command Injection Vulnerability KEVTP-Link | TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. |
| CVE-2023-0669 | CVE-2023-0669 KEVCVSS 7.2fortra | Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserial… |
| CVE-2023-0386 | Linux Kernel Improper Ownership Management Vulnerability KEVLinux | Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found… |
| CVE-2023-0266 | CVE-2023-0266 KEVCVSS 7.9debian | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a u… |
| CVE-2022-48618 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and … |
| CVE-2022-48503 | Apple Multiple Products Unspecified Vulnerability KEVApple | Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code … |
| CVE-2022-47986 | CVE-2022-47986 KEVCVSS 9.8ibm | IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw.… |
| CVE-2022-47966 | CVE-2022-47966 KEVCVSS 9.8zohocorp | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka … |
| CVE-2022-46169 | CVE-2022-46169 KEVCVSS 9.8cacti | Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a… |
| CVE-2022-44877 | CVE-2022-44877 KEVCVSS 9.8control-webpanel | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metac… |
| CVE-2022-44698 | CVE-2022-44698 KEVCVSS 5.4microsoft | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2022-43939 | Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability KEVHitachi Vantara | Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass author… |
| CVE-2022-43769 | Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability KEVHitachi Vantara | Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, … |
| CVE-2022-42948 | Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability KEVFortra | Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. |
| CVE-2022-42856 | CVE-2022-42856 KEVCVSS 8.8apple | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.… |
| CVE-2022-42827 | CVE-2022-42827 KEVCVSS 7.8apple | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An appli… |
| CVE-2022-4262 | CVE-2022-4262 KEVCVSS 8.8google | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromiu… |
| CVE-2022-42475 | CVE-2022-42475 KEVCVSS 9.8fortinet | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6… |
| CVE-2022-41352 | CVE-2022-41352 KEVCVSS 9.8synacor | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to … |
| CVE-2022-4135 | CVE-2022-4135 KEVCVSS 9.6google | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform … |
| CVE-2022-41328 | Fortinet FortiOS Path Traversal Vulnerability KEVFortinet | Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands. |
| CVE-2022-41223 | CVE-2022-41223 KEVCVSS 6.8mitel | The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via cra… |
| CVE-2022-41128 | CVE-2022-41128 KEVCVSS 8.8microsoft | Windows Scripting Languages Remote Code Execution Vulnerability |
| CVE-2022-41125 | CVE-2022-41125 KEVCVSS 7.8microsoft | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| CVE-2022-41091 | CVE-2022-41091 KEVCVSS 5.4microsoft | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2022-41082 | CVE-2022-41082 KEVCVSS 8.0microsoft | Microsoft Exchange Server Remote Code Execution Vulnerability |