CVE ALERTS
Common Vulnerabilities and Exposures
CVE ALERTS
WHAT IS A VULNERABILITY?
An instance of one or more weaknesses in a Product that can be exploited, causing a negative impact to confidentiality, integrity, or availability; a set of conditions or behaviors that allows the violation of an explicit or implicit security policy.
CVE stands for Common Vulnerabilities and Exposures. CVE is a dictionary of unique identifiers for security vulnerabilities in software and hardware. Each CVE identifier is unique and is used to track and provide information about specific vulnerabilities. These identifiers help facilitate communication and information sharing between researchers, security companies, and end users, enabling better understanding and mitigation of security risks.
- The CVE Identifiers (CVE IDs) assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks
- CVE IDs are assigned by CVE Numbering Authorities (CNAs), which are operated on a voluntary basis by participating organizations
These alerts are provided by the https://intel.intruder.io/, A free platform that tracks trending CVEs with AI summaries, risk scores, known exploits, and social media buzz.
| Severity | CVE | Description |
|---|---|---|
| 9.8 CRITICAL | CVE-2024-6047 | GeoVision Devices OS Command Injection Vulnerability |
| 9.8 CRITICAL | CVE-2024-11120 | GeoVision Devices OS Command Injection Vulnerability |
| 8.1 HIGH | CVE-2025-27363 | FreeType Out-of-Bounds Write Vulnerability |
| 9.8 CRITICAL | CVE-2025-3248 | Langflow Missing Authentication Vulnerability |
| 10.0 CRITICAL | CVE-2025-34028 | Commvault Command Center Path Traversal Vulnerability |
| 9.0 CRITICAL | CVE-2024-58136 | Yiiframework Yii Improper Protection of Alternate Path Vulnerability |
| 7.5 HIGH | CVE-2024-21287 | Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability |
| 10.0 CRITICAL | CVE-2024-1212 | Progress Kemp LoadMaster OS Command Injection Vulnerability |
| 9.3 CRITICAL | CVE-2024-0012 | Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability |
| 6.9 MEDIUM | CVE-2024-9474 | Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability |
| 9.9 CRITICAL | CVE-2024-9463 | Palo Alto Networks Expedition OS Command Injection Vulnerability |
| 9.2 CRITICAL | CVE-2024-9465 | Palo Alto Networks Expedition SQL Injection Vulnerability |
| 8.6 HIGH | CVE-2025-1976 | Broadcom Brocade Fabric OS Code Injection Vulnerability |
| 9.8 CRITICAL | CVE-2025-42599 | Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability |
| 8.7 HIGH | CVE-2025-3928 | Commvault Web Server Unspecified Vulnerability |
| 9.0 CRITICAL | CVE-2025-30406 | Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability |
| 7.8 HIGH | CVE-2025-29824 | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability |
| 9.8 CRITICAL | CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability |
| 9.8 CRITICAL | CVE-2024-20439 | Cisco Smart Licensing Utility Static Credential Vulnerability |
| 10.0 CRITICAL | CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability |
| 9.1 CRITICAL | CVE-2025-29927 | is an authorization bypass vulnerability affecting Next.js, a React framework. |
| 9.8 CRITICAL | CVE-2025-1974 | is a vulnerability within the Ingress NGINX Controller for Kubernetes, specifically affecting the admission controller component. |
| 8.8 HIGH | CVE-2025-24514 | is one of several critical vulnerabilities collectively named "IngressNightmare" found in the Ingress NGINX Controller for Kubernetes. |
| 8.8 HIGH | CVE-2025-1098 | is one of five critical vulnerabilities disclosed in the Ingress NGINX Controller for Kubernetes. |
| 8.8 HIGH | CVE-2025-1097 | is a security vulnerability found in the ingress-nginx controller for Kubernetes. |
| 4.8 MEDIUM | CVE-2025-24513 | is a security vulnerability found in the ingress-nginx component of Kubernetes. |
| 8.8 HIGH | CVE-2024-12695 | is an out-of-bounds write vulnerability found in the V8 JavaScript engine of Google Chrome versions prior to 131.0.6778.204. |
| 8.6 HIGH | CVE-2025-30154 | refers to a security vulnerability found in the reviewdog/action-setup GitHub Action. |
| 9.3 CRITICAL | CVE-2025-1316 | Edimax IC-7100 IP Camera OS Command Injection Vulnerability |
| 8.6 HIGH | CVE-2024-48248 | NAKIVO Backup and Replication Absolute Path Traversal Vulnerability |
| 8.1 HIGH | CVE-2025-24472 | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability |
| 8.6 HIGH | CVE-2025-30066 | tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability |
| 6.7 MEDIUM | CVE-2025-21590 | Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability |
| 7.0 HIGH | CVE-2025-24983 | Microsoft Windows Win32k Use-After-Free Vulnerability |
| 4.6 MEDIUM | CVE-2025-24984 | Microsoft Windows NTFS Information Disclosure Vulnerability |
| 7.8 HIGH | CVE-2025-24985 | Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability |
| 5.5 MEDIUM | CVE-2025-24991 | Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability |
| 7.8 HIGH | CVE-2025-24993 | Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability |
| 7.0 HIGH | CVE-2025-26633 | Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability |
| 5.8 MEDIUM | CVE-2025-25181 | Advantive VeraCore SQL Injection Vulnerability |
| 9.9 CRITICAL | CVE-2024-57968 | Advantive VeraCore Unrestricted File Upload Vulnerability |
| 9.8 CRITICAL | CVE-2024-13159 | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability |
| 9.8 CRITICAL | CVE-2024-13160 | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability |
| 9.8 CRITICAL | CVE-2024-13161 | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability |
| 8.2 HIGH | CVE-2025-22225 | VMware ESXi Arbitrary Write Vulnerability |
| 9.3 CRITICAL | CVE-2025-22224 | VMware ESXi and Workstation TOCTOU Race Condition Vulnerability |
| 7.1 HIGH | CVE-2025-22226 | VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability |
| 8.7 HIGH | CVE-2024-49035 | Microsoft Partner Center Improper Access Control Vulnerability |
| 8.8 HIGH | CVE-2024-20953 | Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability |
| 7.1 HIGH | CVE-2025-0111 | Palo Alto Networks PAN-OS File Read Vulnerability |
| 8.1 HIGH | CVE-2025-23209 | Craft CMS Code Injection Vulnerability |
| 8.8 HIGH | CVE-2025-0108 | Palo Alto PAN-OS Authentication Bypass Vulnerability |
| 8.8 HIGH | CVE-2024-40891 | Zyxel DSL CPE OS Command Injection Vulnerability |
| 8.8 HIGH | CVE-2024-40890 | Zyxel DSL CPE OS Command Injection Vulnerability |
| 7.8 HIGH | CVE-2025-21418 | Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability |
| 7.1 HIGH | CVE-2025-21391 | Microsoft Windows Storage Link Following Vulnerability |
| 7.5 HIGH | CVE-2024-29059 | Microsoft .NET Framework Information Disclosure Vulnerability |
| 7.0 HIGH | CVE-2025-0411 | 7-Zip Mark of the Web Bypass Vulnerability |
| 9.8 CRITICAL | CVE-2024-21413 | Microsoft Outlook Improper Input Validation Vulnerability |
| 8.6 HIGH | CVE-2025-0994 | Trimble Cityworks Deserialization Vulnerability |
| 10.0 CRITICAL | CVE-2024-50603 | Aviatrix Controllers OS Command Injection Vulnerability |
| 6.9 MEDIUM | CVE-2020-11023 | JQuery Cross-Site Scripting (XSS) Vulnerability |
| 6.6 MEDIUM | CVE-2024-12686 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability |
| 9.6 CRITICAL | CVE-2024-48365 | Qlik Sense HTTP Tunneling Vulnerability |
| 9.0 CRITICAL | CVE-2025-0282 | Ivanti Connect Secure Vulnerability |
| 7.4 HIGH | CVE-2024-20767 | Adobe ColdFusion Improper Access Control Vulnerability |
| 7.8 HIGH | CVE-2024-35250 | Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability |
| 10.0 CRITICAL | CVE-2024-51378 | CyberPanel Incorrect Default Permissions Vulnerability |
| 9.8 CRITICAL | CVE-2020-2883 | Oracle WebLogic Server Unspecified Vulnerability |
| 8.7 HIGH | CVE-2024-3393 | Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability |
| 9.8 CRITICAL | CVE-2024-12356 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability |
| 9.1 CRITICAL | CVE-2021-40407 | Reolink RLC-410W IP Camera OS Command Injection Vulnerability |
| 7.8 HIGH | CVE-2024-49138 | Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability |
| 9.8 CRITICAL | CVE-2024-11680 | ProjectSend Improper Authentication Vulnerability |
| 7.5 HIGH | CVE-2024-11667 | Zyxel Multiple Firewalls Path Traversal Vulnerability |
| 9.8 CRITICAL | CVE-2024-38812 | VMware vCenter Server Heap-Based Buffer Overflow Vulnerability |
| 7.5 HIGH | CVE-2024-38813 | VMware vCenter Server Privilege Escalation Vulnerability |
| 7.8 HIGH | CVE-2024-48990 | A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable |
| 7.8 HIGH | CVE-2024-48991 | A vulnerability that allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter |
| 7.8 HIGH | CVE-2024-48992 | A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable |
| 7.8 HIGH | CVE-2024-11003 | A vulnerability that allows local attackers to execute arbitrary shell commands as root by taking advantage of an issue in the libmodule-scandeps-perl package (before version 1.36) |
| 9.8 CRITICAL | CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability |
| 7.5 HIGH | CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability |
| 8.1 HIGH | CVE-2024-43625 | HyperV VMSwitch Elevation of Privilege Vulnerability |
| 6.5 MEDIUM | CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
| 8.8 HIGH | CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability |
| 7.8 HIGH | CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
| 9.8 CRITICAL | CVE-2024-43498 | NET and Visual Studio Remote Code Execution Vulnerability |
| 9.9 CRITICAL | CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability |
| 10.0 CRITICAL | CVE-2021-41277 | Metabase GeoJSON API Local File Inclusion Vulnerability |
| 6.5 MEDIUM | CVE-2024-43451 | Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability |
| 8.8 HIGH | CVE-2024-49039 | Microsoft Windows Task Scheduler Privilege Escalation Vulnerability |
| 10.0 CRITICAL | CVE-2024-51567 | CyberPanel Incorrect Default Permissions Vulnerability |
| 9.3 CRITICAL | CVE-2024-5910 | Palo Alto Expedition Missing Authentication Vulnerability |
| 7.2 HIGH | CVE-2024-8957 | PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability |
| 9.1 CRITICAL | CVE-2024-8956 | PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability |
| 5.8 MEDIUM | CVE-2024-20481 | Cisco ASA and FTD Denial-of-Service Vulnerability |
| 9.8 CRITICAL | CVE-2024-47575 | Fortinet FortiManager Missing Authentication Vulnerability |
| 7.2 HIGH | CVE-2024-38094 | Microsoft SharePoint Deserialization Vulnerability |
| 9.8 CRITICAL | CVE-2024-9537 | ScienceLogic SL1 Unspecified Vulnerability |
| 9.8 CRITICAL | CVE-2024-40711 | Veeam Backup and Replication Deserialization Vulnerability |
| 7.0 HIGH | CVE-2024-30088 | Microsoft Windows Kernel TOCTOU Race Condition Vulnerability |
| 9.1 CRITICAL | CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability |
| 9.8 CRITICAL | CVE-2024-23113 | Fortinet Multiple Products Format String Vulnerability |
| 6.5 MEDIUM | CVE-2024-9379 | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability |
| 7.2 HIGH | CVE-2024-9380 | Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability |
| 7.8 HIGH | CVE-2024-43047 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability |
| 7.8 HIGH | CVE-2024-43572 | Microsoft Windows Management Console Remote Code Execution Vulnerability |
| 6.5 MEDIUM | CVE-2024-43573 | Microsoft Windows MSHTML Platform Spoofing Vulnerability |
| 10.0 CRITICAL | CVE-2024-45519 | Synacor Zimbra Collaboration Command Execution Vulnerability |
| 9.6 CRITICAL | CVE-2024-29824 | Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability |
| 9.8 CRITICAL | WAITING | CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability |
| 9.8 CRITICAL | WAITING | CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability |
| 5.8 MEDIUM | CVE-2021-4043 | Motion Spell GPAC Null Pointer Dereference Vulnerability |
| 9.8 CRITICAL | WAITING | CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability |
| 9.8 CRITICAL | CVE-2024-7593 | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability |
| 9.4 CRITICAL | CVE-2024-8963 | Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability |
| 9.8 CRITICAL | CVE-2024-27348 | Apache HugeGraph-Server Improper Access Control Vulnerability |
| 8.8 HIGH | CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability |
| 7.8 HIGH | CVE-2019-1069 | Microsoft Windows Task Scheduler Privilege Escalation Vulnerability |
| 9.8 CRITICAL | CVE-2022-21445 | Oracle JDeveloper Remote Code Execution Vulnerability |
| 9.8 CRITICAL | CVE-2020-14644 | Oracle WebLogic Server Remote Code Execution Vulnerability |
| 10.0 CRITICAL | CVE-2014-0497 | Adobe Flash Player Integer Underflow Vulnerability |
| 9.3 CRITICAL | CVE-2013-0643 | Adobe Flash Player Incorrect Default Permissions Vulnerability |
| 9.3 CRITICAL | CVE-2013-0648 | Adobe Flash Player Code Execution Vulnerability |
| 10.0 CRITICAL | CVE-2014-0502 | Adobe Flash Player Double Free Vulnerability |
| 8.8 HIGH | CVE-2024-43461 | Microsoft Windows MSHTML Platform Spoofing Vulnerability |
| 9.8 CRITICAL | CVE-2024-6670 | Progress WhatsUp Gold SQL Injection Vulnerability |
| 7.2 HIGH | CVE-2024-8190 | Ivanti Cloud Services Appliance OS Command Injection Vulnerability |
| 7.3 HIGH | CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability |
| 9.8 CRITICAL | CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability |
| 7.8 HIGH | CVE-2024-38014 | Microsoft Windows Installer Privilege Escalation Vulnerability |
| 5.4 MEDIUM | CVE-2024-38217 | Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability |
| 8.4 HIGH | WAITING | CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability |
| 7.8 HIGH | CVE-2017-1000253 | Linux Kernel PIE Stack Buffer Corruption Vulnerability |
| 9.8 CRITICAL | CVE-2024-40766 | SonicWall SonicOS Improper Access Control Vulnerability |
| 7.5 HIGH | WAITING | CVE-2021-20123 Draytek VigorConnect Path Traversal Vulnerability |
| 7.5 HIGH | WAITING | CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability |
| 9.2 CRITICAL | CVE-2024-7262 | Kingsoft WPS Office Path Traversal Vulnerability |
| 8.8 HIGH | CVE-2024-7965 | Google Chromium V8 Inappropriate Implementation Vulnerability |
| 8.8 HIGH | CVE-2024-7971 | Google Chromium V8 Type Confusion Vulnerability |
| 7.8 HIGH | CVE-2024-4610 | ARM Mali GPU Kernel Driver Use-After-Free Vulnerability |
| 9.8 CRITICAL | CVE-2024-4577 | PHP-CGI OS Command Injection Vulnerability |
| 8.6 HIGH | CVE-2024-24919 | Check Point Quantum Security Gateways Information Disclosure Vulnerability |
| 7.8 HIGH | CVE-2024-1086 | Linux Kernel Use-After-Free Vulnerability |
| 8.7 HIGH | CVE-2024-4978 | Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability |
| 9.8 CRITICAL | CVE-2024-38856 | Apache OFBiz Incorrect Authorization Vulnerability |
| 8.4 HIGH | CVE-2022-0185 | Linux Kernel Heap-Based Buffer Overflow |
| 8.8 HIGH | CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability |
| 7.8 HIGH | CVE-2024-38178 | Microsoft Windows Scripting Engine Memory Corruption Vulnerability |
| 6.5 MEDIUM | CVE-2024-38213 | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability |
| 7.8 HIGH | CVE-2024-38193 | Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability |
| 7.0 HIGH | CVE-2024-38106 | Microsoft Windows Kernel Privilege Escalation Vulnerability |
| 7.8 HIGH | CVE-2024-38107 | Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability |
| 8.8 HIGH | WAITING | CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability |
| 6.8 MEDIUM | WAITING | CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability |
| 9.3 CRITICAL | CVE-2024-4879 | ServiceNow Improper Input Validation Vulnerability |
| 9.2 CRITICAL | CVE-2024-5217 | ServiceNow Incomplete List of Disallowed Inputs Vulnerability |
| 5.3 MEDIUM | CVE-2024-39891 | Twilio Authy Information Disclosure Vulnerability |
| 9.2 CRITICAL | CVE-2024-36401 | OSGeo GeoServer GeoTools Eval Injection Vulnerability |
| 7.8 HIGH | CVE-2024-38080 | Microsoft Windows Hyper-V Privilege Escalation Vulnerability |
| 7.5 HIGH | CVE-2024-38112 | Microsoft Windows MSHTML Platform Spoofing Vulnerability |
| 7.8 HIGH | CVE-2022-2586 | Linux Kernel Use-After-Free Vulnerability |
| 9.8 CRITICAL | CVE-2024-4358 | Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability |
| 8.8 HIGH | CVE-2024-4761 | Google Chromium V8 Out-of-Bounds Memory Write Vulnerability |
| 8.8 HIGH | CVE-2024-4947 | Google Chromium V8 Type Confusion Vulnerability |
| 9.6 CRITICAL | CVE-2024-4671 | Google Chromium in Visuals Use-After-Free Vulnerability |
| 10.0 CRITICAL | WAITING | CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability |
| 10.0 CRITICAL | CVE-2024-4040 | CrushFTP VFS Sandbox Escape Vulnerability |
| 10.0 CRITICAL | CVE-2024-1709 | ConnectWise ScreenConnect Authentication Bypass Vulnerability |
| 7.5 HIGH | CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability |
| 8.1 HIGH | CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability |
| 10.0 CRITICAL | CVE-2023-22527 | Atlassian Confluence Data Center and Server Template Injection Vulnerability |
| 9.8 CRITICAL | CVE-2021-33044 | Dahua IP Camera Authentication Bypass Vulnerability |
| 9.8 CRITICAL | CVE-2021-33045 | Dahua IP Camera Authentication Bypass Vulnerability |
| 7.2 HIGH | CVE-2021-31196 | Microsoft Exchange Server Information Disclosure Vulnerability |
| 9.8 CRITICAL | CVE-2024-23897 | Jenkins Command Line Interface (CLI) Path Traversal Vulnerability |
| 9.8 CRITICAL | CVE-2024-28986 | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability |
| 7.2 HIGH | CVE-2024-36971 | Android Kernel Remote Code Execution Vulnerability |
| 9.8 CRITICAL | CVE-2024-32113 | Apache OFBiz Path Traversal Vulnerability |
| 9.8 CRITICAL | CVE-2023-45249 | Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability |
| 8.8 HIGH | CVE-2012-4792 | Microsoft Internet Explorer Use-After-Free Vulnerability |
| 9.8 CRITICAL | CVE-2024-34102 | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability |
| 8.6 HIGH | CVE-2024-28995 | SolarWinds Serv-U Path Traversal Vulnerability |
| 6.5 MEDIUM | CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability |
| 9.8 CRITICAL | CVE-2024-23692 | Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability |
| 6.0 MEDIUM | CVE-2024-20399 | Cisco NX-OS Command Injection Vulnerability |
| 10.0 CRITICAL | CVE-2022-24816 | GeoSolutionsGroup JAI-EXT Code Injection Vulnerability |
| 6.1 MEDIUM | CVE-2020-13965 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability |
| 7.8 HIGH | CVE-2024-32896 | Android Pixel Privilege Escalation Vulnerability |
| 7.8 HIGH | CVE-2024-26169 | Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability |
| 7.4 HIGH | CVE-2017-3506 | Oracle WebLogic Server OS Command Injection Vulnerability |
| 8.8 HIGH | CVE-2014-100005 | D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability |
| 7.5 HIGH | CVE-2021-40655 | D-Link DIR-605 Router Information Disclosure Vulnerability |
| 9.8 CRITICAL | CVE-2023-43208 | NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability |
| 8.8 HIGH | CVE-2014-100005 | D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability |
| 7.5 HIGH | CVE-2021-40655 | D-Link DIR-605 Router Information Disclosure Vulnerability |
| 7.8 HIGH | CVE-2024-30051 | Microsoft DWM Core Library Privilege Escalation Vulnerability |
| 8.8 HIGH | CVE-2024-30040 | Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability |
| 10.0 CRITICAL | CVE-2023-7028 | GitLab Community and Enterprise Editions Improper Access Control Vulnerability |
| 8.8 HIGH | CVE-2024-29988 | Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability |
| 8.6 HIGH | CVE-2024-20353 | Cisco ASA and FTD Denial of Service Vulnerability |
| 6.0 MEDIUM | CVE-2024-20359 | Cisco ASA and FTD Privilege Escalation Vulnerability |
| 7.8 HIGH | CVE-2022-38028 | Microsoft Windows Print Spooler Privilege Escalation Vulnerability |
| 10.0 CRITICAL | CVE-2024-3400 | Palo Alto Networks PAN-OS Command Injection Vulnerability |
| 9.8 CRITICAL | CVE-2024-3272 | D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability |
| 7.3 HIGH | CVE-2024-3273 | D-Link Multiple NAS Devices Command Injection Vulnerability |
| 5.5 MEDIUM | CVE-2024-29745 | Android Pixel Information Disclosure Vulnerability |
| 7.8 MEDIUM | CVE-2024-29748 | Android Pixel Privilege Escalation Vulnerability |
| 8.4 HIGH | CVE-2023-29360 | Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability |
| 7.2 HIGH | CVE-2023-24955 | Microsoft SharePoint Server Code Injection Vulnerability |
| 9.8 CRITICAL | CVE-2023-48788 | Fortinet FortiClient EMS SQL Injection Vulnerability |
| 9.8 CRITICAL | CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability |
| 9.8 CRITICAL | CVE-2019-7256 | Nice Linear eMerge E3-Series OS Command Injection Vulnerability |
| 9.9 CRITICAL | CVE-2023-46808 | (Authenticated Remote File Write) for Ivanti Neurons for ITSM |
| 8.8 HIGH | CVE-2023-41724 | (Remote Code Execution) for Ivanti Standalone Sentry |
| 9.8 CRITICAL | CVE-2024-27198 | JetBrains TeamCity Authentication Bypass Vulnerability |
| 7.8 HIGH | CVE-2024-23225 | Apple iOS and iPadOS Memory Corruption Vulnerability |
| 7.8 HIGH | CVE-2024-23296 | Apple iOS and iPadOS Memory Corruption Vulnerability |
| 5.5 MEDIUM | CVE-2023-21237 | Android Pixel Information Disclosure Vulnerability |
| 9.8 CRITICAL | CVE-2021-36380 | Sunhillo SureLine OS Command Injection Vulnerablity |
| 7.8 HIGH | CVE-2024-21338 | Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability |
| 7.5 HIGH | CVE-2020-3259 | Cisco ASA and FTD Information Disclosure Vulnerability |
| 9.8 CRITICAL | CVE-2024-21410 | Microsoft Exchange Server Privilege Escalation Vulnerability |
| 6.1 MEDIUM | CVE-2023-43770 | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability |
| 8.2 HIGH | CVE-2023-6549 | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability |
| 5.5 MEDIUM | CVE-2023-6548 | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability |
| 8.8 HIGH | CVE-2024-0519 | Google Chromium V8 Out-of-Bounds Memory Access Vulnerability |
| 9.8 CRITICAL | CVE-2023-35082 | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability |
| 8.1 HIGH | CVE-2024-21412 | Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability |
| 7.6 HIGH | CVE-2024-21351 | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability |
| 9.8 CRITICAL | CVE-2024-21762 | Fortinet FortiOS Out-of-Bound Write Vulnerability |
| 8.8 HIGH | CVE-2023-4762 | Google Chromium V8 Type Confusion Vulnerability |
| 9.8 CRITICAL | CVE-2023-34048 | VMware vCenter Server Out-of-Bounds Write Vulnerability |
| 9.1 CRITICAL | CVE-2024-21887 | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability |
| 7.8 HIGH | CVE-2023-7101 | Spreadsheet::ParseExcel Remote Code Execution Vulnerability |
| 8.8 HIGH | CVE-2023-7024 | Google Chromium WebRTC Heap Buffer Overflow Vulnerability |
| 8.8 HIGH | CVE-2023-5217 | Google Chrome libvpx Heap Buffer Overflow Vulnerability |
| 9.8 CRITICAL | CVE-2023-47246 | SysAid Server Path Traversal Vulnerability |
| 8.2 HIGH | CVE-2023-46805 | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability |
| 8.8 HIGH | CVE-2023-46748 | F5 BIG-IP SQL Injection Vulnerability |
| 9.8 CRITICAL | CVE-2023-46747 | F5 BIG-IP Authentication Bypass Vulnerability |
| 10.0 CRITICAL | CVE-2023-46604 | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability |
| 7.5 HIGH | CVE-2023-44487 | HTTP/2 Rapid Reset Attack Vulnerability |
| 6.5 MEDIUM | CVE-2023-42916 | Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability |
| 5.5 MEDIUM | CVE-2023-4211 | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability |
| 8.8 HIGH | CVE-2023-41993 | Apple Multiple Products WebKit Code Execution Vulnerability |
| 7.8 HIGH | CVE-2023-41992 | Apple Multiple Products Kernel Privilege Escalation Vulnerability |
| 5.5 MEDIUM | CVE-2023-41991 | Apple Multiple Products Improper Certificate Validation Vulnerability |
| 7.8 HIGH | CVE-2023-41990 | Apple Multiple Products Code Execution Vulnerability |
| 5.3 MEDIUM | CVE-2023-41763 | Microsoft Skype for Business Privilege Escalation Vulnerability |
| 5.3 MEDIUM | CVE-2023-41721 | UniFi Network Application |
| 7.8 HIGH | CVE-2023-38831 | RARLAB WinRAR Code Execution Vulnerability |
| 9.8 CRITICAL | CVE-2023-38203 | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
| 9.8 CRITICAL | CVE-2023-38035 | Ivanti Sentry Authentication Bypass Vulnerability |
| 7.5 HIGH | CVE-2023-36884 | Microsoft Office and Windows HTML Remote Code Execution Vulnerability |
| 7.8 HIGH | CVE-2023-36874 | Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability |
| 5.3 MEDIUM | CVE-2023-36851 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability |
| 5.3 MEDIUM | CVE-2023-36846 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability |
| 9.8 CRITICAL | CVE-2023-36845 | Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability |
| 5.3 MEDIUM | CVE-2023-36844 | Juniper Junos OS EX Series PHP External Variable Modification Vulnerability |
| 7.8 HIGH | CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| 6.5 MEDIUM | CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability |
| 7.8 HIGH | CVE-2023-36631 | Lack of access control in wfc.exe in Malwarebytes Binisoft |
| 6.5 MEDIUM | CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability |
| 9.6 CRITICAL | CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability |
| 5.3 MEDIUM | CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability |
| 7.5 HIGH | CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability |
| 8.1 HIGH | CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| 8.8 HIGH | CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| 6.5 MEDIUM | CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability |
| 8.8 HIGH | CVE-2023-35639 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| 8.8 HIGH | CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| 6.5 MEDIUM | CVE-2023-35642 | Internet Connection Sharing (ICS) Denial-of-Service Vulnerability |
| 9.6 CRITICAL | CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability |
| 7.5 HIGH | CVE-2023-35638 | DHCP Server Service Denial-of-Service Vulnerability |
| 7.5 HIGH | CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability |
| 5.3 MEDIUM | CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability |
| 9.8 CRITICAL | CVE-2023-47246 | SysAid Server Path Traversal Vulnerability |
| 5.3 MEDIUM | CVE-2023-36844 | Juniper Junos OS EX Series PHP External Variable Modification Vulnerability |
| 9.8 CRITICAL | CVE-2023-36845 | Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability |
| 5.3 MEDIUM | CVE-2023-36846 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability |
| 5.3 MEDIUM | CVE-2023-36851 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability |
| 7.5 HIGH | CVE-2023-29552 | Service Location Protocol (SLP) Denial-of-Service Vulnerability |
| 10.0 CRITICAL | CVE-2023-22518 | Atlassian Confluence Data Center and Server Improper Authorization Vulnerability |
| 10.0 CRITICAL | CVE-2023-46604 | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability |
| 9.8 CRITICAL | CVE-2023-46747 | F5 BIG-IP Authentication Bypass Vulnerability |
| 8.8 HIGH | CVE-2023-46748 | F5 BIG-IP SQL Injection Vulnerability |
| 5.5 MEDIUM | CVE-2023-4211 | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability |
| 10.0 CRITICAL | CVE-2023-20198 | Cisco IOS XE Web UI Privilege Escalation Vulnerability |
| 10.0 CRITICAL | CVE-2023-41721 | UniFi Network Application |
| 7.8 HIGH | CVE-2023-21608 | Adobe Acrobat and Reader Use-After-Free Vulnerability |
| 6.6 MEDIUM | CVE-2023-20109 | Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability |
| 5.3 MEDIUM | CVE-2023-41763 | Microsoft Skype for Business Privilege Escalation Vulnerability |
| 6.5 MEDIUM | CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability |
| 7.5 HIGH | CVE-2023-44487 | HTTP/2 Rapid Reset Attack Vulnerability |
| 8.8 HIGH | CVE-2023-5217 | Google Chrome libvpx Heap Buffer Overflow Vulnerability |
| 5.5 MEDIUM | CVE-2023-41991 | Apple Multiple Products Improper Certificate Validation Vulnerability |
| 7.8 HIGH | CVE-2023-41992 | Apple Multiple Products Kernel Privilege Escalation Vulnerability |
| 9.8 CRITICAL | CVE-2023-41993 | Apple Multiple Products WebKit Code Execution Vulnerability |
| 7.8 HIGH | CVE-2023-38831 | RARLAB WinRAR Code Execution Vulnerability |
| 9.8 CRITICAL | CVE-2023-38035 | Ivanti Sentry Authentication Bypass Vulnerability |
| 8.8 HIGH | CVE-2023-36884 | Microsoft Office and Windows HTML Remote Code Execution Vulnerability |
| 7.8 HIGH | CVE-2023-36874 | Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability |
| 7.8 HIGH | CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| 6.2 MEDIUM | CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability |
| 7.8 HIGH | CVE-2023-36631 | Lack of access control in wfc.exe in Malwarebytes Binisoft |
| 8.8 HIGH | CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability |
| 10.0 CRITICAL | CVE-2023-35078 | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability |
| 5.4 MEDIUM | CVE-2023-34830 | i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability |
| 5.3 MEDIUM | CVE-2023-34099 | Shopware is an open source e-commerce software. |
| 9.8 CRITICAL | CVE-2023-33246 | Apache RocketMQ Command Execution Vulnerability |
| 8.8 HIGH | CVE-2023-32049 | Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability |
| 7.8 HIGH | CVE-2023-32046 | Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability |
| 8.8 HIGH | CVE-2023-3079 | Google Chromium V8 Type Confusion Vulnerability |
| 8.8 HIGH | CVE-2023-28434 | MinIO Security Feature Bypass Vulnerability |
| 9.8 CRITICAL | CVE-2023-27997 | Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability |
| 7.5 HIGH | CVE-2023-27532 | Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability |
| 7.8 HIGH | CVE-2023-26369 | Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability |
| 9.8 CRITICAL | CVE-2023-24489 | Citrix Content Collaboration ShareFile Improper Access Control Vulnerability |
| 9.8 CRITICAL | CVE-2023-20887 | VMware Aria Operations for Networks Command Injection Vulnerability |
| 9.8 CRITICAL | CVE-2022-31199 | Netwrix Auditor Insecure Object Deserialization Vulnerability |
| 9.8 CRITICAL | CVE-2022-29303 | SolarView Compact Command Injection Vulnerability |
| 9.8 CRITICAL | CVE-2021-44026 | Roundcube Webmail SQL Injection Vulnerability |
| 5.5 MEDIUM | CVE-2021-25489 | Samsung Mobile Devices Improper Input Validation Vulnerability |
| 7.8 HIGH | CVE-2021-25487 | Samsung Mobile Devices Out-of-Bounds Read Vulnerability |
| 6.4 MEDIUM | CVE-2021-25395 | Samsung Mobile Devices Race Condition Vulnerability |
| 6.4 MEDIUM | CVE-2021-25394 | Samsung Mobile Devices Race Condition Vulnerability |
| 6.7 MEDIUM | CVE-2021-25372 | Samsung Mobile Devices Improper Boundary Check Vulnerability |
| 6.7 MEDIUM | CVE-2021-25371 | Samsung Mobile Devices Unspecified Vulnerability |
| 6.1 MEDIUM | CVE-2020-35730 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability |
| 9.8 CRITICAL | CVE-2020-12641 | Roundcube Webmail Remote Code Execution Vulnerability |
| 7.8 HIGH | CVE-2019-20500 | D-Link DWL-2600AP Access Point Command Injection Vulnerability |
| 9.8 CRITICAL | CVE-2019-17621 | D-Link DIR-859 Router Command Execution Vulnerability |
| Severity | Severity Score Range |
|---|---|
| CRITICAL | 9.0 - 10.0 |
| HIGH | 7.0 - 8.9 |
| MEDIUM | 4.0 - 6.9 |
| LOW | 0.1 - 3.9 |
| NONE | 0.0 |
Copyright © 2017 - 2025 Cyberprotech ® all rights reserved. The Cyberprotech name and logo are registered trademarks with the NÂș. 639923. Cyberprotech Unip. Lda. Use of this site constitutes acceptance of our website Terms of Service, Terms of Sale and Privacy Policy .