236 CVEs published in 2023. 163 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
236 fix guides from 2023 ⚠ 163 actively exploited (CISA KEV)CVE-2023-1671 is an OS command injection in Sophos Web Appliance. Verified patched version, official vendor advisory, and how to confirm the
CVE-2023-20198 is the Cisco IOS XE web UI vulnerability that gave unauthenticated attackers full admin access. Affected versions, fix builds
CVE-2023-20887 is a remote code execution flaw in Aria Operations for Networks (Formerly vRealize Network Insight). Verified patched version
CVE-2023-2136 is an integer overflow flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2023-22515 is the Confluence Data Center / Server zero-day that let attackers create admin accounts unauthenticated. Patched versions an
CVE-2023-22518 lets an unauthenticated attacker reset Confluence and create new admin accounts. Affected versions, patched builds, recovery
CVE-2023-22527 is the Confluence Data Center / Server template injection that gives unauthenticated RCE. Affected versions, fixed versions,
CVE-2023-23397 is a improper input validation in Microsoft Office Ltsc 2021. Patched version, runnable upgrade commands, and how to verify t
CVE-2023-24489 lets unauthenticated attackers compromise the Citrix ShareFile customer-managed Storage Zones Controller. Patched build and u
CVE-2023-25280 is a command injection flaw in DIR-820 Router. Verified patched version and mitigations from the official advisory.
CVE-2023-25717 is a remote code execution flaw in Ruckus Wireless Admin through. Verified patched version and mitigations from the official
CVE-2023-26359 is the first in the 2023 Adobe ColdFusion deserialization series. Same Lockdown Guide hardening as CVE-2023-29300.
CVE-2023-27350 is an access control bypass in NG. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-27992 is an OS command injection in NAS326 firmware. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2023-27997 is a path traversal in FortiOS-6K7K. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-28461 is a remote code execution flaw in AG/vxAG ArrayOS. Verified patched version and mitigations from the official advisory.
CVE-2023-2868: an OS command injection in Barracuda Email Security Gateway. Patched version and vendor advisory inside.
CVE-2023-28771: an OS command injection in ZyWALL/USG series firmware. Patched version and vendor advisory inside.
CVE-2023-29300 is the Adobe ColdFusion Wddx deserialization RCE. Affected versions, patched builds, and lockdown.html considerations.
CVE-2023-29357 incorrect implementation of authentication algorithm in Microsoft Sharepoint Server 2019. Runnable upgrade commands and verif
CVE-2023-29492 is a security vulnerability flaw in Novi Survey. Verified patched version and mitigations from the official advisory.
CVE-2023-33009 is a vulnerability in ATP series firmware. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-33010 is a vulnerability in ATP series firmware. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-34048 is the vCenter DCERPC out-of-bounds write, UNC3886 used it as a zero-day for two years. Patched builds and Linux Service Cons
CVE-2023-34192 is a security vulnerability flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offic
CVE-2023-34362 is a sql injection flaw in In Progress MOVEit Transfer. Verified patched version and mitigations from the official advisory.
CVE-2023-35078 is the Ivanti EPMM zero-day used against Norwegian government ministries in 2023. Affected versions, patched builds, and IoC
CVE-2023-35082 lets unauthenticated attackers access restricted Ivanti EPMM 11.10 and earlier (and legacy MobileIron Core) APIs. Upgrade and
CVE-2023-3519 is the Citrix NetScaler / ADC / Gateway zero-day used to compromise US critical infrastructure in 2023. Patched versions and I
CVE-2023-36845 is an arbitrary file read in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-38203 is one of the ColdFusion 2018u17 / 2021u7 deserialization siblings. Same patch as CVE-2023-29300.
CVE-2023-40044 is an unsafe deserialization in WS_FTP Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2023-41265 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-42793 is an authentication bypass in TeamCity. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2023-43208 is a remote code execution flaw in NextGen Healthcare Mirth Connect. Verified patched version and mitigations from the offici
CVE-2023-45249: a default credentials in Acronis Cyber Infrastructure. Patched version and vendor advisory inside.
CVE-2023-46604 lets a remote attacker run code on Apache ActiveMQ via the OpenWire protocol. Patched versions, upgrade steps, and Kinsing/ra
CVE-2023-46747 lets unauthenticated attackers bypass the F5 BIG-IP Configuration Utility (TMUI). Patched builds and TMUI lockdown procedure.
CVE-2023-47246 is a path traversal flaw in In SysAid On-Premise. Verified patched version and mitigations from the official advisory.
CVE-2023-48365 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-48788 is a SQL injection in FortiClientEMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-49103 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-4966 is a memory corruption in NetScaler ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2023-6448 is an insecure default configuration in VisiLogic. Verified patched version, official vendor advisory, and how to confirm the
CVE-2023-7028 lets an attacker hijack any GitLab account by sending the password reset email to their own address. Patch and audit steps for
CVE-2023-0266 is an use-after-free in Linux Kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-0386 is a security vulnerability flaw in Kernel. Verified patched version and mitigations from the official advisory.
CVE-2023-0669 is an insecure deserialization flaw in Goanywhere MFT. Verified patched version and mitigations from the official advisory.
CVE-2023-1389 is a command injection flaw in TP-Link Archer AX21 (AX1800). Verified patched version and mitigations from the official adviso
CVE-2023-20273 is an OS command injection in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm t
CVE-2023-2033 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2023-20963 is a remote code execution flaw in Android. Verified patched version and mitigations from the official advisory.
CVE-2023-21529 - Insecure Deserialization in Microsoft Exchange Server 2019 Cumulative Update 12. Runnable patch commands and verification o
CVE-2023-21608 is an use-after-free in Acrobat Reader. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2023-21674 is a use after free in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2023-21715 incorrect authorization in Microsoft 365 Apps For Enterprise. Runnable upgrade commands and verification steps for sysadmins.
CVE-2023-21823 integer overflow or wraparound in Microsoft Office For Android. Runnable upgrade commands and verification steps for sysadmin
CVE-2023-21839 missing authentication for critical function in Weblogic Server. Runnable upgrade commands and verification steps for sysadmi
CVE-2023-22952 is a security vulnerability flaw in In SugarCRM. Verified patched version and mitigations from the official advisory.
CVE-2023-23376 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-23529 is a remote code execution flaw in Safari, iOS and iPadOS, macOS. Verified patched version and mitigations from the official
CVE-2023-24955 improper control of generation of code ('code injection') in Microsoft Sharepoint Enterprise Server 2016. Runnable upgrade co
CVE-2023-2533 is a Cross-Site Request Forgery flaw in Papercut PaperCut NG/MF. Actively exploited per CISA KEV. Verified patched builds and
CVE-2023-26360 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-26369 is an OS command injection in Acrobat Reader. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2023-27351 is a Authentication Bypass flaw in Papercut NG. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-27524: an insecure default configuration in Apache Superset. Patched version and vendor advisory inside.
CVE-2023-27532 is a missing authentication flaw in Veeam Backup & Replication. Verified patched version and mitigations from the official ad
CVE-2023-28205 is a remote code execution flaw in Safari, iOS and iPadOS, macOS. Verified patched version and mitigations from the official
CVE-2023-28206 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2023-28229 sensitive data storage in improperly locked memory in Windows 10 Version 1809. Runnable upgrade commands and verification ste
CVE-2023-28252 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-28432 is a Information Disclosure flaw in Minio minio. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-28434 is a vulnerability in minio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-29298 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-29336 is a use after free in Windows 10 Version 1507. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2023-29360 is a untrusted pointer dereference in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify
CVE-2023-29552 is a security vulnerability flaw in Service Location Protocol (SLP). Verified patched version and mitigations from the offici
CVE-2023-32046 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-32049 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-32315 is a Path Traversal flaw in Igniterealtime Openfire. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-33063 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2023-33106: Use of Out-of-range Pointer Offset in Qualcomm, Inc. Snapdragon. Patched builds and fix steps.
CVE-2023-33107 is a Integer Overflow flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix ste
CVE-2023-33538 is a command injection flaw in TP-Link TL-WR940N. Verified patched version and mitigations from the official advisory.
CVE-2023-35081 is a path traversal in EPMM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-35311 time-of-check time-of-use (toctou) race condition in Microsoft 365 Apps For Enterprise. Runnable upgrade commands and verific
CVE-2023-36025 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-36033 is a untrusted pointer dereference in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify
CVE-2023-36036 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-36424 - Out-of-Bounds Read in Windows 11 version 22H3. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2023-36802 is a use after free in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2023-36874 improper link resolution before file access ('link following') in Windows 10 Version 1809. Runnable upgrade commands and veri
CVE-2023-36884 concurrent execution using shared resource with improper synchronization ('race in Windows 10 Version 1809. Runnable upgrade
CVE-2023-38180 is a uncontrolled resource consumption in Asp.Net Core 2.1. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-38205 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-38831 is a security vulnerability flaw in RARLAB WinRAR. Verified patched version and mitigations from the official advisory.
CVE-2023-38950 is a path traversal flaw in BioTime. Verified patched version and mitigations from the official advisory.
CVE-2023-39780 is an OS command injection in RT-AX55. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-41266 is a Path Traversal flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-44487 is a remote code execution flaw in HTTP/2. Verified patched version and mitigations from the official advisory.
CVE-2023-45727 is a xxe injection flaw in Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition. Verif
CVE-2023-46748 is a SQL injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-46805 is a vulnerability in ICS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-47565 is a OS Command Injection flaw in QNAP Systems Inc. VioStor NVR. Actively exploited per CISA KEV. Verified patched builds and
CVE-2023-4911 is a Heap Buffer Overflow flaw in Red Hat Red Hat Enterprise Linux 6. Actively exploited per CISA KEV. Verified patched builds
CVE-2023-49897 is a command injection flaw in AE1021, AE1021PE. Verified patched version and mitigations from the official advisory.
CVE-2023-52163 is a command injection flaw in Digiever DS-2105 Pro. Verified patched version and mitigations from the official advisory.
CVE-2023-6549 is a Memory Corruption flaw in Cloud Software Group NetScaler ADC. Actively exploited per CISA KEV. Verified patched builds an
CVE-2023-7101 is an improper neutralization of directives in dynamically evaluated code ('eval injec flaw in Spreadsheet::ParseExcel. Verifi
CVE-2023-20109 is an OS command injection in IOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-20118: an OS command injection in Cisco Small Business RV Series Router Fi. Patched version and vendor advisory inside.
CVE-2023-20269: Authentication Bypass in Cisco Cisco Adaptive Security Appliance (ASA) Software. Patched builds and fix steps.
CVE-2023-21237 is an information disclosure flaw in Android. Verified patched version and mitigations from the official advisory.
CVE-2023-21492: Insertion of Sensitive Information into Log File in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2023-24880 is a incorrect authorization in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2023-36563 is a improper input validation in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-36584 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-36761 is a improper input validation in Microsoft Office 2019. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2023-36844: PHP External Variable Modification in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-36846: Missing Authentication for Critical Function in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-36847: Missing Authentication for Critical Function in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-36851: Missing Authentication for Critical Function in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-37580 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2023-41763 server-side request forgery (ssrf) in Skype For Business Server 2015 Cu13. Runnable upgrade commands and verification steps f
CVE-2023-4211 is an use-after-free flaw in Arm 5th Gen GPU Architecture Kernel Driver, Bifrost GPU Kernel Driver, Midgard GPU Kernel Driver,
CVE-2023-43770 is a cross-site scripting flaw in Roundcube. Verified patched version and mitigations from the official advisory.
CVE-2023-50224 is a Authentication Bypass by Spoofing flaw in Tp-link TL-WR841N. Actively exploited per CISA KEV. Verified patched builds an
CVE-2023-5631 is a Cross-Site Scripting flaw in Roundcube Roundcubemail. Actively exploited per CISA KEV. Verified patched builds and fix st
CVE-2023-6548 is a Code Injection flaw in Cloud Software Group NetScaler ADC. Actively exploited per CISA KEV. Verified patched builds and f
CVE-2023-20867 is a Authentication Bypass flaw in VMWARE VMware Tools. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2023-26083 is a security vulnerability flaw in Mali Graphics Processing Unit (GPU). Verified patched version and mitigations from the of
CVE-2023-23752 is a Security Vulnerability flaw in Joomla! Project Joomla! CMS. Actively exploited per CISA KEV. Verified patched builds and
CVE-2023-28204 is a Out-of-Bounds Memory Access flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2023-3079 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32373 is a Use-After-Free flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32409 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32434 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32435 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32439 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-33246: Code Injection in Apache Software Foundation Apache RocketMQ. Patched builds and fix steps.
CVE-2023-35674 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-37450 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-38035 is a Security Vulnerability flaw in Ivanti MobileIron Sentry. Actively exploited per CISA KEV. Verified patched builds and fi
CVE-2023-38606 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41061 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41064 is a Buffer Overflow flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41179: Security Vulnerability in Trend Micro, Inc. Trend Micro Apex One. Patched builds and fix steps.
CVE-2023-41974 is a Use-After-Free flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41990 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41991 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41992 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41993 is a Security Vulnerability flaw in Apple macOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-42824 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-42916 is a Out-of-Bounds Memory Access flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2023-42917 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-43000 is a Use-After-Free flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-44221 is a OS Command Injection flaw in Sonicwall SMA100. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-4762 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-4863 is a Buffer Overflow flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-5217 is a Buffer Overflow flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-6345 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-7024 is a Buffer Overflow flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
SQL Injection in SAP BPC MS 10.0. Critical severity. Verified patched versions and remediation steps.
Cross-Site Scripting in BusinessObjects Business Intelligence Platform (Central management console) (Sap). Critical severity. Verified patch
Improper Control of Generation of Code ('Code Injection' in BusinessObjects Business Intelligence platform (Analysis edition for OLAP) (Sap)
CVE-2023-0754 is a vulnerability in PTC ThingWorx Edge C-SDK. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-0755 is a vulnerability in PTC ThingWorx Edge C-SDK. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-1174 is a vulnerability in Kubernetes minikube. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-20032 is a vulnerability in Cisco Secure Web Appliance. CVSS 9.8 Critical. Verified patch steps and mitigations.
CWE-78 in Cisco Industrial Network Director. Critical severity. Verified patched versions and remediation steps.
Improper Privilege Management in Cisco Firepower Management Center. Critical severity. Verified patched versions and remediation steps.
CVE-2023-20078 is a vulnerability in Cisco IP Phones with Multiplatform Firmware. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-20079 is a vulnerability in Cisco IP Phones with Multiplatform Firmware. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-20101 is a vulnerability in Cisco Emergency Responder. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-20126 is a vulnerability in Cisco Small Business IP Phones. CVSS 9.8 Critical. Verified patch steps and mitigations.
Improper Authentication in Cisco BroadWorks. Critical severity. Verified patched versions and remediation steps.
CVE-2023-20252 is a vulnerability in Cisco SD-WAN vManage. CVSS 9.8 Critical. Verified patch steps and mitigations.
Privilege Escalation in Linux Kernel. Critical severity. Verified patched versions and remediation steps.
CVE-2023-22523 is a vulnerability in Atlassian Assets Discovery Cloud. CVSS 9.8 Critical. Verified patch steps and mitigations.
Authentication Bypass in My Cloud OS 5 (Western Digital). Critical severity. Verified patched versions and remediation steps.
Improper Authentication in NetWeaver AS for Java (Sap). Critical severity. Verified patched versions and remediation steps.
CWE-74 in Business Objects Business Intelligence Platform (CMC) (Sap). Critical severity. Verified patched versions and remediation steps.
Missing Authentication for Critical Function in Diagnostics Agent (EventLogServiceCollector) (Sap). Critical severity. Verified patched vers
Improper Restriction of XML External Entity Reference in Aspera Faspex (Ibm). Critical severity. Verified patched versions and remediation s
Path Traversal in GitLab. Critical severity. Verified patched versions and remediation steps.
CVE-2023-28698 is a vulnerability in Wade Digital Design Co, Ltd. FANTSY. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-28765: SAP BusinessObjects Business Intelligence Platform (Promotion Management) flaw. CVSS 9.8 Critical. Verified patch and mitiga
CVE-2023-29453 is a vulnerability in Zabbix Zabbix. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-30621 is a vulnerability in Curiosity-org Gipsy. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-30869 is a vulnerability in Easy Digital Downloads Easy Digital Downloads. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-33308 is a vulnerability in Fortinet FortiProxy. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-3376 is a vulnerability in Digital Strategy Zekiweb. CVSS 9.8 Critical. Verified patch steps and mitigations.
Arbitrary File Upload in MailHunter Ultimate (Easyuse Digital Technology). Critical severity. Verified patched versions and remediation step
CVE-2023-34992 is a vulnerability in Fortinet FortiSIEM. CVSS 9.7 Critical. Verified patch steps and mitigations.
CWE-78 in Security Guardium (Ibm). Critical severity. Verified patched versions and remediation steps.
CVE-2023-3651 is a vulnerability in Digital Ant E-Commerce Software. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-37483 is a vulnerability in SAP Se SAP PowerDesigner. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-38204 is a vulnerability in Adobe ColdFusion. CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in One (Veeam). Critical severity. Verified patched versions and remediation steps.
CVE-2023-38548 is a vulnerability in Veeam One. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-40309 is a vulnerability in SAP Se SAP CommonCryptoLib. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-4034: Digita Information Technology Smartrise Document Management System flaw. CVSS 9.8 Critical. Verified patch and mitigation ste
Incorrect Permission Assignment for Critical Resource in SAP BusinessObjects Business Intelligence Platform (Promotion Management) (Sap_Se).
CVE-2023-40714 is a vulnerability in Fortinet FortiSIEM. CVSS 9.7 Critical. Verified patch steps and mitigations.
CVE-2023-41727 is a vulnerability in Ivanti Wavelink. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-44324 is a vulnerability in Adobe Framemaker Publishing Server. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-44350 is a vulnerability in Adobe ColdFusion. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-44351 is a vulnerability in Adobe ColdFusion. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-44353 is a vulnerability in Adobe ColdFusion. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46216 is a vulnerability in Ivanti Wavelink. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46217 is a vulnerability in Ivanti Wavelink. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46220 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46221 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46222 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46223 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46224 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46225 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46257 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46258 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46259 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-46261 is a vulnerability in Ivanti Avalanche. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-4661 is a vulnerability in Saphira Saphira Connect. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-4662 is a vulnerability in Saphira Saphira Connect. CVSS 9.8 Critical. Verified patch steps and mitigations.
Arbitrary File Upload in ITSM (Ivanti). Critical severity. Verified patched versions and remediation steps.
Cross-Site Scripting in Tivoli Application Dependency Discovery Manager (Ibm). Critical severity. Verified patched versions and remediation
CVE-2023-48316 is a vulnerability in Azure-rtos netxduo. CVSS 9.8 Critical. Verified patch steps and mitigations.
Improper Privilege Management in Pixel Watch (Google). Critical severity. Verified patched versions and remediation steps.
Improper Privilege Management in Google Nest Mini. Critical severity. Verified patched versions and remediation steps.
Security Vulnerability in Chromecast (Google). Critical severity. Verified patched versions and remediation steps.
CVE-2023-49569 is a vulnerability in Go-git go-git. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2023-49886 is a vulnerability in IBM Transformation Extender Advanced. CVSS 9.8 Critical. Verified patch steps and mitigations.
Arbitrary File Upload in WP MLM SOFTWARE PLUGIN (Ioss). Critical severity. Verified patched versions and remediation steps.
CVE-2023-51476 is a vulnerability in Ioss WP MLM Unilevel. CVSS 9.8 Critical. Verified patch steps and mitigations.
Improper Authentication in Syrus4 IoT Telematics Gateway (Digital Communications Technologies). Critical severity. Verified patched versions
Missing Encryption of Sensitive Data in Wifi Pro (Google). Critical severity. Verified patched versions and remediation steps.