SonicWall SMA100 Appliances OS Command Injection Vulnerability: SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability : Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.

Reolink RLC-410W IP Camera OS Command Injection Vulnerability : Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.

Atlassian Jira Server and Data Center Path Traversal Vulnerability: Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.

Metabase GeoJSON API Local File Inclusion Vulnerability: Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.

Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.

Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

D-Link DIR-605 Router Information Disclosure Vulnerability: D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability : Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

Sunhillo SureLine OS Command Injection Vulnerablity: Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.

Cisco IOS XE Web UI Command Injection Vulnerability: Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

Laravel Ignition File Upload Vulnerability: Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Samsung Mobile Devices Out-of-Bounds Read Vulnerability: Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Samsung Mobile Devices Improper Input Validation Vulnerability: Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.

Samsung Mobile Devices Race Condition Vulnerability: Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

Samsung Mobile Devices Race Condition Vulnerability: Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

Samsung Mobile Devices Unspecified Vulnerability: Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.

Samsung Mobile Devices Improper Boundary Check Vulnerability: Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.

Roundcube Webmail SQL Injection Vulnerability: Roundcube Webmail is vulnerable to SQL injection via search or search_params.

Red Hat Polkit Incorrect Authorization Vulnerability: Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.

Apache Log4j2 Deserialization of Untrusted Data Vulnerability: Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Veritas Backup Exec Agent File Access Vulnerability: Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.

Veritas Backup Exec Agent Improper Authentication Vulnerability: Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

Veritas Backup Exec Agent Command Execution Vulnerability: Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability: Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

XStream Remote Code Execution Vulnerability: XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.

Oracle Fusion Middleware Unspecified Vulnerability: Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.

Samsung Mobile Devices Improper Access Control Vulnerability: Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

Samsung Mobile Devices Improper Access Control Vulnerability: Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.

Samsung Mobile Devices Memory Corruption Vulnerability: Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

Linux Kernel Privilege Escalation Vulnerability: The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.

Grafana Authentication Bypass Vulnerability: Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.

Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability: Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.

Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability: In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.

Google Chromium PopupBlocker Security Bypass Vulnerability: Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability: The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Apple iOS and iPadOS Buffer Overflow Vulnerability: Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.

SAP NetWeaver Unrestricted File Upload Vulnerability: SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

Android Kernel Use-After-Free Vulnerability: Android kernel contains a use-after-free vulnerability that allows for privilege escalation.

Android Kernel Race Condition Vulnerability: Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.

Apple Multiple Products Type Confusion Vulnerability: A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Google Pixel Out-of-Bounds Write Vulnerability: Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.

Checkbox Survey Deserialization of Untrusted Data Vulnerability: Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.

Linux Kernel Privilege Escalation Vulnerability: Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

Sudo Heap-Based Buffer Overflow Vulnerability: Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability: Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

D-Link Multiple Routers Remote Code Execution Vulnerability: A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

QNAP NAS Improper Authorization Vulnerability: QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

Dell dbutil Driver Insufficient Access Control Vulnerability: Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

Microsoft Windows Event Tracing Privilege Escalation Vulnerability: Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

Sitecore XP Remote Command Execution Vulnerability: Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

Citrix ShareFile Improper Access Control Vulnerability: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability: VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Microsoft Windows Installer Privilege Escalation Vulnerability: Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows SAM Local Privilege Escalation Vulnerability: If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.

SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.

SolarWinds Serv-U Improper Input Validation Vulnerability: SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.

October CMS Improper Authentication: In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

Nagios XI OS Command Injection: Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Nagios XI OS Command Injection: Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Nagios XI OS Command Injection: Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Aviatrix Controller Unrestricted Upload of File: Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Microsoft Exchange Server Information Disclosure: Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

VMware Server Side Request Forgery in vRealize Operations Manager API: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

System Information Library for Node.JS Command Injection: In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.

F5 BIG-IP Traffic Management Microkernel Buffer Overflow: The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

VMware vCenter Server Improper Access Control: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

Hikvision Improper Input Validation: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

Microsoft Windows AppX Installer Spoofing Vulnerability: Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

Google Chromium V8 Use-After-Free Vulnerability: Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Zoho Desktop Central Authentication Bypass Vulnerability: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Realtek Jungle SDK Remote Code Execution Vulnerability: RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Fortinet FortiOS Arbitrary File Download: Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

Apache Log4j2 Remote Code Execution Vulnerability: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Apache HTTP Server-Side Request Forgery (SSRF): A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

ExifTool Remote Code Execution Vulnerability: Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Microsoft Windows Win32k Privilege Escalation Vulnerability: Unspecified vulnerability allows for an authenticated user to escalate privileges.

Microsoft Exchange Server Remote Code Execution Vulnerability: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Microsoft Excel Security Feature Bypass: A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

Accellion FTA SQL Injection Vulnerability: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability: Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Adobe Acrobat and Reader Use-After-Free Vulnerability: Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Apache HTTP Server Path Traversal Vulnerability: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

Apache HTTP Server Path Traversal Vulnerability: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple Multiple Products Integer Overflow Vulnerability: Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.

Apple iOS WebKit Use-After-Free Vulnerability: Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple Multiple Products Race Condition Vulnerability: Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability: Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple Multiple Products WebKit Storage Use-After-Free Vulnerability: Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple iOS WebKit Buffer Overflow Vulnerability: Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple macOS Unspecified Vulnerability: Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.

Apple macOS Unspecified Vulnerability: Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.

Apple Multiple Products WebKit Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple Multiple Products WebKit Integer Overflow Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple iOS WebKit Memory Corruption Vulnerability: Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Apple iOS, iPadOS, and macOS Type Confusion Vulnerability: Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.

Arcadyan Buffalo Firmware Path Traversal Vulnerability: Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.

Arm Trusted Firmware Out-of-Bounds Write Vulnerability: Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability: Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes.

Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability: Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.

Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability: Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

BQE BillQuick Web Suite SQL Injection Vulnerability: BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.

Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability: Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

Cisco HyperFlex HX Data Platform Command Injection Vulnerability: Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability: GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability: F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability: ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).

Google Chromium Race Condition Vulnerability: Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium Information Disclosure Vulnerability: Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Out-of-Bounds Write Vulnerability: Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium Indexed DB API Use-After-Free Vulnerability: Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Heap Buffer Overflow Vulnerability: Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium Portals Use-After-Free Vulnerability: Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Use-After-Free Vulnerability: Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium WebGL Use-After-Free Vulnerability: Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium Blink Use-After-Free Vulnerability: Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium Intents Improper Input Validation Vulnerability: Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Memory Corruption Vulnerability: Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium Blink Use-After-Free Vulnerability: Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Improper Input Validation Vulnerability: Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability: Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.

McAfee Total Protection (MTP) Improper Privilege Management Vulnerability: McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

Micro Focus Access Manager Information Leakage Vulnerability: Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.

Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability: Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

Microsoft Windows Kernel Information Disclosure Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

Microsoft Defender Remote Code Execution Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability: Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows NTFS Privilege Escalation Vulnerability: Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows Update Medic Service Privilege Escalation Vulnerability: Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows Print Spooler Remote Code Execution Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.

Microsoft Exchange Server Security Feature Bypass Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

Microsoft MSHTML Remote Code Execution Vulnerability: Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

Microsoft Internet Explorer Remote Code Execution Vulnerability: Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.

Microsoft Office Remote Code Execution Vulnerability: Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Microsoft Windows Print Spooler Remote Code Execution Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Ivanti Pulse Connect Secure Use-After-Free Vulnerability: Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.

Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability: Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability: Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.

Ivanti Pulse Connect Secure Command Injection Vulnerability: Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.

Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability: Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure.

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.