CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
1,540
Total CVEs
1,540
CISA KEV
1540
Critical & High
Mar 11, 2026
Last KEV Update
| CVE ID | Severity | Vendor | Description | Published | KEV |
|---|---|---|---|---|---|
| CVE-2023-4966 | High | CitrixNetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | Oct 18, 2023 | KEV |
| CVE-2023-20198 | High | CiscoIOS XE Web UI | Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device. | Oct 16, 2023 | KEV |
| CVE-2023-41763 | High | MicrosoftSkype for Business | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | Oct 10, 2023 | KEV |
| CVE-2023-36563 | High | MicrosoftWordPad | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | Oct 10, 2023 | KEV |
| CVE-2023-21608 | High | AdobeAcrobat and Reader | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | Oct 10, 2023 | KEV |
| CVE-2023-20109 | High | CiscoIOS and IOS XE | Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash. | Oct 10, 2023 | KEV |
| CVE-2023-44487 | High | IETFHTTP/2 | HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). | Oct 10, 2023 | KEV |
| CVE-2023-22515 | High | AtlassianConfluence Data Center and Server | Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. | Oct 5, 2023 | KEV |
| CVE-2023-40044 | High | ProgressWS_FTP Server | Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system. | Oct 5, 2023 | KEV |
| CVE-2023-42824 | High | AppleiOS and iPadOS | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | Oct 5, 2023 | KEV |
| CVE-2023-42793 | High | JetBrainsTeamCity | JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. | Oct 4, 2023 | KEV |
| CVE-2023-28229 | High | MicrosoftWindows CNG Key Isolation Service | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | Oct 4, 2023 | KEV |
| CVE-2023-4211 | High | ArmMali GPU Kernel Driver | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | Oct 3, 2023 | KEV |
| CVE-2023-5217 | High | GoogleChromium libvpx | Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome. | Oct 2, 2023 | KEV |
| CVE-2018-14667 | High | Red HatJBoss RichFaces Framework | Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData. | Sep 28, 2023 | KEV |
| CVE-2023-41991 | High | AppleMultiple Products | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | Sep 25, 2023 | KEV |
| CVE-2023-41992 | High | AppleMultiple Products | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | Sep 25, 2023 | KEV |
| CVE-2023-41993 | High | AppleMultiple Products | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Sep 25, 2023 | KEV |
| CVE-2023-41179 | High | Trend MicroApex One and Worry-Free Business Security | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | Sep 21, 2023 | KEV |
| CVE-2023-28434 | High | MinIOMinIO | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. | Sep 19, 2023 | KEV |