CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2023-4762	High	54.8%	GoogleChromium V8	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Feb 6, 2024	KEV
CVE-2024-21893	High	94.3%	IvantiConnect Secure, Policy Secure, and Neurons	Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.	Jan 31, 2024	KEV
CVE-2022-48618	High	0.2%	AppleMultiple Products	Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.	Jan 31, 2024	KEV
CVE-2023-22527	High 9.8	94.4%	AtlassianConfluence Data Center and Server	Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.	Jan 24, 2024	KEVExploit
CVE-2024-23222(5)	High	0.7%	AppleMultiple Products	Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Jan 23, 2024	KEV
CVE-2023-34048	High	93.2%	VMwarevCenter Server	VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.	Jan 22, 2024	KEV
CVE-2023-35082	High	94.4%	IvantiEndpoint Manager Mobile (EPMM) and MobileIron Core	Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.	Jan 18, 2024	KEV
CVE-2024-0519	High	0.4%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Jan 17, 2024	KEV
CVE-2023-6549	High	74.9%	CitrixNetScaler ADC and NetScaler Gateway	Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.	Jan 17, 2024	KEV
CVE-2023-6548	High	8.3%	CitrixNetScaler ADC and NetScaler Gateway	Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.	Jan 17, 2024	KEV
CVE-2018-15133	High	84.4%	LaravelLaravel Framework	Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).	Jan 16, 2024	KEV
CVE-2024-21887	High	94.4%	IvantiConnect Secure and Policy Secure	Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.	Jan 10, 2024	KEV
CVE-2023-29357	High	94.4%	MicrosoftSharePoint Server	Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.	Jan 10, 2024	KEV
CVE-2023-46805	High	94.4%	IvantiConnect Secure and Policy Secure	Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.	Jan 10, 2024	KEV
CVE-2023-38203	High	94.3%	AdobeColdFusion	Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.	Jan 8, 2024	KEV
CVE-2016-20017	High	93.4%	D-LinkDSL-2750B Devices	D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.	Jan 8, 2024	KEV
CVE-2023-27524	High	84.1%	ApacheSuperset	Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.	Jan 8, 2024	KEV
CVE-2023-23752	High 5.3	94.5%	Joomla!Joomla!	Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.	Jan 8, 2024	KEV
CVE-2023-41990	High	2.7%	AppleMultiple Products	Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.	Jan 8, 2024	KEV
CVE-2023-29300	High	93.7%	AdobeColdFusion	Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.	Jan 8, 2024	KEV

CVE-2023-4762KEV

High

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 54.8%

CVE-2024-21893KEV

High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

IvantiEPSS 94.3%

CVE-2022-48618KEV

High

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

AppleEPSS 0.2%

CVE-2023-22527KEV

High

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

AtlassianCVSS 9.8EPSS 94.4%

Exploit

CVE-2024-23222KEV

High

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.7%

CVE-2023-34048KEV

High

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

VMwareEPSS 93.2%

CVE-2023-35082KEV

High

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

IvantiEPSS 94.4%

CVE-2024-0519KEV

High

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 0.4%

CVE-2023-6549KEV

High

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CitrixEPSS 74.9%

CVE-2023-6548KEV

High

Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

CitrixEPSS 8.3%

CVE-2018-15133KEV

High

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

LaravelEPSS 84.4%

CVE-2024-21887KEV

High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

IvantiEPSS 94.4%

CVE-2023-29357KEV

High

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

MicrosoftEPSS 94.4%

CVE-2023-46805KEV

High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

IvantiEPSS 94.4%

CVE-2023-38203KEV

High

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

AdobeEPSS 94.3%

CVE-2016-20017KEV

High

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.

D-LinkEPSS 93.4%

CVE-2023-27524KEV

High

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

ApacheEPSS 84.1%

CVE-2023-23752KEV

High

Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.

Joomla!CVSS 5.3EPSS 94.5%

CVE-2023-41990KEV

High

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.

AppleEPSS 2.7%

CVE-2023-29300KEV

High

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

AdobeEPSS 93.7%

56 57 58 59 60 61 62