CVE-2023-43770

Known exploited
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
Max CVSS
6.1
EPSS Score
11.47%
Published
2023-09-22
Updated
2024-02-13
CISA KEV Added
2024-02-12

CVE-2024-21762

Known exploited
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Max CVSS
9.8
EPSS Score
1.00%
Published
2024-02-09
Updated
2024-02-13
CISA KEV Added
2024-02-09

CVE-2023-4762

Known exploited
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Max CVSS
8.8
EPSS Score
34.86%
Published
2023-09-05
Updated
2024-02-07
CISA KEV Added
2024-02-06

CVE-2024-21893

Known exploited
Public exploit
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Max CVSS
8.2
EPSS Score
96.25%
Published
2024-01-31
Updated
2024-02-01
CISA KEV Added
2024-01-31

CVE-2022-48618

Known exploited
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Max CVSS
7.8
EPSS Score
0.69%
Published
2024-01-09
Updated
2024-02-01
CISA KEV Added
2024-01-31

CVE-2023-22527

Known exploited
Public exploit
Used for ransomware
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Max CVSS
10.0
EPSS Score
96.48%
Published
2024-01-16
Updated
2024-01-26
CISA KEV Added
2024-01-24

CVE-2024-23222

Known exploited
A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Max CVSS
8.8
EPSS Score
0.11%
Published
2024-01-23
Updated
2024-02-21
CISA KEV Added
2024-01-23

CVE-2023-34048

Known exploited
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Max CVSS
9.8
EPSS Score
3.06%
Published
2023-10-25
Updated
2024-01-23
CISA KEV Added
2024-01-22

CVE-2023-35082

Known exploited
Used for ransomware
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Max CVSS
10.0
EPSS Score
96.29%
Published
2023-08-15
Updated
2024-01-19
CISA KEV Added
2024-01-18

CVE-2024-0519

Known exploited
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
8.8
EPSS Score
0.18%
Published
2024-01-16
Updated
2024-01-22
CISA KEV Added
2024-01-17

CVE-2023-6549

Known exploited
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service
Max CVSS
8.2
EPSS Score
0.72%
Published
2024-01-17
Updated
2024-01-24
CISA KEV Added
2024-01-17

CVE-2023-6548

Known exploited
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Max CVSS
8.8
EPSS Score
1.28%
Published
2024-01-17
Updated
2024-01-25
CISA KEV Added
2024-01-17

CVE-2018-15133

Known exploited
Public exploit
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Max CVSS
8.1
EPSS Score
62.42%
Published
2018-08-09
Updated
2024-01-17
CISA KEV Added
2024-01-16
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!