2025-08
2025-08-26
CVE-2025-4427:Ivanti Endpoint Manager Mobile 12.5.0.0 – Authentication Bypass
2025-08-18
CVE-2025-9090:Tenda AC20 16.03.08.12 – Command Injection
CVE-2025-50154:Microsoft Windows 10.0.19045 – NTLMv2 Hash Disclosure
CVE-2024-54761:BigAnt Office Messenger 5.6.06 – SQL Injection
2025-08-11
CVE-2025-41228:VMware vSphere Client 8.0.3.0 – Reflected Cross-Site Scripting
CVE-2025-53770:Microsoft SharePoint Server 2019 (16.0.10383.20020) – RCE
CVE-2025-2783:Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 – Sandbox Escape
CVE-2025-49730:Microsoft Windows – Storage QoS Filter Driver Checker
CVE-2025-5777:Citrix NetScaler ADC/Gateway 14.1 – Memory Disclosure
CVE-2025-20125:Cisco ISE 3.0 – Authorization Bypass
CVE-2025-20124:Cisco ISE 3.0 – Remote Code Execution
CVE-2024-27198:JetBrains TeamCity 2023.11.4 – Authentication Bypass
CVE-2024-4879:ServiceNow Multiple Versions – Input Validation & Template Injection
2025-08-03
CVE-2025-49683:Microsoft Virtual Hard Disk (VHDX) 11 – Remote Code Execution
CVE-2023-3460:Ultimate Member WordPress Plugin 2.6.6 – Privilege Escalation
CVE-2025-54769:LPAR2RRD 8.04 – Remote Code Execution
CVE-2025-49741:Microsoft Edge (Chromium-based) 135.0.7049.114/.115 – Information Disclosure
2025-07
2025-07-30
CVE-2024-20767:Adobe ColdFusion 2023.6 – Remote File Read
CVE-2025-6018:Linux PAM Environment – Variable Injection Local Privilege Escalation
2025-07-22
CVE-2023-45131:Discourse 3.1.1 – Unauthenticated Chat Message Access
CVE-2025-7795:Tenda FH451 1.0.0.9 Router – Stack-based Buffer Overflow
2025-07-16
CVE-2025-3248:Langflow 1.2.x – Remote Code Execution
CVE-2025-49744:Microsoft Graphics Component Windows 11 Pro (Build 26100+) – Local Elevation of Privileges
CVE-2025-49677:Microsoft Brokering File System Windows 11 Version 22H2 – Elevation of Privilege
CVE-2025-1550:Keras 2.15 – Remote Code Execution
2025-07-08
CVE-2024-47773:Discourse 3.2.x – Anonymous Cache Poisoning
CVE-2025-47176:Microsoft Outlook – Remote Code Execution
CVE-2025-47161:Microsoft Defender for Endpoint – Elevation of Privilege
CVE-2025-47175:Microsoft PowerPoint 2019 – Remote Code Execution
2025-07-02
CVE-2025-47166:Microsoft SharePoint 2019 – NTLM Authentication
CVE-2024-39930:gogs 0.13.0 – Remote Code Execution
CVE-2025-47812:Wing FTP Server 7.4.3 – Unauthenticated Remote Code Execution
2025-06
2025-06-26
CVE-2019-9978:Social Warfare WordPress Plugin 3.5.2 – Remote Code Execution
CVE-2022-1257:McAfee Agent 5.7.6 – Insecure Storage of Sensitive Information
CVE-2025-27218:Sitecore 10.4 – Remote Code Execution
CVE-2025-47165:Microsoft Excel 2024 Use after free – Remote Code Execution
2025-06-20
CVE-2025-1974:Ingress-NGINX 4.11.0 – Remote Code Execution
CVE-2025-47957:Microsoft Excel LTSC 2024 – Remote Code Execution
CVE-2024-50562:FortiOS SSL-VPN 7.4.4 – Insufficient Session Expiration & Cookie Reuse
2025-06-15
CVE-N/A:WebDAV Windows 10 – Remote Code Execution
CVE-2025-27751:Microsoft Excel Use After Free – Local Code Execution
CVE-2025-33073:Windows 11 SMB Client – Privilege Escalation & Remote Code Execution
CVE-2024-28000:Litespeed Cache WordPress Plugin 6.3.0.1 – Privilege Escalation
CVE-2025-46041:Anchor CMS 0.12.7 – Stored Cross Site Scripting
CVE-2025-4255:PCMan FTP Server 2.0.7 – Buffer Overflow
2025-06-13
CVE-2025-24071:Windows File Explorer Windows 10 Pro x64 – TAR Extraction
CVE-2025-49113:Roundcube 1.6.10 – Remote Code Execution
2025-06-09
CVE-2024-55661:Laravel Pulse 1.3.1 – Arbitrary Code Injection
2025-06-05
CVE-2025-31650:Apache Tomcat 10.1.39 – Denial of Service (DoS)
CVE-2025-24085:macOS LaunchDaemon iOS 17.2 – Privilege Escalation
CVE-2025-30397:Microsoft Windows Server 2025 JScript Engine – Remote Code Execution (RCE)
2025-05
2025-05-29
CVE-2024-28995:SolarWinds Serv-U 15.4.2 HF1 – Directory Traversal
CVE-2025-4094:WordPress Digits Plugin 8.4.6.1 – Authentication Bypass via OTP Bruteforcing
2025-05-25
CVE-2025-2594:WordPress User Registration & Membership Plugin 4.1.2 – Authentication Bypass
CVE-2023-29336:Windows Server 2016 – Win32k Elevation of Privilege
CVE-N/A:Windows 2024.15 – Unauthenticated Desktop Screenshot Capture
2025-05-18
CVE-2025-1731:Zyxel USG FLEX H series uOS 1.31 – Privilege Escalation
2025-05-13
CVE-2024-11237:TP-Link VN020 F3v(T) TT_V6.2.1021) – DHCP Stack Buffer Overflow
CVE-2025-3605:WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
CVE-2025-32370:Kentico Xperience 13.0.178 – Cross Site Scripting
2025-05-09
CVE-2025-27533:Apache ActiveMQ 6.1.6 – Denial of Service
CVE-2025-27007:SureTriggers OttoKit Plugin 1.0.82 – Privilege Escalation
CVE-2025-2011:WordPress Depicter Plugin 3.6.1 – SQL Injection
2025-05-06
CVE-2025-47226:Grokability Snipe-IT 8.0.4 – Insecure Direct Object Reference
CVE-N/A:Casdoor 1.901.0 – Cross-Site Request Forgery
2025-05-01
CVE-2025-24054:Microsoft – NTLM Hash Disclosure Spoofing (library-ms)
CVE-N/A:ZTE ZXV10 H201L – RCE via authentication bypass
CVE-N/A:Microsoft Windows – XRM-MS File NTLM Information Disclosure Spoofing
2025-04
2025-04-22
CVE-2023-2745:WordPress Core 6.2 – Directory Traversal
CVE-2024-12905:tar-fs 3.0.0 – Arbitrary File Write/Overwrite
2025-04-19
CVE-2024-45440:Drupal 11.x-dev – Full Path Disclosure
2025-04-18
CVE-2025-3248:Langflow 1.3.0 – Remote Code Execution
CVE-2024-11972:Hunk Companion Plugin 1.9.0 – Unauthenticated Plugin Installation
2025-04-17
CVE-N/A:AnyDesk 9.0.1 – Unquoted Service Path
CVE-2024-12342:TP-Link VN020 F3v(T) TT_V6.2.1021 – Denial Of Service
CVE-2024-12344:TP-Link VN020 F3v(T) TT_V6.2.1021 – Buffer Overflow Memory Corruption
2025-04-16
CVE-2024-0399:WooCommerce Customers Manager 29.4 – Post-Authenticated SQL Injection
CVE-2018-1207:Dell EMC iDRAC7/iDRAC8 2.52.52.52 – Remote Code Execution
CVE-2023-26602:ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution
CVE-2024–55889:phpMyFAQ 3.2.10 – Unintended File Download Triggered by Embedded Frames
CVE-2024-42327:Zabbix 7.0.0 – SQL Injection
CVE-2024-46278:Teedy 1.11 – Account Takeover via Stored Cross-Site Scripting
CVE-2022-4407:phpMyFAQ 3.1.7 – Reflected Cross-Site Scripting
2025-04-15
CVE-2024-51463:IBMi Navigator 7.5 – Server Side Request Forgery
CVE-2024-51464:IBMi Navigator 7.5 – HTTP Security Token Bypass
CVE-2024-10924:Really Simple Security 9.1.1.1 – Authentication Bypass
CVE-2024-52302:Spring Boot common-user-management 0.1 – Remote Code Execution
2025-04-14
CVE-2024-53582:OpenPanel Copy and View functions in the File Manager 0.3.4 – Directory Traversal
CVE-2024-53584:OpenPanel 0.3.4 – OS Command Injection
CVE-2024-53582:OpenPanel 0.3.4 – Incorrect Access Control
CVE-2024-53537:OpenPanel 0.3.4 – Directory Traversal
CVE-2024-11954:Pimcore 11.4.2 – Stored cross site scripting
CVE-2024-11956:Pimcore customer-data-framework 4.2.0 – SQL injection
CVE-N/A:ZTE ZXHN H168N 3.1 – Remote Code Execution via authentication bypass
2025-04-11
CVE-2024-8522:LearnPress WordPress LMS Plugin 4.2.7 – SQLi
CVE-2024-56898:GeoVision GV-ASManager 6.1.0.0 – Broken Access Control
CVE-2024-56901:GeoVision GV-ASManager 6.1.1.0 – CSRF
CVE-N/A:Nagios Log Server 2024R1.3.1 – API Key Exposure
CVE-2023-24657:phpIPAM 1.6 – Reflected Cross Site Scripting
2025-04-10
CVE-2024-35540:Typecho 1.3.0 – Stored Cross-Site Scripting
CVE-2024-35539:Typecho 1.3.0 – Race Condition
CVE-2024-33896:Cosy+ firmware 21.2s7 – Command Injection
CVE-2023-44088:PandoraFMS 7.0NG.772 – SQL Injection
2025-04-09
・CVE-2024-6244:PZ Frontend Manager WordPress Plugin 1.0.5 – Cross Site Request Forgery
・CVE-2024-39304:ChurchCRM 5.9.1 – SQL Injection
・CVE-2024–27348:Apache HugeGraph Server 1.2.0 – Remote Code Execution
・CVE-2024-24409:Zoho ManageEngine ADManager Plus 7210 – Elevation of Privilege
・CVE-2025-0868:DocsGPT 0.12.0 – Remote Code Execution
2025-04-08
・CVE-2024-56902:GeoVision GV-ASManager 6.1.0.0 – Information Disclosure
・CVE-2024-30896:InfluxDB OSS 2.7.11 – Operator Token Privilege Escalation
・CVE-2019-11358/CVE-2020-7656:jQuery 3.3.1 – Prototype Pollution & XSS Exploit
・CVE-2019-15949:Nagios Xi 5.6.6 – Authenticated Remote Code Execution
・N/A:WordPress User Registration & Membership Plugin 4.1.1 – Unauthenticated Privilege Escalation
2025-04-07
・CVE-2025-24813:Apache Tomcat 11.0.3 – Remote Code Execution
・CVE-2025-24893:XWiki Platform 15.10.10 – Remote Code Execution
2025-04-06
・CVE-2024-8856:Backup and Staging by WP Time Capsule 1.22.21 – Unauthenticated Arbitrary File Upload
・CVE-2024-5910:Palo Alto Networks Expedition 1.2.90.1 – Admin Account Takeover
・CVE-2024-30269:DataEase 2.4.0 – Database Configuration Information Exposure
2025-04-05
・CVE-2024-1234:Exclusive Addons for Elementor 2.6.9 – Stored Cross-Site Scripting (XSS)
・CVE-2025-2294:Kubio AI Page Builder 2.5.1 – Local File Inclusion (LFI)
・CVE-2025-29927:Next.js Middleware 15.2.2 – Authorization Bypass
・CVE-2024-35133:IBM Security Verify Access 10.0.0 – Open Redirect during OAuth Flow
2025-04-03
・N/A:Nagios Log Server 2024R1.3.1 – Stored XSS
・N/A:ollama 0.6.4 – Server Side Request Forgery (SSRF)
・CVE-2024-44762:Webmin Usermin 2.100 – Username Enumeration
2025-04-02
・CVE-2022-22536:SAP NetWeaver – 7.53 – HTTP Request Smuggling
2025-03
2025-03-28:CVE-2024-23692:Rejetto HTTP File Server 2.3m – RCE
2025-03-28:CVE-2024-4956:Sonatype Nexus Repository 3.53.0-01 – Path Traversal
2025-03-22:CVE-2023-1545:TeamPass 3.0.0.21 – SQL Injection
2025-03-19:N/A:VeeVPN 1.6.1 – Unquoted Service Path
2025-03-19:N/A:Gitea 1.24.0 – HTML Injection
2025-03-19:N/A:TranzAxis 3.2.41.10.26 – Stored XSS)
2025-03-19:CVE-2023-0159:Extensive VC Addons for WPBakery 1.9.0 – RCE
2025-03-19:CVE-2023-4220:Chamilo LMS 1.11.24 – RCE
2024-11
2024-11-15:N/A:SOPlanning 1.52.01 (Simple Online Planning Tool) – Remote Code Execution (RCE) (Authenticated)
2024-10
2024-10-01:N/A:reNgine 2.2.0 – Command Injection (Authenticated)
2024-10-01:N/A:openSIS 9.1 – SQLi (Authenticated)
2024-08
2024-08-28:CVE-2024-38063:Windows TCP/IP – RCE Checker and Denial of Service
2024-08-28:CVE-2024-6886:Gitea 1.22.0 – Stored XSS
2024-08-04:N/A:SolarWinds Kiwi Syslog Server 9.6.7.1 – Unquoted Service Path
2024-08-04:N/A:Oracle Database 12c Release 1 – Unquoted Service Path
2024-08-04:N/A:Ivanti vADC 9.9 – Authentication Bypass
2024-07
2024-07-01:N/A:Microweber 2.0.15 – Stored XSS
2024-06
2024-06-26:CVE-2024-28999:SolarWinds Platform 2024.1 SR1 – Race Condition
2024-06-14:N/A:Zyxel IKE Packet Decoder – Unauthenticated Remote Code Execution (Metasploit)
2024-06-14:N/A:PHP < 8.3.8 – Remote Code Execution (Unauthenticated) (Windows)
2024-06-01:CVE-2023-26602:ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution (RCE) & SSH Access
2024-06-01:N/A:FreePBX 16 – Remote Code Execution (RCE) (Authenticated)
2024-06-01:N/A:Akaunting 3.1.8 – Server-Side Template Injection (SSTI)
2024-05
2024-05-19:CVE-2024-32113:Apache OFBiz 18.12.12 – Directory Traversal
2024-05-19:N/A:WordPress Theme XStore 9.3.8 – SQLi
2024-05-13:N/A:PyroCMS v3.0.1 – Stored XSS
2024-05-13:CVE-2024-27460:Plantronics Hub 3.25.1 – Arbitrary File Read
2024-05-13:N/A:CrushFTP < 11.1.0 – Directory Traversal
2024-05-13:CVE-2023-6710:Apache mod_proxy_cluster – Stored XSS
2024-05-08:CVE-2024-3378:iboss Secure Web Gateway – Stored Cross-Site Scripting (XSS)
2024-04
2024-04-21:CVE-2024-29291:Laravel Framework 11 – Credential Leakage
2024-04-21:N/A:WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution
2024-04-21:CVE-2024-3400:Palo Alto PAN-OS < v11.1.2-h3 – Command Injection and Arbitrary File Creation
2024-04-15:CVE-2023-40279:OpenClinic GA 5.247.01 – Path Traversal (Authenticated)
2024-04-15:CVE-2023-40278:OpenClinic GA 5.247.01 – Information Disclosure
2024-04-15:CVE-2024-23897:Jenkins 2.441 – Local File Inclusion
2024-04-13:CVE-2023-40304:BMC Compuware iStrobe Web – 20.13 – Pre-auth RCE
2024-04-13:CVE-2023-51951:Stock Management System v1.0 – Unauthenticated SQL Injection
2024-04-13:N/A:Online Fire Reporting System OFRS – SQL Injection Authentication Bypass
2024-04-12:N/A:WordPress Plugin WP Video Playlist 1.1.1 – Stored Cross-Site Scripting (XSS)
2024-04-12:CVE-2021-36393:Moodle 3.10.1 – Authenticated Blind Time-Based SQL Injection – “sort” parameter
2024-04-12:CVE-2023-47268:PrusaSlicer 2.6.1 – Arbitrary code execution
2024-04-12:N/A:WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)
2024-04-12:CVE-2024-24747:MinIO < 2024-01-31T20-20-33Z – Privilege Escalation
2024-04-08:N/A:Human Resource Management System v1.0 – Multiple SQLi
2024-04-08:N/A:WordPress Theme Travelscape v1.0.3 – Arbitrary File Upload
2024-04-08:N/A:AnyDesk 7.0.15 – Unquoted Service Path
2024-04-03:N/A:WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)
2024-04-03:N/A:ESET NOD32 Antivirus 17.0.16.0 – Unquoted Service Path
2024-04-02:CVE-2023-48974:Axigen < 10.5.7 – Persistent Cross-Site Scripting
2024-04-02:CVE-2023-34927:Casdoor < v1.331.0 – ‘/api/set-password’ CSRF
2024-04-02:N/A:Microsoft Windows Defender – Detection Mitigation Bypass TrojanWin32Powessere.G
2024-04-02:CVE-2022-4395:WordPress Plugin – Membership For WooCommerce < v2.1.7 – Arbitrary File Upload to Shell (Unauthenticated)
2024-04-02:CVE-2024-21338:Microsoft Windows 10.0.17763.5458 – Kernel Privilege Escalation
2024-04-02:N/A:Rapid7 nexpose – ‘nexposeconsole’ Unquoted Service Path
2024-04-02:N/A:OpenCart Core 4.0.2.3 – ‘search’ SQLi
2024-04-02:CVE-2024-27673:ASUS Control Center Express 01.06.15 – Unquoted Service Path
2024-04-02:N/A:Simple Backup Plugin Python Exploit 2.7.10 – Path Traversal
2024-03
2024-03-28:CVE-2023-38831:WinRAR version 6.22 – Remote Code Execution via ZIP archive
2024-03-28:CVE-2023-32479:Dell Security Management Server <1.9.0 – Local Privilege Escalation
2024-03-28:CVE-2024-27686:RouterOS 6.40.5 – 6.44 and 6.48.1 – 6.49.10 – Denial of Service
2024-03-28:N/A:Broken Access Control – on NodeBB v3.6.7
2024-03-28:CVE-2023-49294:Asterisk AMI – Partial File Content & Path Disclosure (Authenticated)
2024-03-25:CVE-2024-24506:LimeSurvey Community 5.3.32 – Stored XSS
2024-03-25:CVE-2024-24401:Nagios XI Version 2024R1.01 – SQL Injection
2024-03-25:N/A:Tourism Management System v2.0 – Arbitrary File Upload
2024-03-25:N/A:Insurance Management System PHP and MySQL 1.0 – Multiple Stored XSS
2024-03-25:CVE-2023-41892:Craft CMS 4.4.14 – Unauthenticated Remote Code Execution
2024-03-20:N/A:CSZCMS v1.3.0 – SQL Injection (Authenticated)
2024-03-20:CVE-2023-6538:HNAS SMU 14.8.7825 – Information Disclosure
2024-03-20:CVE-2023-46023:Simple Task List 1.0 – ‘status’ SQLi
2024-03-20:CVE-2024-28595:Employee Management System 1.0 – ‘admin_id’ SQLi
2024-03-18:CVE-2023-22527:Atlassian Confluence < 8.5.3 – Remote Code Execution
2024-03-18:CVE-2024-24725:Gibbon LMS < v26.0.00 – Authenticated RCE
2024-03-18:CVE-2023-26035:ZoneMinder Snapshots < 1.37.33 – Unauthenticated RCE
2024-03-18:CVE-2023-30451:TYPO3 11.5.24 – Path Traversal (Authenticated)
2024-03-18:CVE-2023-4811:WordPress File Upload Plugin < 4.23.3 – Stored XSS
2024-03-16:CVE-2023-37466:vm2 – sandbox escape
2024-03-16:N/A:UPS Network Management Card 4 – Path Traversal
2024-03-16:CVE-2022-45899:Nokia BMC Log Scanner – Remote Code Execution
2024-03-16:N/A:Karaf v4.4.3 Console – RCE
2024-03-16:CVE-2024-1346:LaborOfficeFree 19.10 – MySQL Root Password Calculator
2024-03-16:N/A:Winter CMS 1.2.3 – Server-Side Template Injection (SSTI) (Authenticated)
2024-03-14:CVE-2024-23749:KiTTY 0.76.1.13 – Command Injection
2024-03-14:CVE-2024-25004:KiTTY 0.76.1.13 – ‘Start Duplicated Session Username’ Buffer Overflow
2024-03-14:CVE-2024-25003:KiTTY 0.76.1.13 – ‘Start Duplicated Session Hostname’ Buffer Overflow
2024-03-14:CVE-2023-7028:GitLab CE/EE < 16.7.2 – Password Reset
2024-03-14:N/A:Ruijie Switch PSG-5124 26293 – Remote Code Execution (RCE)
2024-03-14:CVE-2023-5702 CVE-2023-5222:Viessmann Vitogate 300 2.1.3.0 – Remote Code Execution (RCE)
2024-03-14:CVE-2023-23333:SolarView Compact 6.00 – Command Injection
2024-03-14:CVE-2023-3710:Honeywell PM43 < P10.19.050004 – Remote Code Execution (RCE)
2024-03-14:CVE-2023-42793:JetBrains TeamCity 2023.05.3 – Remote Code Execution (RCE)
2024-03-12:CVE-2023-5452:SnipeIT 6.2.1 – Stored Cross Site Scripting
2024-03-12:CVE-2023-34060:VMware Cloud Director 10.5 – Bypass identity verification
2024-03-12:CVE-2023-20048:Cisco Firepower Management Center < 6.6.7.1 – Authenticated RCE
2024-03-12:CVE-2023-7137:Client Details System 1.0 – SQL Injection
2024-03-12:N/A:Human Resource Management System 1.0 – ’employeeid’ SQL Injection
2024-03-11:CVE-2023-35813:Sitecore – Remote Code Execution v8.2
2024-03-11:CVE-2023-26360:Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier – Arbitrary File Read
2024-03-11:CVE-2023-6114:WordPress Plugin Duplicator < 1.5.7.1 – Unauthenticated Sensitive Data Exposure to Account Takeover
2024-03-11:N/A:Microsoft Windows Defender / Trojan.Win32/Powessere.G – Detection Mitigation Bypass
2024-03-11:CVE-2023-5808:Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 – IDOR
2024-03-10:CVE-2022-4681:Hide My WP < 6.2.9 – Unauthenticated SQLi
2024-03-10:CVE_2024-22836:Akaunting < 3.1.3 – RCE
2024-03-10:CVE-2024-27620:Ladder v0.0.21 – Server-side request forgery (SSRF)
2024-03-10:CVE-2024-25832:DataCube3 v1.0 – Unrestricted file upload ‘RCE’
2024-03-10:CVE-2024-25830:DataCube3 v1.0 – Unrestricted file upload ‘RCE’
2024-03-10:CVE-2024-27612:Numbas < v7.3 – Remote Code Execution
2024-03-06:CVE-2023-46453:GLiNet – Router Authentication Bypass
2024-03-06:CVE-2023-50071:Customer Support System 1.0 – Multiple SQL injection
2024-03-05:CVE-2023-4642:kk Star Ratings < 5.4.6 – Rating Tampering via Race Condition
2024-03-05:CVE-2023-5817:Neontext WordPress Plugin – Stored XSS
2024-03-03:N/A:Magento ver. 2.4.6 – XSLT Server Side Injection
2024-03-03:N/A:Windows PowerShell – Event Log Bypass Single Quote Code Execution
2024-02
2024-02-28:CVE-2023-6063:WP Fastest Cache 1.2.2 – Unauthenticated SQL Injection
2024-02-28:CVE-2023-47184:WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 – “Dashboard Redirect” field Stored XSS
2024-02-27:CVE-2023-22515:Atlassian Confluence Data Center and Server – Authentication Bypass (Metasploit)
2024-02-27:CVE-2023-3452:WordPress Plugin Canto < 3.0.5 – Remote File Inclusion (RFI) and Remote Code Execution (RCE)
2024-02-27:CVE-2023-37608:Automatic-Systems SOC FL9600 FastLine – The device contains hardcoded login and password for super admin
2024-02-26:CVE-2024-22318:IBM i Access Client Solutions v1.1.2 – 1.1.4, v1.1.4.3 – 1.1.9.4 – Remote Credential Theft
2024-02-26:CVE-2024-25735:Wyrestorm Apollo VX20 < 1.3.58 – Incorrect Access Control ‘Credentials Disclosure’
2024-02-26:CVE-2024-25735:Wyrestorm Apollo VX20 < 1.3.58 – Incorrect Access Control ‘Credentials Disclosure’
2024-02-26:CVE-2024-25736:Wyrestorm Apollo VX20 < 1.3.58 – Incorrect Access Control ‘DoS’
2024-02-26:CVE-2024-25734:Wyrestorm Apollo VX20 < 1.3.58 – Account Enumeration
2024-02-26:CVE-2024-25734:Wyrestorm Apollo VX20 < 1.3.58 – Account Enumeration
2024-02-26:CVE-2023-4987:taskhub 2.8.7 – SQL Injection
2024-02-26:CVE-2023-3244:comments-like-dislike < 1.2.0 – Authenticated (Subscriber+) Plugin Setting Reset
2024-02-21:CVE-2023-46391:WEBIGniter v28.7.23 – Stored Cross Site Scripting (XSS)
2024-02-19:CVE-2021-3860:JFrog Artifactory < 7.25.4 – Blind SQL Injection
2024-02-19:CVE-2023-3897:SureMDM On-premise < 6.31 – CAPTCHA Bypass User Enumeration
2024-02-19:CVE-2023-46517:XAMPP – Buffer Overflow POC
2024-02-15:CVE-2023-45887:DS Wireless Communication – Remote Code Execution
2024-02-15:CVE-2023-38646:Metabase 0.46.6 – Pre-Auth Remote Code Execution
2024-02-15:CVE-2023-36085:SISQUALWFM 7.1.319.103 – Host Header Injection
2024-02-13:CVE-2023-38965:Lost and Found Information System v1.0 – ( IDOR ) leads to Account Take over
2024-02-13:CVE-2023-31492:ManageEngine ADManager Plus Build < 7183 – Recovery Password Disclosure
2024-02-13:N/A:Splunk 9.0.4 – Information Disclosure
2024-02-09:CVE-2023-31419:Elasticsearch – StackOverflow DoS
2024-02-09:CVE-2022-26531:Zyxel zysh – Format string
2024-02-05:CVE-2023-43261:Milesight Routers UR5X, UR32L, UR32, UR35, UR41 – Credential Leakage Through Unprotected System Logs and Weak Password Encryption
2024-02-05:CVE-2023-35759:WhatsUp Gold 2022 (22.1.0 Build 39) – XSS
2024-02-05:CVE-2023-37307:MISP 2.4.171 – Stored XSS
2024-02-02:CVE-2023-36845:Juniper-SRX-Firewalls&EX-switches – (PreAuth-RCE) (PoC)
2024-02-02:CVE-2023-42222:WebCatalog 48.4 – Arbitrary Protocol Execution
2024-01
2024-01-31:CVE-2023-43320:Proxmox VE – TOTP Brute Force
2024-01-31:CVE-2023-42270:Grocy <=4.0.2 – CSRF
2024-01-31:CVE-2023-4974:Academy LMS 6.2 – SQL Injection
IoT OT Security News 