Security Vulnerabilities - Known exploited
CVE-2024-0519
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.002
Published
2024-01-16
CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.
Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Known exploited
CVSS Score
10.0
EPSS Score
0.944
Published
2024-01-16
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Known exploited
CVSS Score
9.1
EPSS Score
0.945
Published
2024-01-12
CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Known exploited
CVSS Score
8.2
EPSS Score
0.944
Published
2024-01-12
CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Known exploited
CVSS Score
10.0
EPSS Score
0.936
Published
2024-01-12
CVE-2022-48618
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Known exploited
CVSS Score
7.0
EPSS Score
0.002
Published
2024-01-09
CVE-2022-2586
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
Known exploited
CVSS Score
5.3
EPSS Score
0.015
Published
2024-01-08
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
Known exploited
CVSS Score
7.8
EPSS Score
0.9
Published
2023-12-24
CVE-2023-7024
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.016
Published
2023-12-21
CVE-2023-47565
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QVR Firmware 5.0.0 and later
Known exploited
CVSS Score
8.0
EPSS Score
0.799
Published
2023-12-08