Security Vulnerabilities - Known exploited
CVE-2022-48503
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
Known exploited
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-14
CVE-2023-38180
.NET and Visual Studio Denial of Service Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.009
Published
2023-08-08
CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
Known exploited
CVSS Score
7.5
EPSS Score
0.834
Published
2023-08-03
CVE-2023-35081
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
Known exploited
CVSS Score
7.2
EPSS Score
0.914
Published
2023-08-03
CVE-2023-37580
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Known exploited
CVSS Score
6.1
EPSS Score
0.939
Published
2023-07-31
CVE-2023-38606
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Known exploited
CVSS Score
5.5
EPSS Score
0.001
Published
2023-07-27
CVE-2023-37450
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2023-07-27
CVE-2023-35078
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
Known exploited
CVSS Score
10.0
EPSS Score
0.945
Published
2023-07-25
CVE-2023-38203
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Known exploited
CVSS Score
9.8
EPSS Score
0.942
Published
2023-07-20
CVE-2023-3519
Unauthenticated remote code execution
Known exploited
CVSS Score
9.8
EPSS Score
0.938
Published
2023-07-19