Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability: Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability: Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

Dante Discovery Process Control Vulnerability: Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.

NUUO NVRmini2 Devices Missing Authentication Vulnerability : NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability: Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

Linux Kernel Heap-Based Buffer Overflow Vulnerability: Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.

VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

Linux Kernel Use-After-Free Vulnerability: Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.

OSGeo GeoServer JAI-EXT Code Injection Vulnerability: OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

Microsoft Windows Print Spooler Privilege Escalation Vulnerability : Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

Samsung Mobile Devices Use-After-Free Vulnerability: Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.

SolarView Compact Command Injection Vulnerability: SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.

Netwrix Auditor Insecure Object Deserialization Vulnerability: Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.

Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability: Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.

Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability: Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Google Chromium Network Service Use-After-Free Vulnerability: Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Arm Mali GPU Kernel Driver Unspecified Vulnerability: Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.

Fortinet FortiOS Path Traversal Vulnerability: Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability: Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

Apache Spark Command Injection Vulnerability: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Teclib GLPI Remote Code Execution Vulnerability: Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

ZK Framework AuUploader Unspecified Vulnerability: ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.

IBM Aspera Faspex Code Execution Vulnerability: IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

Mitel MiVoice Connect Code Injection Vulnerability: The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

Mitel MiVoice Connect Command Injection Vulnerability: The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.

Cacti Command Injection Vulnerability: Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

TerraMaster OS Remote Command Execution Vulnerability: TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.

Oracle E-Business Suite Unspecified Vulnerability: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

CWP Control Web Panel OS Command Injection Vulnerability: CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Apple iOS Type Confusion Vulnerability: Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability: Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability: Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Veeam Backup & Replication Remote Code Execution Vulnerability: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Veeam Backup & Replication Remote Code Execution Vulnerability: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google Chromium GPU Heap Buffer Overflow Vulnerability: Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability: Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apple iOS and iPadOS Out-of-Bounds Write Vulnerability: Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.

Fortinet Multiple Products Authentication Bypass Vulnerability: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability: Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Microsoft Exchange Server Server-Side Request Forgery Vulnerability: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability: Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

Sophos Firewall Code Injection Vulnerability: A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability: Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability: Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.

Google Chromium Mojo Insufficient Data Validation Vulnerability: Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

QNAP Photo Station Externally Controlled Reference Vulnerability: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

D-Link DIR-820L Remote Code Execution Vulnerability: D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.

dotCMS Unrestricted Upload of File Vulnerability: dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

Apache CouchDB Insecure Default Initialization of Resource Vulnerability: Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Apache APISIX Authentication Bypass Vulnerability: Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability: When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

WebRTC Heap Buffer Overflow Vulnerability: WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.

Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability: A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

SAP Multiple Products HTTP Request Smuggling Vulnerability: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.

Apple iOS and macOS Out-of-Bounds Write Vulnerability: Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.

Apple iOS and macOS Out-of-Bounds Write Vulnerability: Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.

Google Chromium Intents Insufficient Input Validation Vulnerability: Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Microsoft Windows Runtime Remote Code Execution Vulnerability: Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

RARLAB UnRAR Directory Traversal Vulnerability: RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability: Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability: Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

Microsoft Windows LSA Spoofing Vulnerability: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

Mitel MiVoice Connect Data Validation Vulnerability: The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability: Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.

Cisco IOS XR Open Port Vulnerability: Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.

Zyxel Multiple Firewalls OS Command Injection Vulnerability: A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

VMware Spring Cloud Gateway Code Injection Vulnerability: Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

F5 BIG-IP Missing Authentication Vulnerability: F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability: Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Linux Kernel Privilege Escalation Vulnerability: Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

VMware Multiple Products Privilege Escalation Vulnerability: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

WatchGuard Firebox and XTM Privilege Escalation Vulnerability: WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.

Spring Framework JDK 9+ Remote Code Execution Vulnerability: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Apple macOS Out-of-Bounds Write Vulnerability: macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

Apple macOS Out-of-Bounds Read Vulnerability: macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

Trend Micro Apex Central Arbitrary File Upload Vulnerability: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.

Sophos Firewall Authentication Bypass Vulnerability: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Debian-specific Redis Server Lua Sandbox Escape Vulnerability: Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

WatchGuard Firebox and XTM Appliances Arbitrary Code Execution: On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.

MiCollab, MiVoice Business Express Access Control Vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

Mozilla Firefox Use-After-Free Vulnerability: Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

Mozilla Firefox Use-After-Free Vulnerability: Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.

Zabbix Frontend Authentication Bypass Vulnerability: Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

Zabbix Frontend Improper Access Control Vulnerability: Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Google Chromium Animation Use-After-Free Vulnerability: Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Apple Memory Corruption Vulnerability: Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.