163 CISA Known Exploited Vulnerabilities from 2023
GitLab GitLab CE/EE — GitLab Community and Enterprise Editions Improper Access Control Vulnerability
CVSS 10ownCloud ownCloud graphapi — ownCloud graphapi Information Disclosure Vulnerability
CVSS 10Apache ActiveMQ — OpenWire ClassInfo Deserialization Allows Unauthenticated Remote Code Execution via Port 61616
CVSS 10Cisco IOS XE Web UI — Cisco IOS XE Web UI Privilege Escalation Vulnerability
CVSS 10Progress WS_FTP Server — Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
CVSS 10Array Networks AG/vxAG ArrayOS — Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
CVSS 9.8D-Link DIR-820 Router — D-Link DIR-820 Router OS Command Injection Vulnerability
CVSS 9.8Acronis Cyber Infrastructure (ACI) — Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
CVSS 9.8NextGen Healthcare Mirth Connect — NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability
CVSS 9.8Fortinet FortiClient EMS — Fortinet FortiClient EMS SQL Injection Vulnerability
CVSS 9.8Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVSS 9.8VMware vCenter Server — VMware vCenter Server Out-of-Bounds Write Vulnerability
CVSS 9.8Ivanti EPMM / MobileIron Core — Unauthenticated API Access Affecting End-of-Life and Current Versions
CVSS 9.8Microsoft SharePoint Server — Microsoft SharePoint Server Privilege Escalation Vulnerability
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Unitronics Vision PLC and HMI — Unitronics Vision PLC and HMI Insecure Default Password Vulnerability
CVSS 9.8Sophos Web Appliance — Sophos Web Appliance Command Injection Vulnerability
CVSS 9.8Juniper Junos OS — Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
CVSS 9.8SysAid SysAid Server — SysAid Server Path Traversal Vulnerability
CVSS 9.8Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
CVSS 9.8F5 BIG-IP Configuration Utility — F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
CVSS 9.8Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVSS 9.8JetBrains TeamCity — JetBrains TeamCity Authentication Bypass Vulnerability
CVSS 9.8Apache RocketMQ — Apache RocketMQ Command Execution Vulnerability
CVSS 9.8Ivanti Sentry — Pre-Auth RCE via Unauthenticated Hessian RPC on MICS Admin Portal
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Citrix Content Collaboration — Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
CVSS 9.8Ivanti EPMM — Unauthenticated Remote API Access via Missing Authentication Control
CVSS 9.8Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
CVSS 9.8Zyxel Multiple Network-Attached Storage (NAS) Devices — Zyxel Multiple NAS Devices Command Injection Vulnerability
CVSS 9.8VMware Aria Operations for Networks — Vmware Aria Operations for Networks Command Injection Vulnerability
CVSS 9.8Fortinet FortiOS and FortiProxy SSL-VPN — Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVSS 9.8Progress MOVEit Transfer — Unauthenticated SQL Injection Enables Data Exfiltration and Webshell Deployment; Cl0p Mass Exploitation Campaign
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVSS 9.8Ruckus Wireless Multiple Products — Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
CVSS 9.8PaperCut MF/NG — PaperCut MF/NG Improper Access Control Vulnerability
CVSS 9.8Novi Survey Novi Survey — Novi Survey Insecure Deserialization Vulnerability
CVSS 9.8Microsoft Office — Microsoft Office Outlook Privilege Escalation Vulnerability
CVSS 9.8Qlik Sense — Qlik Sense HTTP Tunneling Vulnerability
CVSS 9.6Qlik Sense — Qlik Sense HTTP Tunneling Vulnerability
CVSS 9.6Google Chromium Skia — Google Skia Integer Overflow Vulnerability
CVSS 9.6Google Chromium Skia — Google Chrome Skia Integer Overflow Vulnerability
CVSS 9.6Citrix NetScaler 'CitrixBleed' — Session Token Memory Leak Enables Unauthenticated Session Hijacking on Gateway and AAA Endpoints
CVSS 9.4Barracuda Networks Email Security Gateway (ESG) Appliance — Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
CVSS 9.4Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
CVSS 9Apache Superset — Apache Superset Insecure Default Initialization of Resource Vulnerability
CVSS 8.9Microsoft Exchange Server — Authenticated RCE via PowerShell SOAP Deserialization
CVSS 8.8Apple Multiple Products — Apple Multiple products Use-After-Free Vulnerability
CVSS 8.8Digiever DS-2105 Pro — Digiever DS-2105 Pro Missing Authorization Vulnerability
CVSS 8.8TP-Link Multiple Routers — TP-Link Multiple Routers Command Injection Vulnerability
CVSS 8.8ASUS RT-AX55 Routers — ASUS RT-AX55 Routers OS Command Injection Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Google Chromium WebRTC — Google Chromium WebRTC Heap Buffer Overflow Vulnerability
CVSS 8.8FXC AE1021, AE1021PE — FXC AE1021, AE1021PE OS Command Injection Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Memory Corruption Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVSS 8.8F5 BIG-IP Configuration Utility — F5 BIG-IP Configuration Utility SQL Injection Vulnerability
CVSS 8.8Google Chromium libvpx — Google Chromium libvpx Heap Buffer Overflow Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Code Execution Vulnerability
CVSS 8.8MinIO MinIO — MinIO Security Feature Bypass Vulnerability
CVSS 8.8Google Chromium WebP — Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Code Execution Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
CVSS 8.8Microsoft Outlook — Microsoft Outlook Security Feature Bypass Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Memory Corruption Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Type Confusion Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Use-After-Free Vulnerability
CVSS 8.8TP-Link Archer AX21 — TP-Link Archer AX-21 Command Injection Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Use-After-Free Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Type Confusion Vulnerability
CVSS 8.8SugarCRM Multiple Products — Multiple SugarCRM Products Remote Code Execution Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
CVSS 8.8Ignite Realtime Openfire — Ignite Realtime Openfire Path Traversal Vulnerability
CVSS 8.6Apple Multiple Products — Apple Multiple Products WebKit Sandbox Escape Vulnerability
CVSS 8.6Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
CVSS 8.6Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 8.6PaperCut NG/MF — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
CVSS 8.4Microsoft Streaming Service — Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
CVSS 8.4Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
CVSS 8.4Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVSS 8.4Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
CVSS 8.2Ivanti Connect Secure and Policy Secure — Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
CVSS 8.2Qlik Sense — Qlik Sense Path Traversal Vulnerability
CVSS 8.2QNAP VioStor NVR — QNAP VioStor NVR OS Command Injection Vulnerability
CVSS 8Linux Kernel — Linux Kernel Use-After-Free Vulnerability
CVSS 7.9Windows CLFS Driver — Kernel Pool Corruption via BLF File Parsing Leading to Privilege Escalation
CVSS 7.8Apple iOS and iPadOS — Apple iOS and iPadOS Use-After-Free Vulnerability
CVSS 7.8Linux Kernel — Linux Kernel Improper Ownership Management Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability
CVSS 7.8Spreadsheet::ParseExcel Spreadsheet::ParseExcel — Spreadsheet::ParseExcel Remote Code Execution Vulnerability
CVSS 7.8Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVSS 7.8GNU GNU C Library — GNU C Library Buffer Overflow Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
CVSS 7.8Adobe Acrobat and Reader — Adobe Acrobat and Reader Use-After-Free Vulnerability
CVSS 7.8Apple iOS and iPadOS — Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Kernel Privilege Escalation Vulnerability
CVSS 7.8Adobe Acrobat and Reader — Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
CVSS 7.8Android Framework — Android Framework Privilege Escalation Vulnerability
CVSS 7.8Microsoft Streaming Service Proxy — Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
CVSS 7.8Apple iOS, iPadOS, and watchOS — Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
CVSS 7.8Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
CVSS 7.8RARLAB WinRAR — RARLAB WinRAR Code Execution Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Integer Overflow Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32K Privilege Escalation Vulnerability
CVSS 7.8Android Framework — Android Framework Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Graphic Component Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CVSS 7.8PaperCut NG/MF — Pre-Auth Authentication Bypass via SecurityRequestFilter Enabling Information Disclosure
CVSS 7.5ZKTeco BioTime — ZKTeco BioTime Path Traversal Vulnerability
CVSS 7.5North Grid Proself — North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
CVSS 7.5IETF Service Location Protocol (SLP) — Service Location Protocol (SLP) Denial-of-Service Vulnerability
CVSS 7.5HTTP/2 Protocol — Protocol-Level Denial of Service
CVSS 7.5Veeam Backup & Replication — Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
CVSS 7.5Microsoft .NET Core and Visual Studio — Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
CVSS 7.5Adobe ColdFusion — Adobe ColdFusion Improper Access Control Vulnerability
CVSS 7.5Adobe ColdFusion — Adobe ColdFusion Improper Access Control Vulnerability
CVSS 7.5Microsoft Windows — Microsoft Windows Search Remote Code Execution Vulnerability
CVSS 7.5Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability
CVSS 7.5MinIO MinIO — MinIO Information Disclosure Vulnerability
CVSS 7.5Microsoft Office — Microsoft Office Publisher Security Feature Bypass Vulnerability
CVSS 7.3SonicWall SMA100 Appliances — SonicWall SMA100 Appliances OS Command Injection Vulnerability
CVSS 7.2Microsoft SharePoint Server — Microsoft SharePoint Server Code Injection Vulnerability
CVSS 7.2Cisco Cisco IOS XE Web UI — Cisco IOS XE Web UI Command Injection Vulnerability
CVSS 7.2Trend Micro Apex One and Worry-Free Business Security — Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
CVSS 7.2Ivanti EPMM — Authenticated Arbitrary File Write via Path Traversal, Enabling Webshell Deployment
CVSS 7.2Fortra GoAnywhere MFT — Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CVSS 7.2Microsoft Windows CNG Key Isolation Service — Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
CVSS 7Cisco IOS and IOS XE — Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
CVSS 6.6TP-Link TL-WR841N — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVSS 6.5Cisco Small Business RV Series Routers — Cisco Small Business RV Series Routers Command Injection Vulnerability
CVSS 6.5Apple Multiple Products — Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
CVSS 6.5Microsoft WordPad — Microsoft WordPad Information Disclosure Vulnerability
CVSS 6.5Microsoft Word — Microsoft Word Information Disclosure Vulnerability
CVSS 6.5Apple Multiple Products — Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
CVSS 6.5Roundcube Webmail — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Roundcube Webmail — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Zimbra ZCS 8.8.x — Reflected XSS via Unescaped URL Parameter Exploited by Four Nation-State Groups as Zero-Day
CVSS 6.1Android Pixel — Android Pixel Information Disclosure Vulnerability
CVSS 5.5Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
CVSS 5.5Arm Mali GPU Kernel Driver — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
CVSS 5.5Apple Multiple Products — Apple Multiple Products Improper Certificate Validation Vulnerability
CVSS 5.5Apple Multiple Products — Apple Multiple Products Kernel Unspecified Vulnerability
CVSS 5.5Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
CVSS 5.4Joomla! Joomla! — Joomla! Improper Access Control Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
CVSS 5.3Microsoft Skype for Business — Microsoft Skype for Business Privilege Escalation Vulnerability
CVSS 5.3Cisco Adaptive Security Appliance and Firepower Threat Defense — Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
CVSS 5Samsung Mobile Devices — Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
CVSS 4.4Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVSS 4.4VMware Tools — VMware Tools Authentication Bypass Vulnerability
CVSS 3.9Arm Mali Graphics Processing Unit (GPU) — Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
CVSS 3.3