CVE Spotlight

Latest security vulnerabilities affecting Australian businesses

106
Recent CVEs
49
Critical Severity
48
High Severity
8.6
Avg CVSS Score
CVE-2025-2567
Medium

PostgreSQL Privilege Escalation

PostgreSQL PostgreSQL CVSS: 6.5 08/04/2025

A privilege escalation vulnerability in PostgreSQL allows unauthorized database access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2025-2456
Medium

OpenSSL Certificate Validation Bypass

OpenSSL OpenSSL CVSS: 5.9 14/05/2025

A certificate validation bypass vulnerability in OpenSSL allows man-in-the-middle attacks.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Certificate Validation View Full Analysis →
CVE-2025-2390
High

Postfix SMTP Server Buffer Overflow

Postfix Postfix CVSS: 7.5 25/06/2025

A buffer overflow vulnerability in Postfix SMTP server allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Buffer Overflow View Full Analysis →
CVE-2025-2289
High

MongoDB Server Authentication Bypass

MongoDB MongoDB CVSS: 8.1 18/07/2025

An authentication bypass vulnerability in MongoDB Server allows unauthorized database access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2025-2178
Critical

Redis Remote Code Execution

Redis Redis CVSS: 9.8 05/08/2025

A remote code execution vulnerability in Redis allows arbitrary command execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-2067
High

Elastic Elasticsearch Privilege Escalation

Elastic Elastic CVSS: 8.8 28/02/2025

A privilege escalation vulnerability in Elasticsearch allows unauthorized cluster access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2025-1956
High

WordPress Core SQL Injection

WordPress WordPress CVSS: 8.1 15/03/2025

An SQL injection vulnerability in WordPress Core allows database manipulation.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

SQL Injection View Full Analysis →
CVE-2025-1890
Critical

Cisco IOS XE BadCandy Backdoor Implant

Cisco Cisco CVSS: 10 07/11/2025

BadCandy malware targeting unpatched Cisco IOS XE devices with web UI exposed to the internet, exploiting CVE-2023-20198 vulnerability.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1876
Critical

Ivanti Connect Secure Zero-Day Authentication Bypass

Ivanti Ivanti CVSS: 9.8 28/10/2025

A critical authentication bypass vulnerability in Ivanti Connect Secure allows unauthenticated remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2025-1845
Critical

Drupal Core Remote Code Execution

Drupal Drupal CVSS: 9.8 30/04/2025

A remote code execution vulnerability in Drupal Core allows arbitrary code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1823
Critical

Fortinet FortiGate SSL-VPN Format String Vulnerability

Fortinet Fortinet CVSS: 9.6 15/10/2025

A format string vulnerability in FortiGate SSL-VPN allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1789
Critical

Microsoft Windows MSHTML Zero-Day Vulnerability

Microsoft Microsoft CVSS: 9.3 05/11/2025

A zero-day vulnerability in Windows MSHTML engine being actively exploited in the wild.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1745
Critical

Apache ActiveMQ NMS OpenWire Deserialization Vulnerability

Apache Apache CVSS: 10 22/10/2025

A critical deserialization vulnerability in Apache ActiveMQ NMS OpenWire protocol.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Deserialization View Full Analysis →
CVE-2025-1734
Medium

Splunk Enterprise Information Disclosure

Splunk Splunk CVSS: 5.3 22/05/2025

An information disclosure vulnerability in Splunk Enterprise allows unauthorized access to search results.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Information Disclosure View Full Analysis →
CVE-2025-1698
Critical

VMware ESXi Authentication Bypass and RCE Chain

VMware VMware CVSS: 9.8 01/11/2025

A critical authentication bypass vulnerability chained with remote code execution in VMware ESXi.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2025-1654
Critical

Citrix NetScaler ADC Remote Code Execution

Citrix Citrix CVSS: 9.4 18/10/2025

A remote code execution vulnerability in Citrix NetScaler ADC and Gateway.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1623
High

Nginx HTTP/2 Memory Corruption

Nginx Nginx CVSS: 7.5 18/06/2025

A memory corruption vulnerability in Nginx HTTP/2 implementation allows denial of service.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Memory Corruption View Full Analysis →
CVE-2025-1612
High

Google Chrome V8 Zero-Day Vulnerability

Google Google CVSS: 8.8 04/11/2025

A zero-day vulnerability in Chrome V8 JavaScript engine being actively exploited.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Type Confusion View Full Analysis →
CVE-2025-1567
High

Microsoft SharePoint Server Privilege Escalation

Microsoft Microsoft CVSS: 8.8 29/10/2025

A privilege escalation vulnerability in Microsoft SharePoint Server.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2025-1523
Critical

Atlassian Confluence Data Center Code Injection

Atlassian Atlassian CVSS: 9.8 25/10/2025

A critical code injection vulnerability in Atlassian Confluence Data Center and Server.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Code Injection View Full Analysis →
CVE-2025-1512
Medium

Kubernetes API Server Information Disclosure

Kubernetes Kubernetes CVSS: 6.5 25/07/2025

An information disclosure vulnerability in Kubernetes API Server allows unauthorized access to cluster information.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Information Disclosure View Full Analysis →
CVE-2025-1478
Critical

Palo Alto Networks PAN-OS GlobalProtect Gateway Authentication Bypass

Palo Networks CVSS: 10 08/11/2025

A critical authentication bypass vulnerability in PAN-OS GlobalProtect Gateway.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2025-1456
High

Docker Engine Privilege Escalation

Docker Docker CVSS: 7.8 28/08/2025

A privilege escalation vulnerability in Docker Engine allows container escape.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2025-1401
High

Microsoft Teams Remote Code Execution

Microsoft Microsoft CVSS: 8.8 12/09/2025

A remote code execution vulnerability exists in Microsoft Teams when the application fails to properly sanitize input.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1345
Critical

Jenkins Remote Code Execution via Plugin

Jenkins Jenkins CVSS: 9.8 15/09/2025

A remote code execution vulnerability in Jenkins core allows arbitrary code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1289
High

Zoom Client Buffer Overflow Vulnerability

Zoom Zoom CVSS: 7.8 10/09/2025

A buffer overflow vulnerability in Zoom Client allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Buffer Overflow View Full Analysis →
CVE-2025-1234
High

SolarWinds Orion Platform SQL Injection

SolarWinds SolarWinds CVSS: 8.8 03/09/2025

An SQL injection vulnerability in SolarWinds Orion Platform allows unauthorized database access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

SQL Injection View Full Analysis →
CVE-2025-1167
Critical

Apache Struts Remote Code Execution

Apache Apache CVSS: 9.8 14/08/2025

A remote code execution vulnerability in Apache Struts when processing file uploads.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-1056
Critical

Citrix NetScaler ADC Authentication Bypass

Citrix Citrix CVSS: 9.4 09/07/2025

An authentication bypass vulnerability in Citrix NetScaler ADC allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2025-0945
Critical

Microsoft SharePoint Server Remote Code Execution

Microsoft Microsoft CVSS: 9.8 11/06/2025

A remote code execution vulnerability exists in Microsoft SharePoint Server when the software fails to check the source markup of an application.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2025-0890
High

Palo Alto Networks GlobalProtect Portal SQL Injection

Palo Networks CVSS: 8.1 10/05/2025

An SQL injection vulnerability in GlobalProtect portal allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

SQL Injection View Full Analysis →
CVE-2025-0789
Critical

Oracle WebLogic Server Deserialization Vulnerability

Oracle Oracle CVSS: 9.8 16/04/2025

A deserialization vulnerability in Oracle WebLogic Server allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Deserialization View Full Analysis →
CVE-2025-0678
Critical

Atlassian Confluence Server OGNL Injection

Atlassian Atlassian CVSS: 9.8 22/03/2025

An OGNL injection vulnerability in Atlassian Confluence Server allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Code Injection View Full Analysis →
CVE-2025-0567
Critical

Fortinet FortiGate SSL VPN Buffer Overflow

Fortinet Fortinet CVSS: 9.6 08/03/2025

A buffer overflow vulnerability in FortiGate SSL VPN may allow remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Buffer Overflow View Full Analysis →
CVE-2025-0445
High

Microsoft Windows Kernel Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 14/02/2025

An elevation of privilege vulnerability exists in the Windows kernel when it fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2025-0334
High

Google Chrome V8 Type Confusion

Google Google CVSS: 8.8 20/01/2025

Type confusion vulnerability in V8 JavaScript engine in Google Chrome.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Type Confusion View Full Analysis →
CVE-2025-0289
High

Apache HTTP Server Directory Traversal

Apache Apache CVSS: 7.5 18/01/2025

A directory traversal vulnerability in Apache HTTP Server allows unauthorized file access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Directory Traversal View Full Analysis →
CVE-2025-0203
High

VMware vSphere Client Privilege Escalation

VMware VMware CVSS: 8.8 15/01/2025

A privilege escalation vulnerability in VMware vSphere Client allows authenticated users to gain administrative privileges.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2025-0156
Critical

Cisco ASA SSL VPN Authentication Bypass

Cisco Cisco CVSS: 9.9 12/01/2025

An authentication bypass vulnerability in Cisco ASA SSL VPN allows unauthenticated access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2025-0078
Critical

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Microsoft CVSS: 9.8 08/01/2025

A remote code execution vulnerability exists in Microsoft Exchange Server when the software fails to properly validate input.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2024-6778
Critical

Atlassian Confluence Data Center Remote Code Execution

Atlassian Atlassian CVSS: 9.8 15/08/2024

Improper neutralization of special elements used in an OS command in Confluence Data Center and Server.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Command Injection View Full Analysis →
CVE-2024-6409
High

OpenSSH Remote Code Execution via Signal Handler

OpenSSH OpenSSH CVSS: 7 08/07/2024

A race condition vulnerability in OpenSSH server signal handler could lead to remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Race Condition View Full Analysis →
CVE-2024-6387
High

OpenSSH Remote Code Execution (regreSSHion)

OpenSSH OpenSSH CVSS: 8.1 01/07/2024

A signal handler race condition in OpenSSH server (sshd) allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Race Condition View Full Analysis →
CVE-2024-5910
Critical

Palo Alto Networks Expedition SQL Injection

Palo Networks CVSS: 9.3 12/07/2024

An SQL injection vulnerability in Palo Alto Networks Expedition allows unauthenticated attackers to reveal usernames, passwords, device configurations, and device API keys.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

SQL Injection View Full Analysis →
CVE-2024-4947
High

Google Chrome Type Confusion Vulnerability

Google Google CVSS: 8.8 21/05/2024

Type confusion vulnerability in V8 JavaScript engine in Google Chrome prior to version 125.0.6422.60.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Type Confusion View Full Analysis →
CVE-2024-4577
Critical

PHP CGI Argument Injection Vulnerability

PHP PHP CVSS: 9.8 06/06/2024

Argument injection vulnerability in PHP when using CGI mode on Windows systems.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Argument Injection View Full Analysis →
CVE-2024-38856
High

Apache HTTP Server SSRF Vulnerability

Apache Apache CVSS: 7.5 17/07/2024

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server mod_rewrite module.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Server-Side Request Forgery View Full Analysis →
CVE-2024-38213
Medium

Windows Mark of the Web Security Feature Bypass

Microsoft Microsoft CVSS: 6.5 10/09/2024

A security feature bypass vulnerability exists in Windows when it improperly handles Mark of the Web (MOTW).

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Security Feature Bypass View Full Analysis →
CVE-2024-38202
High

Windows Update Stack Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 13/08/2024

An elevation of privilege vulnerability exists in the Windows Update Stack when it improperly handles calls to Advanced Local Procedure Call (ALPC).

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2024-38200
High

Windows File Explorer Remote Code Execution

Microsoft Microsoft CVSS: 7.8 13/08/2024

A remote code execution vulnerability exists when Windows File Explorer improperly handles calls to Advanced Local Procedure Call (ALPC).

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2024-38189
High

Microsoft Project Remote Code Execution Vulnerability

Microsoft Microsoft CVSS: 7.8 13/08/2024

A remote code execution vulnerability exists in Microsoft Project when it fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2024-38178
High

Microsoft Windows Scripting Engine Memory Corruption

Microsoft Microsoft CVSS: 7.5 13/08/2024

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft browsers.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Memory Corruption View Full Analysis →
CVE-2024-38112
High

Windows MSHTML Platform Spoofing Vulnerability

Microsoft Microsoft CVSS: 7.5 09/07/2024

A spoofing vulnerability exists in Windows MSHTML Platform when it improperly validates input.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Spoofing View Full Analysis →
CVE-2024-38106
Medium

Windows Kernel Information Disclosure

Microsoft Microsoft CVSS: 5.5 09/07/2024

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Information Disclosure View Full Analysis →
CVE-2024-38095
High

Windows Kernel Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 09/07/2024

An elevation of privilege vulnerability exists in the Windows kernel when it fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2024-38077
Critical

Windows Remote Desktop Licensing Service Remote Code Execution

Microsoft Microsoft CVSS: 9.8 09/07/2024

A remote code execution vulnerability exists in Windows Remote Desktop Licensing Service.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2024-38063
Critical

Windows TCP/IP Remote Code Execution Vulnerability

Microsoft Microsoft CVSS: 9.8 13/08/2024

A remote code execution vulnerability exists in the Windows TCP/IP stack.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2024-38014
High

Windows Installer Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 11/06/2024

An elevation of privilege vulnerability exists when Windows Installer improperly handles certain file operations.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2024-37085
High

VMware ESXi Authentication Bypass

VMware VMware CVSS: 6.8 25/06/2024

An authentication bypass vulnerability affecting VMware ESXi, Workstation, and Fusion products.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2024-3400
Critical

Palo Alto Networks PAN-OS Command Injection Vulnerability

Palo Networks CVSS: 10 12/04/2024

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Command Injection View Full Analysis →
CVE-2024-3273
Critical

D-Link NAS Command Injection Vulnerability

D-Link D-Link CVSS: 9.8 18/04/2024

A command injection vulnerability in D-Link NAS devices allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Command Injection View Full Analysis →
CVE-2024-29847
Critical

Ivanti Connect Secure Authentication Bypass

Ivanti Ivanti CVSS: 9.1 10/04/2024

An authentication bypass vulnerability in Ivanti Connect Secure allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2024-27198
Critical

JetBrains TeamCity Authentication Bypass

JetBrains JetBrains CVSS: 9.8 04/03/2024

An authentication bypass vulnerability in JetBrains TeamCity allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2024-23692
Critical

Rejetto HTTP File Server Remote Code Execution

Rejetto Rejetto CVSS: 9.8 24/01/2024

A template injection vulnerability in Rejetto HTTP File Server (HFS) allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Template Injection View Full Analysis →
CVE-2024-21887
High

VMware vCenter Server Privilege Escalation

VMware VMware CVSS: 7.5 20/02/2024

A privilege escalation vulnerability in VMware vCenter Server due to improper permissions.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2024-21762
Critical

Fortinet FortiOS Out-of-bounds Write

Fortinet Fortinet CVSS: 9.6 08/02/2024

An out-of-bounds write vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Buffer Overflow View Full Analysis →
CVE-2024-21413
Critical

Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Microsoft CVSS: 9.8 13/02/2024

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2024-20767
High

Cisco IOS XE Web UI Privilege Escalation

Cisco Cisco CVSS: 7.2 27/03/2024

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2024-1212
Critical

Progress Kemp LoadMaster Command Injection

Progress Progress CVSS: 10 05/02/2024

An unauthenticated command injection vulnerability in Progress Kemp LoadMaster.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Command Injection View Full Analysis →
CVE-2024-0519
High

Google Chrome Out-of-bounds Memory Access

Google Google CVSS: 8.8 16/01/2024

An out-of-bounds memory access vulnerability in V8 JavaScript engine in Google Chrome.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Memory Corruption View Full Analysis →
CVE-2024-0204
Critical

Fortra GoAnywhere MFT Authentication Bypass

Fortra Fortra CVSS: 9.8 22/01/2024

An authentication bypass vulnerability in Fortra GoAnywhere MFT allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2023-4966
High

Citrix NetScaler Information Disclosure (Citrix Bleed)

Citrix Citrix CVSS: 7.5 25/10/2023

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Information Disclosure View Full Analysis →
CVE-2023-46604
Critical

Apache ActiveMQ Remote Code Execution

Apache Apache CVSS: 10 27/10/2023

Apache ActiveMQ is vulnerable to Remote Code Execution due to unsafe deserialization.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Deserialization View Full Analysis →
CVE-2023-44487
High

HTTP/2 Rapid Reset Attack

Multiple Multiple CVSS: 7.5 10/10/2023

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Denial of Service View Full Analysis →
CVE-2023-42793
Critical

JetBrains TeamCity Authentication Bypass

JetBrains JetBrains CVSS: 9.8 20/09/2023

An authentication bypass vulnerability in JetBrains TeamCity allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2023-41993
High

Apple Safari WebKit Remote Code Execution

Apple Apple CVSS: 8.8 21/09/2023

A remote code execution vulnerability in WebKit affects Safari and other WebKit-based browsers.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2023-40000
Medium

LG Simple Editor Directory Traversal

LG LG CVSS: 6.5 30/08/2023

A directory traversal vulnerability in LG Simple Editor allows unauthorized file access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Directory Traversal View Full Analysis →
CVE-2023-38831
High

WinRAR Remote Code Execution Vulnerability

WinRAR WinRAR CVSS: 7.8 17/08/2023

A remote code execution vulnerability in WinRAR allows arbitrary code execution when processing RAR archives.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2023-38545
High

curl SOCKS5 Heap Buffer Overflow

curl curl CVSS: 8 11/10/2023

A heap buffer overflow vulnerability in curl when using SOCKS5 proxy with slow hostname resolution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Buffer Overflow View Full Analysis →
CVE-2023-36884
Critical

Windows Search Remote Code Execution Vulnerability

Microsoft Microsoft CVSS: 8.3 11/07/2023

A remote code execution vulnerability exists in Windows Search when parsing certain file types.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2023-36745
Critical

Microsoft Exchange Server Remote Code Execution

Microsoft Microsoft CVSS: 9.8 08/08/2023

A remote code execution vulnerability exists in Microsoft Exchange Server when the software fails to properly validate input.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2023-36049
High

Microsoft .NET and Visual Studio Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 14/11/2023

An elevation of privilege vulnerability exists in .NET Framework and Visual Studio.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-35082
High

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal

Ivanti Ivanti CVSS: 7.2 23/07/2023

A path traversal vulnerability in Ivanti EPMM allows unauthorized file access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Path Traversal View Full Analysis →
CVE-2023-35078
Critical

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass

Ivanti Ivanti CVSS: 9.8 23/07/2023

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2023-35001
High

Linux Kernel nf_tables Use-After-Free

Linux Linux CVSS: 7.8 05/07/2023

A use-after-free vulnerability in Linux kernel nf_tables allows privilege escalation.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Use After Free View Full Analysis →
CVE-2023-34362
Critical

Progress MOVEit Transfer SQL Injection

Progress Progress CVSS: 9.8 31/05/2023

A SQL injection vulnerability in Progress MOVEit Transfer allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

SQL Injection View Full Analysis →
CVE-2023-32315
Critical

Openfire Administration Console Authentication Bypass

Ignite Realtime CVSS: 9.8 26/05/2023

An authentication bypass vulnerability in Openfire Administration Console allows unauthorized access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authentication Bypass View Full Analysis →
CVE-2023-32233
High

Linux Kernel Netfilter Use-After-Free

Linux Linux CVSS: 7.8 08/05/2023

A use-after-free vulnerability in Linux kernel Netfilter allows privilege escalation.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Use After Free View Full Analysis →
CVE-2023-29357
High

Microsoft SharePoint Server Elevation of Privilege

Microsoft Microsoft CVSS: 8.8 13/06/2023

An elevation of privilege vulnerability exists in Microsoft SharePoint Server when the software fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-29336
High

Microsoft Win32k Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 09/05/2023

An elevation of privilege vulnerability exists in Win32k when it fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-28771
Critical

Zyxel Firewall Command Injection Vulnerability

Zyxel Zyxel CVSS: 9.8 25/04/2023

A command injection vulnerability in Zyxel firewall devices allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Command Injection View Full Analysis →
CVE-2023-2868
Critical

Barracuda Email Security Gateway Remote Command Injection

Barracuda Barracuda CVSS: 9.8 20/05/2023

A remote command injection vulnerability in Barracuda Email Security Gateway allows arbitrary code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Command Injection View Full Analysis →
CVE-2023-28252
High

Windows Common Log File System Driver Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 11/04/2023

An elevation of privilege vulnerability exists in Windows Common Log File System Driver.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-27997
Critical

Fortinet FortiOS Heap Buffer Overflow

Fortinet Fortinet CVSS: 9.2 13/06/2023

A heap-based buffer overflow vulnerability in FortiOS SSL-VPN allows remote code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Buffer Overflow View Full Analysis →
CVE-2023-25690
Medium

Apache HTTP Server mod_proxy HTTP Response Splitting

Apache Apache CVSS: 6.1 07/03/2023

HTTP response splitting vulnerability in Apache HTTP Server mod_proxy module.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

HTTP Response Splitting View Full Analysis →
CVE-2023-24489
Medium

Citrix ShareFile Storage Zones Controller Information Disclosure

Citrix Citrix CVSS: 6.5 18/04/2023

An information disclosure vulnerability in Citrix ShareFile Storage Zones Controller.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Information Disclosure View Full Analysis →
CVE-2023-23397
Critical

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Microsoft CVSS: 9.8 14/03/2023

An elevation of privilege vulnerability exists in Microsoft Outlook when NTLM credentials are leaked.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Credential Theft View Full Analysis →
CVE-2023-22518
Critical

Atlassian Confluence Improper Authorization

Atlassian Atlassian CVSS: 9.1 31/10/2023

An improper authorization vulnerability in Atlassian Confluence allows unauthorized access to restricted resources.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Authorization Bypass View Full Analysis →
CVE-2023-22515
Critical

Atlassian Confluence Privilege Escalation

Atlassian Atlassian CVSS: 9.8 04/10/2023

A privilege escalation vulnerability in Atlassian Confluence allows unauthenticated attackers to create administrator accounts.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-21716
Critical

Microsoft Word Remote Code Execution Vulnerability

Microsoft Microsoft CVSS: 9.3 10/01/2023

A remote code execution vulnerability exists in Microsoft Word when the software fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →
CVE-2023-21608
High

Microsoft Exchange Server Elevation of Privilege

Microsoft Microsoft CVSS: 8 14/02/2023

An elevation of privilege vulnerability exists in Microsoft Exchange Server when the software fails to properly handle objects in memory.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-21554
High

Microsoft Message Queuing Elevation of Privilege

Microsoft Microsoft CVSS: 7.8 10/01/2023

An elevation of privilege vulnerability exists in Microsoft Message Queuing (MSMQ) service.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-20269
High

Cisco ASA and FTD Denial of Service Vulnerability

Cisco Cisco CVSS: 8.6 01/11/2023

A vulnerability in Cisco ASA and FTD could allow an unauthenticated, remote attacker to cause a denial of service condition.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Denial of Service View Full Analysis →
CVE-2023-20198
Critical

Cisco IOS XE Web UI Privilege Escalation

Cisco Cisco CVSS: 10 16/10/2023

A privilege escalation vulnerability in Cisco IOS XE Web UI allows unauthenticated access.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Privilege Escalation View Full Analysis →
CVE-2023-20073
High

Cisco IOS XR Software Denial of Service

Cisco Cisco CVSS: 8.6 27/09/2023

A vulnerability in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service condition.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Denial of Service View Full Analysis →
CVE-2023-0669
High

Fortra GoAnywhere MFT Remote Code Execution

Fortra Fortra CVSS: 7.2 07/02/2023

A remote code execution vulnerability in Fortra GoAnywhere MFT allows arbitrary code execution.

Impact

See full analysis for detailed impact assessment.

Mitigation

Refer to vendor security advisory for specific mitigation steps.

Remote Code Execution View Full Analysis →

CVE Resources and Tools

🔥 Active Threats

CVE-2024-40766 ACTIVE

SonicWall SSL VPN Authentication Bypass

47 Australian organizations confirmed compromised. Immediate action required.
🚨

ACSC Critical Alert

Active exploitation of SonicWall SSL VPNs in Australia

CRITICAL

CVE-2024-40766: Authentication bypass vulnerability being actively exploited by threat actors. Immediate patching required.

View Full Advisory →

NIST National Vulnerability Database

Official US government repository of standards-based vulnerability management data

CVE Program

Community-driven effort to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities

ACSC Security Advisories

Australian Cyber Security Centre advisories and vulnerability alerts

CVSS Calculator

Common Vulnerability Scoring System for assessing vulnerability severity

Need Help Managing Vulnerabilities?

Staying on top of CVEs and security vulnerabilities requires expertise and dedicated resources. Partner with Australia's leading cybersecurity specialists for comprehensive vulnerability management.

Get Free Security Scan