163 CISA Known Exploited Vulnerabilities from 2023
GitLab GitLab CE/EE — GitLab Community and Enterprise Editions Improper Access Control Vulnerability
CVSS 10NextGen Healthcare Mirth Connect — NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability
CVSS 9.8Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVSS 9.8VMware vCenter Server — VMware vCenter Server Out-of-Bounds Write Vulnerability
CVSS 9.8Ivanti EPMM / MobileIron Core — Unauthenticated API Access Affecting End-of-Life and Current Versions
CVSS 9.8Microsoft SharePoint Server — Microsoft SharePoint Server Privilege Escalation Vulnerability
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Unitronics Vision PLC and HMI — Unitronics Vision PLC and HMI Insecure Default Password Vulnerability
CVSS 9.8Qlik Sense — Qlik Sense HTTP Tunneling Vulnerability
CVSS 9.6ownCloud ownCloud graphapi — ownCloud graphapi Information Disclosure Vulnerability
CVSS 10Apache ActiveMQ — OpenWire ClassInfo Deserialization Allows Unauthenticated Remote Code Execution via Port 61616
CVSS 10Sophos Web Appliance — Sophos Web Appliance Command Injection Vulnerability
CVSS 9.8Juniper Junos OS — Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
CVSS 9.8SysAid SysAid Server — SysAid Server Path Traversal Vulnerability
CVSS 9.8Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
CVSS 9.8Google Chromium Skia — Google Skia Integer Overflow Vulnerability
CVSS 9.6Cisco IOS XE Web UI — Cisco IOS XE Web UI Privilege Escalation Vulnerability
CVSS 10Progress WS_FTP Server — Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
CVSS 10F5 BIG-IP Configuration Utility — F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
CVSS 9.8Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVSS 9.8JetBrains TeamCity — JetBrains TeamCity Authentication Bypass Vulnerability
CVSS 9.8Citrix NetScaler 'CitrixBleed' — Session Token Memory Leak Enables Unauthenticated Session Hijacking on Gateway and AAA Endpoints
CVSS 9.4Ivanti Sentry — Pre-Auth RCE via Unauthenticated Hessian RPC on MICS Admin Portal
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Citrix Content Collaboration — Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
CVSS 9.8Ivanti EPMM — Unauthenticated Remote API Access via Missing Authentication Control
CVSS 9.8Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
CVSS 9.8Zyxel Multiple Network-Attached Storage (NAS) Devices — Zyxel Multiple NAS Devices Command Injection Vulnerability
CVSS 9.8VMware Aria Operations for Networks — Vmware Aria Operations for Networks Command Injection Vulnerability
CVSS 9.8Fortinet FortiOS and FortiProxy SSL-VPN — Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVSS 9.8Progress MOVEit Transfer — Unauthenticated SQL Injection Enables Data Exfiltration and Webshell Deployment; Cl0p Mass Exploitation Campaign
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVSS 9.8Ruckus Wireless Multiple Products — Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
CVSS 9.8Barracuda Networks Email Security Gateway (ESG) Appliance — Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
CVSS 9.4PaperCut MF/NG — PaperCut MF/NG Improper Access Control Vulnerability
CVSS 9.8Novi Survey Novi Survey — Novi Survey Insecure Deserialization Vulnerability
CVSS 9.8Google Chromium Skia — Google Chrome Skia Integer Overflow Vulnerability
CVSS 9.6Microsoft Exchange Server — Authenticated RCE via PowerShell SOAP Deserialization
CVSS 8.8Windows CLFS Driver — Kernel Pool Corruption via BLF File Parsing Leading to Privilege Escalation
CVSS 7.8PaperCut NG/MF — Pre-Auth Authentication Bypass via SecurityRequestFilter Enabling Information Disclosure
CVSS 7.5Apple Multiple Products — Apple Multiple products Use-After-Free Vulnerability
CVSS 8.8Apple iOS and iPadOS — Apple iOS and iPadOS Use-After-Free Vulnerability
CVSS 7.8TP-Link Multiple Routers — TP-Link Multiple Routers Command Injection Vulnerability
CVSS 8.8ASUS RT-AX55 Routers — ASUS RT-AX55 Routers OS Command Injection Vulnerability
CVSS 8.8Linux Kernel — Linux Kernel Improper Ownership Management Vulnerability
CVSS 7.8ZKTeco BioTime — ZKTeco BioTime Path Traversal Vulnerability
CVSS 7.5SonicWall SMA100 Appliances — SonicWall SMA100 Appliances OS Command Injection Vulnerability
CVSS 7.2Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Microsoft Streaming Service — Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
CVSS 8.4Apache Superset — Apache Superset Insecure Default Initialization of Resource Vulnerability
CVSS 8.9Google Chromium WebRTC — Google Chromium WebRTC Heap Buffer Overflow Vulnerability
CVSS 8.8Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
CVSS 8.2Ivanti Connect Secure and Policy Secure — Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
CVSS 8.2Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability
CVSS 7.8Spreadsheet::ParseExcel Spreadsheet::ParseExcel — Spreadsheet::ParseExcel Remote Code Execution Vulnerability
CVSS 7.8FXC AE1021, AE1021PE — FXC AE1021, AE1021PE OS Command Injection Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Memory Corruption Vulnerability
CVSS 8.8Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
CVSS 8.4Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVSS 8.4Qlik Sense — Qlik Sense Path Traversal Vulnerability
CVSS 8.2QNAP VioStor NVR — QNAP VioStor NVR OS Command Injection Vulnerability
CVSS 8Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVSS 8.8GNU GNU C Library — GNU C Library Buffer Overflow Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
CVSS 7.8IETF Service Location Protocol (SLP) — Service Location Protocol (SLP) Denial-of-Service Vulnerability
CVSS 7.5F5 BIG-IP Configuration Utility — F5 BIG-IP Configuration Utility SQL Injection Vulnerability
CVSS 8.8Google Chromium libvpx — Google Chromium libvpx Heap Buffer Overflow Vulnerability
CVSS 8.8Adobe Acrobat and Reader — Adobe Acrobat and Reader Use-After-Free Vulnerability
CVSS 7.8Apple iOS and iPadOS — Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
CVSS 7.8HTTP/2 Protocol — Protocol-Level Denial of Service
CVSS 7.5Cisco Cisco IOS XE Web UI — Cisco IOS XE Web UI Command Injection Vulnerability
CVSS 7.2Microsoft Windows CNG Key Isolation Service — Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
CVSS 7Apple Multiple Products — Apple Multiple Products WebKit Code Execution Vulnerability
CVSS 8.8MinIO MinIO — MinIO Security Feature Bypass Vulnerability
CVSS 8.8Google Chromium WebP — Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products Kernel Privilege Escalation Vulnerability
CVSS 7.8Adobe Acrobat and Reader — Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
CVSS 7.8Android Framework — Android Framework Privilege Escalation Vulnerability
CVSS 7.8Microsoft Streaming Service Proxy — Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
CVSS 7.8Apple iOS, iPadOS, and watchOS — Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
CVSS 7.8Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
CVSS 7.8Trend Micro Apex One and Worry-Free Business Security — Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
CVSS 7.2Ignite Realtime Openfire — Ignite Realtime Openfire Path Traversal Vulnerability
CVSS 8.6RARLAB WinRAR — RARLAB WinRAR Code Execution Vulnerability
CVSS 7.8Veeam Backup & Replication — Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
CVSS 7.5Microsoft .NET Core and Visual Studio — Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
CVSS 7.5Apple Multiple Products — Apple Multiple Products WebKit Code Execution Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
CVSS 8.8Microsoft Outlook — Microsoft Outlook Security Feature Bypass Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
CVSS 7.8Adobe ColdFusion — Adobe ColdFusion Improper Access Control Vulnerability
CVSS 7.5Adobe ColdFusion — Adobe ColdFusion Improper Access Control Vulnerability
CVSS 7.5Microsoft Windows — Microsoft Windows Search Remote Code Execution Vulnerability
CVSS 7.5Ivanti EPMM — Authenticated Arbitrary File Write via Path Traversal, Enabling Webshell Deployment
CVSS 7.2Apple Multiple Products — Apple Multiple Products WebKit Memory Corruption Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Type Confusion Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products Integer Overflow Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products WebKit Use-After-Free Vulnerability
CVSS 8.8TP-Link Archer AX21 — TP-Link Archer AX-21 Command Injection Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Sandbox Escape Vulnerability
CVSS 8.6Microsoft Win32k — Microsoft Win32K Privilege Escalation Vulnerability
CVSS 7.8Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability
CVSS 7.5Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Use-After-Free Vulnerability
CVSS 8.8Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
CVSS 8.6Android Framework — Android Framework Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CVSS 7.8MinIO MinIO — MinIO Information Disclosure Vulnerability
CVSS 7.5Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 8.6Linux Kernel — Linux Kernel Use-After-Free Vulnerability
CVSS 7.9Apple Multiple Products — Apple Multiple Products WebKit Type Confusion Vulnerability
CVSS 8.8SugarCRM Multiple Products — Multiple SugarCRM Products Remote Code Execution Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Graphic Component Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CVSS 7.8Microsoft Office — Microsoft Office Publisher Security Feature Bypass Vulnerability
CVSS 7.3Fortra GoAnywhere MFT — Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CVSS 7.2Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
CVSS 5.5Joomla! Joomla! — Joomla! Improper Access Control Vulnerability
CVSS 5.3Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
CVSS 5.4Juniper Junos OS — Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
CVSS 5.3Juniper Junos OS — Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
CVSS 5.3Cisco IOS and IOS XE — Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
CVSS 6.6Microsoft WordPad — Microsoft WordPad Information Disclosure Vulnerability
CVSS 6.5Roundcube Webmail — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Arm Mali GPU Kernel Driver — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
CVSS 5.5Microsoft Skype for Business — Microsoft Skype for Business Privilege Escalation Vulnerability
CVSS 5.3Microsoft Word — Microsoft Word Information Disclosure Vulnerability
CVSS 6.5Apple Multiple Products — Apple Multiple Products Improper Certificate Validation Vulnerability
CVSS 5.5Cisco Adaptive Security Appliance and Firepower Threat Defense — Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
CVSS 5Zimbra ZCS 8.8.x — Reflected XSS via Unescaped URL Parameter Exploited by Four Nation-State Groups as Zero-Day
CVSS 6.1Apple Multiple Products — Apple Multiple Products Kernel Unspecified Vulnerability
CVSS 5.5Apple Multiple Products — Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
CVSS 6.5Samsung Mobile Devices — Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
CVSS 4.4