Notable Vulnerabilities

Jan 15, 2026·GitHub Actions workflows with untrusted inputs

GitHub Actions Script Injection via Workflow Inputs

A script injection vulnerability class affecting GitHub Actions workflows that interpolate untrusted user inputs (PR titles, issue bodies) d...

githubci-cdinjection

CVE-2025-20188

May 7, 2025·Cisco IOS XE with Wireless LAN Controller

Cisco IOS XE Wireless Controller Max-Severity RCE

A maximum-severity vulnerability in Cisco IOS XE Software for Wireless LAN Controllers. A hardcoded JSON Web Token (JWT) allows unauthentica...

ciscowirelesshardcoded-creds

CVE-2025-30065

Apr 1, 2025·Apache Parquet Java ≤ 1.15.0

Apache Parquet RCE via Schema Parsing

A critical deserialization vulnerability in Apache Parquet's Java library. Maliciously crafted Parquet files trigger arbitrary code executio...

big-datadeserializationjava

CVE-2025-31161

Mar 26, 2025·CrushFTP < 10.8.4 / 11.3.1

CrushFTP Authentication Bypass

An authentication bypass vulnerability in CrushFTP managed file transfer server. Unauthenticated attackers can access any user account inclu...

file-transferauth-bypassransomware

CVE-2025-2783

8.3HIGH

Chrome Mojo Sandbox Escape

A critical sandbox escape vulnerability in Google Chrome's Mojo IPC layer. Attackers can escape the browser sandbox by exploiting incorrect ...

Mar 25, 2025·Google Chrome < 134.0.6998.177

chromesandbox-escapezero-day

CVE-2025-1974

Mar 24, 2025·ingress-nginx < 1.12.1 / 1.11.5

IngressNightmare (Kubernetes Ingress-NGINX)

A critical unauthenticated RCE vulnerability in the Kubernetes ingress-nginx admission controller, dubbed "IngressNightmare." Attackers can ...

kubernetesrcecloud

CVE-2025-29927

9.1CRITICAL

Next.js Middleware Authorization Bypass

An authorization bypass in Next.js middleware. By setting a specific internal header (x-middleware-subrequest), attackers can skip middlewar...

Mar 21, 2025·Next.js < 15.2.3 / 14.2.25

nextjsmiddlewareauth-bypass

CVE-2025-25291

Mar 12, 2025·GitLab CE/EE with ruby-saml < 1.17.0

GitLab SAML Authentication Bypass

An authentication bypass in GitLab via a parser differential in ruby-saml. Attackers can craft SAML responses that bypass signature verifica...

gitlabsamlauth-bypass

CVE-2025-24813

Mar 10, 2025·Apache Tomcat 11.0.0-M1 through 11.0.2

Apache Tomcat RCE via Partial PUT

A path equivalence vulnerability in Apache Tomcat that, combined with partial PUT request handling and default servlet configuration, allows...

tomcatjavadeserialization

CVE-2025-22224

9.3CRITICAL

VMware ESXi TOCTOU VM Escape

A TOCTOU (time-of-check time-of-use) vulnerability in VMware ESXi that enables VM escape. An attacker with local admin privileges on a virtu...

Mar 4, 2025·VMware ESXi, Workstation, Fusion

vmwarevm-escapezero-day

CVE-2025-23209

8HIGH

Craft CMS RCE via Twig SSTI

A code injection vulnerability in Craft CMS via server-side template injection (SSTI) in Twig templates. Attackers who obtain the applicatio...

Feb 20, 2025·Craft CMS 4.x < 4.13.8, 5.x < 5.5.5

cmssstirce

CVE-2025-24472

9.6CRITICAL

FortiOS Authentication Bypass (Super Admin)

An authentication bypass using an alternate path in FortiOS. Remote attackers can gain super_admin privileges via crafted CSF proxy requests...

Feb 11, 2025·FortiOS 7.0.0-7.0.16

fortinetauth-bypassransomware

CVE-2025-23006

Jan 22, 2025·SonicWall SMA1000 < 12.4.3-02854

SonicWall SMA1000 Zero-Day RCE

A pre-authentication deserialization vulnerability in SonicWall SMA1000 series appliances. Unauthenticated remote attackers can execute arbi...

vpnzero-daydeserialization

CVE-2025-21298

Jan 14, 2025·Microsoft Windows (all supported versions)

Windows OLE Remote Code Execution

A critical use-after-free vulnerability in Windows OLE (Object Linking and Embedding). Attackers can execute arbitrary code by sending a spe...

windowsolezero-click

CVE-2025-0282

9CRITICAL

Ivanti Connect Secure Stack Buffer Overflow

A stack-based buffer overflow in Ivanti Connect Secure VPN that allows unauthenticated remote attackers to achieve code execution. Exploited...

Jan 8, 2025·Ivanti Connect Secure < 22.7R2.5

vpnfirmwarezero-day

CVE-2024-50623

Dec 9, 2024·Cleo Harmony, VLTrader, LexiCom < 5.8.0.21

Cleo File Transfer RCE

An unrestricted file upload and download vulnerability in Cleo file transfer products. Unauthenticated attackers can execute arbitrary comma...

file-transferransomwarecl0p

CVE-2024-9474

7.2HIGH

PAN-OS Management Interface Privilege Escalation

A command injection in PAN-OS management web interface enabling authenticated administrators to escalate privileges to root on the firewall....

Nov 18, 2024·PAN-OS 10.1, 10.2, 11.0, 11.1, 11.2

paloaltofirewallprivilege-escalation

CVE-2024-47575

Oct 23, 2024·FortiManager 7.x, 6.x multiple versions

FortiManager Unauthenticated RCE (FortiJump)

A missing authentication vulnerability in FortiManager's FGFM (FortiGate to FortiManager) daemon. Unauthenticated attackers can execute arbi...

fortinetfirmwarezero-day

CVE-2024-38856

Aug 5, 2024·Apache OFBiz < 18.12.15

Apache OFBiz Auth Bypass + RCE

An authentication bypass in Apache OFBiz ERP that allows unauthenticated attackers to execute arbitrary code. By exploiting view override fu...

erpauth-bypassrce

CVE-2024-6387

8.1HIGH

regreSSHion (OpenSSH RCE)

A signal handler race condition in OpenSSH server (sshd) that allows unauthenticated remote code execution as root. A regression of CVE-2006...

Jul 1, 2024·OpenSSH 8.5p1 through 9.7p1

opensshrcerace-condition

CVE-2024-4577

Jun 6, 2024·PHP CGI on Windows (all versions before 8.3.8)

PHP CGI Argument Injection

An argument injection vulnerability in PHP CGI on Windows that bypasses the CVE-2012-1823 protection. Attackers can use specific Unicode cha...

phprcewindows

CVE-2024-3400

Apr 12, 2024·PAN-OS 10.2, 11.0, 11.1 GlobalProtect

Palo Alto PAN-OS Command Injection

A critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect feature. Unauthenticated attackers can execute arbitra...

paloaltofirewallzero-day

CVE-2024-3273

Apr 4, 2024·D-Link DNS-320L, DNS-325, DNS-327L, DNS-340L

D-Link NAS Backdoor Account + Command Injection

Multiple end-of-life D-Link NAS devices contain a hardcoded backdoor account and a command injection vulnerability in the nas_sharing.cgi en...

iotnasbackdoor

CVE-2024-3094

Mar 29, 2024·XZ Utils 5.6.0 / 5.6.1

XZ Utils Supply Chain Backdoor

A sophisticated supply chain attack where a malicious maintainer injected a backdoor into the XZ Utils compression library. The backdoor tar...

supply-chainbackdoorssh

CVE-2024-27198

Mar 4, 2024·JetBrains TeamCity < 2023.11.4

JetBrains TeamCity Auth Bypass

Authentication bypass in JetBrains TeamCity enabling unauthenticated remote attackers to take complete control of the CI/CD server. Attacker...

ci-cdauth-bypassapt

CVE-2024-1709

Feb 19, 2024·ScreenConnect < 23.9.8

ConnectWise ScreenConnect Auth Bypass

An authentication bypass in ConnectWise ScreenConnect, a widely used remote support tool. Attackers can bypass authentication and create adm...

remote-accessauth-bypassransomware

CVE-2024-21762

9.6CRITICAL

FortiOS SSL VPN Out-of-Bounds Write

An out-of-bounds write vulnerability in FortiOS SSL VPN. Unauthenticated remote attackers can execute arbitrary code or commands via special...

Feb 8, 2024·FortiOS 7.4.0 through 7.4.2

fortinetvpnfirmware

CVE-2024-21626

8.6HIGH

runc Container Escape (Leaky Vessels)

A container escape vulnerability in runc (the container runtime used by Docker, Kubernetes, and containerd). An attacker can break out of a ...

Jan 31, 2024·runc ≤ 1.1.11

containerdockerkubernetes

CVE-2024-23897

Jan 24, 2024·Jenkins <= 2.441 / LTS <= 2.426.2

Jenkins CLI Arbitrary File Read

Jenkins CLI processes @-prefixed arguments as file paths and reads their contents, allowing unauthenticated attackers to read arbitrary file...

jenkinsci-cdfile-read

CVE-2024-23222

Jan 22, 2024·iOS < 17.3, macOS < 14.3, Safari < 17.3

Apple WebKit Type Confusion

A type confusion vulnerability in WebKit, Apple's browser engine. Processing maliciously crafted web content may lead to arbitrary code exec...

applewebkitzero-day

CVE-2024-0519

Jan 16, 2024·Google Chrome < 120.0.6099.224

Chrome V8 Out-of-Bounds Access

An out-of-bounds memory access in Chrome V8 JavaScript engine allowing arbitrary code execution. Exploited as a zero-day in the wild. Proces...

chromev8zero-day

CVE-2023-44487

Oct 10, 2023·Multiple HTTP/2 implementations

HTTP/2 Rapid Reset DDoS

A novel DDoS attack vector exploiting the HTTP/2 RST_STREAM frame. Attackers rapidly open and cancel streams, consuming server resources whi...

http2ddosprotocol

CVE-2023-4966

9.4CRITICAL

Citrix Bleed

A buffer overflow in Citrix NetScaler ADC and Gateway that exposes sensitive information including session tokens. Attackers can hijack auth...

Oct 10, 2023·Citrix NetScaler ADC/Gateway 14.1, 13.1, 13.0

citrixvpnransomware

CVE-2023-22515

Oct 4, 2023·Confluence Data Center/Server 8.0.0-8.5.1

Atlassian Confluence Privilege Escalation

A broken access control vulnerability in Atlassian Confluence that allows unauthenticated attackers to create administrator accounts through...

atlassianconfluenceauth-bypass

CVE-2023-42793

Sep 19, 2023·JetBrains TeamCity < 2023.05.4

TeamCity Critical Auth Bypass (2023)

An authentication bypass in the JetBrains TeamCity on-premises server. Remote unauthenticated attackers can reach the TeamCity Server REST A...

ci-cdauth-bypassnation-state

CVE-2023-34362

May 31, 2023·Progress MOVEit Transfer < 2023.0.1

MOVEit Transfer SQL Injection

A critical SQL injection vulnerability in MOVEit Transfer web application. Unauthenticated attackers can send crafted payloads to the MOVEit...

sql-injectionransomwarefile-transfer

CVE-2023-32784

May 15, 2023·KeePass 2.x < 2.54

KeePass Master Password Memory Extraction

The master password of a KeePass database can be extracted from memory, even from a locked workspace or crash dump. A custom text box used f...

password-managermemory-leakcredentials

CVE-2023-23397

Mar 14, 2023·Microsoft Outlook for Windows

Outlook NTLM Credential Theft

A critical zero-click vulnerability where a specially crafted email triggers an NTLM authentication request to an attacker-controlled SMB se...

outlookntlmzero-click

CVE-2022-3602

Nov 1, 2022·OpenSSL 3.0.0 - 3.0.6

OpenSSL X.509 Buffer Overflow

A stack-based buffer overflow in OpenSSL 3.x X.509 certificate verification. Processing a maliciously crafted email address in a certificate...

openssltlsbuffer-overflow

CVE-2022-22965

Mar 31, 2022·Spring Framework 5.3.x < 5.3.18 / 5.2.x < 5.2.20

Spring4Shell

Remote code execution via data binding in Spring MVC and Spring WebFlux when running on JDK 9+. Attackers can modify the ClassLoader through...

javaspringrce

CVE-2022-0847

7.8HIGH

Dirty Pipe (Linux Kernel)

A vulnerability in the Linux kernel that allows overwriting data in arbitrary read-only files. By exploiting the pipe buffer mechanism, unpr...

Mar 7, 2022·Linux Kernel 5.8+

linuxkernelprivilege-escalation

CVE-2021-45046

9CRITICAL

Log4j DoS/RCE Bypass

A bypass of the initial Log4Shell fix (CVE-2021-44228). The 2.15.0 patch was incomplete — certain non-default configurations still allowed J...

Dec 14, 2021·Apache Log4j 2.x < 2.16.0

javarcepatch-bypass

CVE-2021-44228

Dec 10, 2021·Apache Log4j 2.x < 2.15.0

Log4Shell

A critical remote code execution vulnerability in Apache Log4j 2, the most widely used Java logging framework. Attackers can execute arbitra...

javarcezero-day

CVE-2021-34527

Jul 1, 2021·Windows Print Spooler (all versions)

PrintNightmare

A privilege escalation and RCE vulnerability in the Windows Print Spooler service. Authenticated attackers can execute code with SYSTEM priv...

windowsprivilege-escalationprint-spooler

CVE-2021-26855

Mar 2, 2021·Microsoft Exchange Server 2013/2016/2019

ProxyLogon

A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that allows unauthenticated attackers to send arbitrary HTTP...

exchangessrfzero-day

CVE-2021-21972

Feb 23, 2021·VMware vCenter Server 6.5, 6.7, 7.0

VMware vCenter Server RCE

An unauthenticated file upload vulnerability in the vSphere Client (HTML5). Attackers can upload a specially crafted file to the vCenter Ser...

vmwarevcenterrce

CVE-2021-3156

7.8HIGH

Baron Samedit (sudo Heap Overflow)

A heap-based buffer overflow in sudo that allows any unprivileged user to gain root privileges on default Linux installations. The vulnerabi...

Jan 26, 2021·sudo 1.8.2 through 1.9.5p1

linuxsudoprivilege-escalation

CVE-2020-1472

Aug 11, 2020·Windows Server 2008-2019

Zerologon

A critical privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). By exploiting a cryptographic flaw in the AES-CFB8 ...

windowsactive-directorycrypto

CVE-2019-0708

May 14, 2019·Windows XP through Windows 7, Server 2003-2008

BlueKeep (Windows RDP)

A critical use-after-free vulnerability in Windows Remote Desktop Protocol (RDP) that can be exploited by unauthenticated remote attackers. ...

windowsrdpwormable

CVE-2019-11510

May 8, 2019·Pulse Connect Secure < 9.0R3.4

Pulse Secure VPN Arbitrary File Read

A path traversal vulnerability in Pulse Secure VPN that allows unauthenticated remote attackers to read arbitrary files from the VPN server,...

vpnpath-traversalfirmware

CVE-2017-0144

8.1HIGH

EternalBlue

A buffer overflow in Microsoft Windows SMBv1 protocol discovered by the NSA and leaked by the Shadow Brokers. Allows remote code execution o...

Mar 14, 2017·Microsoft Windows SMBv1

windowssmbransomware

CVE-2017-5638

Mar 6, 2017·Apache Struts 2.x < 2.3.32 / 2.5.x < 2.5.10.1

Apache Struts 2 RCE

Remote code execution in Apache Struts 2 via a crafted Content-Type HTTP header in multipart upload requests. The Jakarta Multipart parser e...

javarceequifax

CVE-2014-6271

Sep 24, 2014·GNU Bash through 4.3

Shellshock

A family of vulnerabilities in GNU Bash that allows attackers to execute arbitrary commands through crafted environment variables. When Bash...

bashrceiot

CVE-2014-0160