CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-41265
CriticalActively exploitedEPSS 100%

An HTTP Request Tunneling vulnerability was found in Qlik Sense Enterprise for Windows affecting versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier. This allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request.

CVE-2023-38831
HighActively exploitedEPSS 100%

WinRAR versions before 6.23 allow attackers to execute arbitrary code when a user attempts to open a benign file within a ZIP archive. The issue occurs when the ZIP archive contains a benign file (such as a regular .JPG file) and a folder with the same name, and the contents of the folder (which may include executable content) are processed when trying to access only the benign file.

CVE-2023-38035
CriticalActively exploitedEPSS 100%

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

CVE-2023-36847
MediumActively exploitedEPSS 100%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated attacker to upload arbitrary files via J-Web. This can lead to a loss of integrity for the file system.

CVE-2023-36846
MediumActively exploitedEPSS 100%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated attacker to upload arbitrary files via J-Web, leading to a loss of file system integrity.

CVE-2023-36845
CriticalActively exploitedEPSS 100%

CVE-2023-36845 is a PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS that allows an unauthenticated, network-based attacker to remotely execute code by modifying the PHPRC variable. This enables code injection and execution in the PHP execution environment.

CVE-2023-36844
MediumActively exploitedEPSS 100%

CVE-2023-36844 is a PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS that allows an unauthenticated attacker to modify important environment variables. An attacker can use a crafted request to change certain variables, leading to partial loss of integrity.

CVE-2023-35082
CriticalActively exploitedEPSS 100%

CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allowing unauthorized users to access restricted functionality or resources of the application without proper authentication.

CVE-2023-38180
HighActively exploitedEPSS 96%

A vulnerability in .NET and Visual Studio allows for a Denial of Service (DoS) attack, potentially leading to application or service unavailability. An attacker can exploit this flaw to disrupt system operations.

CVE-2023-38950
HighActively exploitedEPSS 100%

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via a crafted payload. This flaw is fixed in version 9.0.120240617.19506.

CVE-2023-35081
HighActively exploitedEPSS 99%

A path traversal vulnerability in Ivanti EPMM allows an authenticated administrator to write arbitrary files onto the appliance. It affects versions 11.10.x before 11.10.0.3, 11.9.x before 11.9.1.2, and 11.8.x before 11.8.1.2.

CVE-2023-37580
MediumActively exploitedEPSS 99%

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

CVE-2023-38606
MediumActively exploitedEPSS 58%

The issue involves the potential for an app to modify sensitive kernel state. It has been addressed with improved state management in Apple operating systems.

CVE-2023-37450
HighActively exploitedEPSS 97%

The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution.

CVE-2023-35078
CriticalActively exploitedEPSS 100%

CVE-2023-35078 describes an authentication bypass vulnerability in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

CVE-2023-38203
CriticalActively exploitedEPSS 100%

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier), and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE-2023-3519
CriticalActively exploitedEPSS 100%

CVE-2023-3519 vulnerability allows unauthenticated remote code execution. This can lead to system takeover.

CVE-2023-36884
HighActively exploitedEPSS 100%

A vulnerability in Windows Search allows for remote code execution. An attacker can exploit this flaw to gain control over the system.

CVE-2023-36874
HighActively exploitedEPSS 98%

A vulnerability in the Windows Error Reporting Service allows for privilege escalation. An attacker can exploit this flaw to gain elevated privileges on the system.

CVE-2023-35311
HighActively exploitedEPSS 96%

A vulnerability in Microsoft Outlook allows for a security feature bypass, potentially leading to unauthorized access to user data.

PreviousPage 3 of 4Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS