CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An HTTP Request Tunneling vulnerability was found in Qlik Sense Enterprise for Windows affecting versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier. This allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request.
WinRAR versions before 6.23 allow attackers to execute arbitrary code when a user attempts to open a benign file within a ZIP archive. The issue occurs when the ZIP archive contains a benign file (such as a regular .JPG file) and a folder with the same name, and the contents of the folder (which may include executable content) are processed when trying to access only the benign file.
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated attacker to upload arbitrary files via J-Web. This can lead to a loss of integrity for the file system.
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated attacker to upload arbitrary files via J-Web, leading to a loss of file system integrity.
CVE-2023-36845 is a PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS that allows an unauthenticated, network-based attacker to remotely execute code by modifying the PHPRC variable. This enables code injection and execution in the PHP execution environment.
CVE-2023-36844 is a PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS that allows an unauthenticated attacker to modify important environment variables. An attacker can use a crafted request to change certain variables, leading to partial loss of integrity.
CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allowing unauthorized users to access restricted functionality or resources of the application without proper authentication.
A vulnerability in .NET and Visual Studio allows for a Denial of Service (DoS) attack, potentially leading to application or service unavailability. An attacker can exploit this flaw to disrupt system operations.
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via a crafted payload. This flaw is fixed in version 9.0.120240617.19506.
A path traversal vulnerability in Ivanti EPMM allows an authenticated administrator to write arbitrary files onto the appliance. It affects versions 11.10.x before 11.10.0.3, 11.9.x before 11.9.1.2, and 11.8.x before 11.8.1.2.
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
The issue involves the potential for an app to modify sensitive kernel state. It has been addressed with improved state management in Apple operating systems.
The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution.
CVE-2023-35078 describes an authentication bypass vulnerability in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier), and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVE-2023-3519 vulnerability allows unauthenticated remote code execution. This can lead to system takeover.
A vulnerability in Windows Search allows for remote code execution. An attacker can exploit this flaw to gain control over the system.
A vulnerability in the Windows Error Reporting Service allows for privilege escalation. An attacker can exploit this flaw to gain elevated privileges on the system.
A vulnerability in Microsoft Outlook allows for a security feature bypass, potentially leading to unauthorized access to user data.

