CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-34192
CriticalActively exploitedEPSS 100%

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

CVE-2023-33538
HighActively exploitedEPSS 99%

A command injection vulnerability was discovered in TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 via the component /userRpm/WlanNetworkRpm.

CVE-2023-3079
HighActively exploitedEPSS 98%

Type confusion in V8 in Google Chrome prior to version 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2023-34362
CriticalActively exploitedEPSS 100%

A SQL injection vulnerability has been found in the MOVEit Transfer web application before version 2021.0.6, which could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

CVE-2023-33246
CriticalActively exploitedEPSS 100%

In RocketMQ versions 5.1.0 and below, there is a risk of remote command execution under certain conditions. Several components of RocketMQ, including NameServer, Broker, and Controller, are exposed on the extranet and lack permission verification.

CVE-2023-33010
CriticalActively exploitedEPSS 98%

CVE-2023-33010 describes a buffer overflow vulnerability in the ID processing function in the firmware of Zyxel ATP series, USG FLEX, USG20(W)-VPN, VPN series, and ZyWALL/USG. This could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even remote code execution on an affected device.

CVE-2023-33009
CriticalActively exploitedEPSS 98%

CVE-2023-33009 describes a buffer overflow vulnerability in the notification function in the firmware of Zyxel ATP series, USG FLEX series, USG20(W)-VPN, VPN series, and ZyWALL/USG series. This could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even remote code execution on an affected device.

CVE-2022-26258
CriticalActively exploitedEPSS 100%

A remote command execution (RCE) vulnerability was discovered in the D-Link DIR-820L router version 1.05B03 via an HTTP POST request to the get set ccp function.

CVE-2022-0492
HighActively exploited

Wykryto podatność w funkcji cgroup_release_agent_write jądra Linux w pliku kernel/cgroup/cgroup-v1.c. W określonych okolicznościach, flaw ta pozwala na wykorzystanie funkcji release_agent cgroups v1 do eskalacji uprawnień oraz nieoczekiwanego obejścia izolacji przestrzeni nazw.

CVE-2021-42237
CriticalActively exploitedEPSS 100%

A vulnerability in Sitecore XP from version 7.5 to 8.2 Update-7 allows remote code execution through insecure deserialization. No authentication or special configuration is required to exploit this flaw.

CVE-2021-27562
MediumActively exploited

W Arm Trusted Firmware M do wersji 1.2, świat NS może wywołać zatrzymanie systemu, nadpisanie danych zabezpieczonych lub wydrukowanie danych zabezpieczonych podczas wywoływania funkcji zabezpieczonych w trybie obsługi NSPE.

CVE-2021-25298
HighActively exploitedEPSS 99%

Nagios XI version xi-5.7.5 is affected by OS command injection due to improper sanitization of authenticated user input in the file cloud-vm.inc.php.

CVE-2021-25297
HighActively exploitedEPSS 99%

A vulnerability in Nagios XI version xi-5.7.5 allows OS command injection. The issue exists in the switch.inc.php file due to improper sanitization of authenticated user input.

CVE-2021-25296
HighActively exploitedEPSS 99%

Nagios XI version xi-5.7.5 is affected by OS command injection in the file windowswmi.inc.php due to improper sanitization of authenticated user input, allowing arbitrary command execution.

CVE-2019-19006
CriticalActively exploitedEPSS 98%

Versions of Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, and 13.0.197.13 and below have incorrect access control.

CVE-2018-1273
CriticalActively exploitedEPSS 100%

Vulnerability in Spring Data Commons (versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions) due to improper neutralization of special elements in the property binder. An unauthenticated remote attacker can supply specially crafted request parameters against Spring Data REST backed HTTP resources or use Spring Data's projection-based request payload binding, leading to remote code execution.

PreviousPage 4 of 4Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS