Feed

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2023-46747

CVE-2023-46747: Critical F5 BIG-IP Authentication Bypass and RCE Vulnerability Advisory

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

BIG-IP Configuration Utility

View Detail

CVE-2023-46604

CVE-2023-46604: Critical RCE in Apache ActiveMQ via OpenWire Deserialization

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

ActiveMQ

View Detail

CVE-2023-22518

Critical Advisory: CVE-2023-22518 Atlassian Confluence Improper Authorization Vulnerability

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.

Confluence Data Center and Server

View Detail

CVE-2023-38203

CVE-2023-38203: Critical Adobe ColdFusion Deserialization Vulnerability Threat Advisory

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

ColdFusion

View Detail

CVE-2023-29300

CVE-2023-29300 Adobe ColdFusion Deserialization: Critical Security Advisory and Patch Guide

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

ColdFusion

View Detail

CVE-2024-21887

CVE-2024-21887: Critical Ivanti Connect Secure Command Injection Vulnerability Advisory

Ivanti Connect Secure (ICS) and Ivanti Policy Secure contain a command injection vulnerability (CVE-2024-21887) in web components, allowing authenticated administrators to execute arbitrary commands. This is frequently chained with CVE-2023-46805 for unauthenticated access.

Connect Secure and Policy Secure

View Detail

CVE-2023-46805

CVE-2023-46805: Critical Ivanti Connect Secure Authentication Bypass Advisory

Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways contain a critical authentication bypass vulnerability (CVE-2023-46805) in their web component. This allows unauthenticated remote attackers to access restricted resources, often used in conjunction with CVE-2024-21887 for full system compromise.

Connect Secure and Policy Secure

View Detail

CVE-2023-29357

CVE-2023-29357: Critical Microsoft SharePoint Server Authentication Bypass and Privilege Escalation Advisory

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

SharePoint Server

View Detail

CVE-2023-35082

Critical Ivanti EPMM Authentication Bypass (CVE-2023-35082): Technical Deep Dive and Remediation Guide

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

Endpoint Manager Mobile (EPMM) and MobileIron Core

View Detail

CVE-2023-22527

CVE-2023-22527: Critical Unauthenticated RCE in Atlassian Confluence Data Center and Server

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Confluence Data Center and Server

View Detail

CVE-2024-21893

CVE-2024-21893: Critical SSRF in Ivanti Connect Secure and Policy Secure SAML Component

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

Connect Secure, Policy Secure, and Neurons

View Detail

CVE-2026-6973

CVE-2026-6973: Critical RCE Vulnerability in Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

Endpoint Manager Mobile (EPMM)

View Detail

1 2 345 6 7