Security Vulnerabilities - Known exploited
CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Known exploited
CVSS Score
7.5
EPSS Score
0.836
Published
2023-03-10
CVE-2022-41328
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
Known exploited
CVSS Score
6.7
EPSS Score
0.003
Published
2023-03-07
CVE-2019-8720
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Known exploited
CVSS Score
8.8
EPSS Score
0.041
Published
2023-03-06
CVE-2023-23529
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Known exploited
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-27
CVE-2022-47986
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2023-02-17
CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Known exploited
CVSS Score
5.3
EPSS Score
0.945
Published
2023-02-16
CVE-2023-21823
Windows Graphics Component Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.052
Published
2023-02-14
CVE-2023-23376
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.211
Published
2023-02-14
CVE-2023-21715
Microsoft Publisher Security Feature Bypass Vulnerability
Known exploited
CVSS Score
7.3
EPSS Score
0.007
Published
2023-02-14
CVE-2023-21529
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.265
Published
2023-02-14