Common Vulnerabilities and Exposures (CVE)

CVE-2023-33952

Feb 25, 2026 17:20:10 UTC

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on ...

CVE-2023-4147

Feb 25, 2026 17:20:10 UTC

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

CVE-2023-39513

Feb 25, 2026 17:20:10 UTC

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s data...

CVE-2023-39516

Feb 25, 2026 17:20:09 UTC

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s data...

CVE-2023-4921

Feb 25, 2026 17:20:09 UTC

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-f...

CVE-2023-20235

Feb 25, 2026 17:20:09 UTC

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system ...

CVE-2023-5717

Feb 25, 2026 17:20:08 UTC

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller...

CVE-2023-5528

Feb 25, 2026 17:20:08 UTC

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an i...

CVE-2023-40151

Feb 25, 2026 17:20:08 UTC

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication ch...

CVE-2023-5274

Feb 25, 2026 17:20:08 UTC

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the p...

CVE-2023-5275

Feb 25, 2026 17:20:08 UTC

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the p...

CVE-2023-31275

Feb 25, 2026 17:20:07 UTC

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a m...

CVE-2023-29063

Feb 25, 2026 17:20:07 UTC

The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a ...

CVE-2023-29066

Feb 25, 2026 17:20:07 UTC

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.

CVE-2023-5909

Feb 25, 2026 17:20:07 UTC

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.