Vulnerabilities & Infections
Overviews of recent emerging security events (vulnerabilities & infections), along with resources to detect and mitigate them.
- Apache ActiveMQ Remote Code Execution [CVE-2023-46604]
- ArcaneDoor Vulnerabilities [CVE-2024-20353, CVE-2024-20359]
- Atlassian Confluence Data Center and Server Template Injection [CVE-2023-22527]
- Atlassian Confluence Data Center and Server [CVE-2023-22515]
- Barracuda Email Security Gateway [CVE-2023-2868]
- Cisco Adaptive Security Appliance (ASA) Software Brute Force [CVE-2023-20269]
- Cisco IOS XE Web UI Privilege Escalation [CVE-2023-20198] & Elevation [CVE-2023-20273]
- Citrix Netscaler ADC and Netscaler Gateway [CVE-2023-4966]
- Citrix ShareFile StorageZone Controller [CVE-2023-24489]
- Cleo File Transfer [CVE-2024-50623 & CVE-2024-55956]
- Critical Command Injection Vulnerability in Some Versions of Palo Alto PAN-OS [CVE-2024-3400]
- CrushFTP Zero-Day [CVE-2024-4040]
- CUPS Printing System Vulnerability Chain
- Fortinet FortiOS SSL VPN Out-of-Bounds Write [CVE-2024-21762]
- FortiOS/FortiProxy [CVE-2023-27997]
- Ivanti Connect Secure and Policy Secure
- Ivanti Resource Center
- Ivanti Zero-Day [CVE-2025-0282 & CVE-2025-0283]
- MOVEit Transfer Resource Center
- NetScaler ADC & NetScaler Gateway RCE [CVE-2023-3519]
- Next.js Authorization Bypass Vulnerability [CVE-2025-29927]
- Progress MOVEit Transfer Authentication Bypass [CVE-2024-5806]
- Service Location Protocol Vulnerability [CVE-2023-29552]
- ServiceNow Vulnerability Chain [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178]
- SonicWall Improper Authentication Vulnerability [CVE-2024-53704]
- SonicWall Untrusted Data Pre-authentication Deserialization [CVE-2025-23006]
- Supply Chain Attack via XZ Library Resulting in SSH Backdoor [CVE-2024-3094]
- SysAid Path Traversal [CVE-2023-47246]
- VMware vCenter Server: Out-of-Bounds Write [CVE-2023-34048] & Partial Information Disclosure [CVE-2023-34056]