NAVANEM

Documented vulnerability advisories

Every entry documented: technical breakdown, impact, mitigation and detection, with severity, CVSS and exploitation status at a glance.

55advisories
31critical
44exploited in the wild

55 advisories

criticalCheck Point Gaia OS IKEv1 Authentication Bypass Allows Unauthorized VPN Access⚡ exploitedCVE-2026-50751 is a critical authentication bypass in Check Point Gaia OS IKEv1 VPN that lets remote attackers establish VPN sessions without valid credentials. Actively exploited.CVE-2026-50751 · 9.3 · Jun 8, 26high7-Zip Heap Buffer Overflow via NTFS Handler Integer Overflow (CWE-190)CVE-2026-48095 is a critical heap buffer overflow in 7-Zip versions 26.00 and earlier caused by integer overflow in NTFS stream handling, enabling arbitrary code execution.CVE-2026-48095 · 8.8 · Jun 5, 26mediumWindows YellowKey Security Feature Bypass Vulnerability ExplainedCVE-2026-45585 is a medium-severity Windows security feature bypass flaw affecting BitLocker. Physical access required. TPM+PIN users are not at risk.CVE-2026-45585 · 6.8 · May 20, 26criticalAzure Cloud Shell, unauthenticated command injection (spoofing over network)Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.CVE-2026-35428 · May 13, 26criticalWindows Netlogon Stack-Based Buffer Overflow Enables Remote Code ExecutionCVE-2026-41089 is a critical stack-based buffer overflow in Windows Netlogon that allows unauthenticated remote code execution. CVSS 9.8. Patch immediately.CVE-2026-41089 · 9.8 · May 12, 26highApple WebKit, sandbox escape via malicious web content (zero-day)⚡ exploitedAn out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Maliciously crafted web content may be able to break out of Web Content sandbox.CVE-2025-24201 · 8.8 · Mar 11, 25criticalMicrosoft Windows OLE, remote code execution via Outlook emailWindows OLE Remote Code Execution Vulnerability.CVE-2025-21298 · 9.8 · Jan 14, 25highWindows Hyper-V NT Kernel Integration VSP, elevation of privilege zero-day⚡ exploitedWindows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability.CVE-2025-21333 · 7.8 · Jan 14, 25criticalIvanti Connect Secure / Policy Secure / ZTA, stack buffer overflow pre-auth RCE⚡ exploitedA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.CVE-2025-0282 · 9.0 · Jan 8, 25highWindows Common Log File System Driver, elevation of privilege⚡ exploitedWindows Common Log File System Driver Elevation of Privilege Vulnerability.CVE-2024-49138 · 7.8 · Dec 10, 24highWindows LDAP, denial of service (LDAPNightmare)Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability.CVE-2024-49113 · 7.5 · Dec 10, 24highPalo Alto PAN-OS, privilege escalation in management web interface⚡ exploitedA privilege escalation (PE) vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.CVE-2024-9474 · 7.2 · Nov 18, 24criticalPalo Alto PAN-OS, authentication bypass in management web interface⚡ exploitedAn authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions.CVE-2024-0012 · 9.8 · Nov 18, 24highWindows Task Scheduler, elevation of privilege zero-day⚡ exploitedWindows Task Scheduler Elevation of Privilege Vulnerability.CVE-2024-49039 · 8.8 · Nov 12, 24criticalFortinet FortiManager, missing authentication on fgfmd (FortiJump)⚡ exploitedA missing authentication for critical function vulnerability in Fortinet FortiManager allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.CVE-2024-47575 · 9.8 · Oct 23, 24criticalMicrosoft Windows Update, servicing-stack rollback enables RCE on Windows 10 1507Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015).CVE-2024-43491 · 9.8 · Sep 10, 24criticalWindows TCP/IP, IPv6 remote code execution (wormable)An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.CVE-2024-38063 · 9.8 · Aug 13, 24highWindows Hyper-V, elevation of privilege zero-day⚡ exploitedWindows Hyper-V Elevation of Privilege Vulnerability. Successful exploitation could allow a malicious authenticated attacker to gain SYSTEM privileges on the host operating system.CVE-2024-38080 · 7.8 · Jul 9, 24highWindows MSHTML platform, spoofing zero-day (Void Banshee)⚡ exploitedWindows MSHTML Platform Spoofing Vulnerability. Successful exploitation requires the attacker to send the user a malicious file, which the user must execute.CVE-2024-38112 · 7.5 · Jul 9, 24highOpenSSH server (sshd), signal handler race leading to pre-auth RCE (regreSSHion)A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe.CVE-2024-6387 · 8.1 · Jul 1, 24highVMware ESXi, Active Directory integration authentication bypass (ransomware abuse)⚡ exploitedVMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESX Admins' by default) after it was deleted from AD.CVE-2024-37085 · 6.8 · Jun 25, 24criticalVeeam Backup Enterprise Manager, authentication bypassVulnerability in Veeam Backup Enterprise Manager allows unauthenticated attackers to log in to the Veeam Backup Enterprise Manager web interface as any user.CVE-2024-29849 · 9.8 · May 21, 24highWindows Desktop Window Manager (DWM) Core Library, elevation of privilege⚡ exploitedWindows DWM Core Library Elevation of Privilege Vulnerability.CVE-2024-30051 · 7.8 · May 14, 24highWindows MSHTML, COM platform security feature bypass (zero-day)⚡ exploitedWindows MSHTML Platform Security Feature Bypass Vulnerability. An attacker would need to send a malicious file to the user, which they would then need to execute. An authenticated attacker who successfully exploited this vulnerability could bypass OLE mitigations in Microsoft 365 and Microsoft Office.CVE-2024-30040 · 8.8 · May 14, 24criticalPalo Alto Networks PAN-OS GlobalProtect, unauthenticated command injection⚡ exploitedA command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.CVE-2024-3400 · 10.0 · Apr 12, 24criticalXZ Utils, malicious code in liblzma backdoors sshd (supply-chain)Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.CVE-2024-3094 · 10.0 · Mar 29, 24highWindows Error Reporting Service, elevation of privilege (Black Basta)⚡ exploitedWindows Error Reporting Service Elevation of Privilege Vulnerability.CVE-2024-26169 · 7.8 · Mar 12, 24criticalJetBrains TeamCity, authentication bypass via path traversal⚡ exploitedIn JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible.CVE-2024-27198 · 9.8 · Mar 4, 24highJetBrains TeamCity, path traversal authentication bypass on selected endpoints⚡ exploitedIn JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible.CVE-2024-27199 · 7.3 · Mar 4, 24highConnectWise ScreenConnect, path traversal in extension upload⚡ exploitedConnectWise ScreenConnect 23.9.7 and prior is affected by a path traversal vulnerability allowing access to or modification of items outside of the intended directory structure.CVE-2024-1708 · 8.4 · Feb 19, 24criticalConnectWise ScreenConnect, auth bypass via path normalization (SlashAndGrab)⚡ exploitedConnectWise ScreenConnect 23.9.7 and prior is affected by an authentication bypass using an alternate path or channel vulnerability that allows access to administrative functions.CVE-2024-1709 · 10.0 · Feb 19, 24criticalMicrosoft Outlook, remote code execution via MonikerLink (#MonikerLink)⚡ exploitedMicrosoft Outlook Remote Code Execution Vulnerability. The Preview Pane is an attack vector.CVE-2024-21413 · 9.8 · Feb 13, 24criticalFortinet FortiOS SSL VPN, out-of-bounds write pre-auth RCE⚡ exploitedAn out-of-bounds write vulnerability in Fortinet FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.CVE-2024-21762 · 9.8 · Feb 8, 24criticalJenkins, CLI arbitrary file read leading to RCE⚡ exploitedJenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file's contents (expandAtFiles). This feature is enabled by default.CVE-2024-23897 · 9.8 · Jan 24, 24criticalIvanti Connect Secure / Policy Secure, authenticated command injection in web components⚡ exploitedA command injection vulnerability in web components of Ivanti Connect Secure and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.CVE-2024-21887 · 9.1 · Jan 10, 24highIvanti Connect Secure, web component authentication bypass (paired with CVE-2024-21887)⚡ exploitedAn authentication bypass vulnerability in the web component of Ivanti Connect Secure and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.CVE-2023-46805 · 8.2 · Jan 10, 24criticalCisco IOS XE, unauthenticated remote attacker creates privilege-15 account via Web UI⚡ exploitedA vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to create an account on an affected system with privilege level 15 access.CVE-2023-20198 · 10.0 · Oct 16, 23criticalCitrix Bleed, NetScaler ADC session token disclosure⚡ exploitedImproper restriction of operations within the bounds of a memory buffer in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server can lead to sensitive information disclosure. An attacker can extract session tokens directly from memory via a crafted HTTP request, then replay those tokens to impersonate authenticated users, bypassing MFA.CVE-2023-4966 · 9.4 · Oct 10, 23criticalAtlassian Confluence Data Center & Server, privilege escalation to admin⚡ exploitedAtlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.CVE-2023-22515 · 10.0 · Oct 4, 23criticalMOVEit Transfer, pre-auth SQL injection (Cl0p mass exploitation)⚡ exploitedImproper neutralization of special elements used in an SQL command in Progress MOVEit Transfer (web application) allows unauthenticated attackers to access the MOVEit Transfer database and inject malicious payloads, leading to remote code execution and data exfiltration. The flaw resided in the HTTP/HTTPS endpoint.CVE-2023-34362 · 9.8 · Jun 2, 23criticalMicrosoft Outlook, NTLM credential leak via PidLidReminderFileParameter (Fancy Bear)⚡ exploitedMicrosoft Outlook Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service.CVE-2023-23397 · 9.8 · Mar 14, 23criticalZoho ManageEngine, unauthenticated RCE via SAML SSO XML signature bypass⚡ exploitedSelf-Service Password Manager Pro and many other Zoho ManageEngine on-premise products allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1.CVE-2022-47966 · 9.8 · Dec 13, 22highMicrosoft Exchange Server, SSRF (ProxyNotShell #1)⚡ exploitedMicrosoft Exchange Server Elevation of Privilege Vulnerability.CVE-2022-41040 · 8.8 · Sep 30, 22highMicrosoft Exchange Server, PowerShell remoting deserialisation RCE (ProxyNotShell #2)⚡ exploitedMicrosoft Exchange Server Remote Code Execution Vulnerability.CVE-2022-41082 · 8.8 · Sep 30, 22criticalAtlassian Confluence, unauthenticated OGNL injection RCE⚡ exploitedIn affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.CVE-2022-26134 · 9.8 · Jun 3, 22highFollina, Microsoft MSDT RCE via Office document⚡ exploitedA remote code execution vulnerability exists when MSDT (Microsoft Support Diagnostic Tool) is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights.CVE-2022-30190 · 7.8 · Jun 1, 22criticalF5 BIG-IP iControl REST, unauthenticated RCE via missing auth check⚡ exploitedUndisclosed requests may bypass iControl REST authentication.CVE-2022-1388 · 9.8 · May 4, 22criticalSpring4Shell, RCE in Spring Framework via data binding⚡ exploitedA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar with the default packaging, it is not vulnerable to the exploit demonstrated publicly, but the underlying flaw is more general.CVE-2022-22965 · 9.8 · Apr 1, 22criticalLog4Shell, unauthenticated RCE in Apache Log4j 2⚡ exploitedApache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.CVE-2021-44228 · 10.0 · Dec 10, 21criticalProxyShell, Exchange Server pre-auth RCE chain⚡ exploitedMicrosoft Exchange Server Remote Code Execution Vulnerability. A pre-authentication path-confusion issue in the Autodiscover URL handler allows an attacker to access privileged endpoints normally reserved for authenticated mailbox owners. When chained with CVE-2021-34523 (privilege elevation) and CVE-2021-31207 (post-auth RCE), it yields full SYSTEM execution.CVE-2021-34473 · 9.8 · Jul 13, 21highPrintNightmare, Windows Print Spooler RCE⚡ exploitedWindows Print Spooler Remote Code Execution Vulnerability. The Windows Print Spooler service improperly performs privileged file operations. An authenticated attacker who can connect to the Print Spooler RPC interface can execute arbitrary code with SYSTEM privileges, or load arbitrary DLLs as a privileged driver.CVE-2021-34527 · 8.8 · Jul 1, 21criticalMicrosoft Exchange Server, SSRF (ProxyLogon)⚡ exploitedMicrosoft Exchange Server Remote Code Execution Vulnerability.CVE-2021-26855 · 9.8 · Mar 2, 21criticalBlueKeep, Windows RDP wormable pre-auth RCE⚡ exploitedA remote code execution vulnerability exists in Remote Desktop Services, formerly known as Terminal Services, when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.CVE-2019-0708 · 9.8 · May 14, 19highEternalBlue, SMBv1 unauthenticated RCE in Windows⚡ exploitedThe SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka 'Windows SMB Remote Code Execution Vulnerability'. Originally leaked by the Shadow Brokers from the NSA's toolkit.CVE-2017-0144 · 8.1 · Mar 14, 17highHeartbleed, OpenSSL TLS Heartbeat memory disclosure⚡ exploitedThe TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.CVE-2014-0160 · 7.5 · Apr 7, 14