Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

Apache ActiveMQ is vulnerable to Remote Code Execution. An attacker could run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol.

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server.

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to create an account on an affected system with privilege level 15 access.

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an unauthenticated attacker to reset Confluence and create an administrator account.

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.

A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

In Progress MOVEit Transfer before 2021.0.6, 2021.1.4, 2022.0.4, 2022.1.5, and 2023.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database.

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.