THREAT ALERT

EMERGENCY CVE-2023-34048 9.8 VMware vCenter Server contains an out-of-bounds write in the DCERPC protocol implementation allowing unauthenticated remote code execution, exploited by Chinese APT groups for ESXi infrastructure compromise. | EMERGENCY CVE-2023-4966 9.4 Citrix NetScaler ADC and Gateway contain an information disclosure vulnerability known as 'CitrixBleed' that leaks sensitive session tokens from memory, enabling authenticated session hijacking at massive scale. | ACT NOW CVE-2023-44487 7.5 Denial of service against HTTP/2 server implementations allows remote unauthenticated attackers to exhaust server resources by rapidly opening and immediately canceling (RST_STREAM) large numbers of streams over a single connection, a technique dubbed the 'Rapid Reset' attack. The flaw is confirmed actively exploited (CISA KEV) following large-scale weaponization observed August through October 2023, with publicly available exploit code and an EPSS score of 94.45% placing it in the 100th percentile for likelihood of exploitation. Virtually every major HTTP/2 stack - including nghttp2, Netty, Envoy, and Eclipse Jetty - is affected. | ACT NOW CVE-2023-4911 7.8 Local privilege escalation in the GNU C Library (glibc) dynamic loader ld.so allows unprivileged local users on affected Linux distributions to gain root by abusing a heap buffer overflow when ld.so processes the GLIBC_TUNABLES environment variable during execution of SUID binaries. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 71.53% (99th percentile) reflects very high exploitation likelihood across Linux estates. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — October 25, 2023

1 CVEs tracked today. 1 Critical, 0 High, 0 Medium, 0 Low.

CVE-2023-34048 CRITICAL CVSS 9.8
VMware vCenter Server contains an out-of-bounds write in the DCERPC protocol implementation allowing unauthenticated remote code execution, exploited by Chinese APT groups for ESXi infrastructure compromise.

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities