Security Bulletins

CVE-2023-43177: Critical Unauthenticated RCE Vulnerability in CrushFTP

November 27, 2023

On August 10, 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked

Security Bulletin text on the screen with a wolf in the background

CVE-2023-36397 & CVE-2023-36028: Top the list of Microsoft’s November 2023 Patch Tuesday

November 17, 2023

On November 14, 2023, Microsoft published their November Security Update with patches for 63 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five in this

CVE-2023-38547 & CVE-2023-38548: Two Critical Vulnerabilities in Veeam ONE

November 14, 2023

On November 6, 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE. CVE-2023-38547 (CVSS 9.9) could allow an unauthenticated threat actor to

Security Bulletin with an exclamation point in the center of the image

CVE-2023-47246: 0-day Remote Code Execution Vulnerability Actively Exploited in SysAid On-Premises

November 14, 2023

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM

CVE-2023-23368 & CVE-2023-23369: Critical Command Injection Vulnerabilities in QNAP Products

November 14, 2023

On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to

CVE-2023-46604: Critical RCE Vulnerability in Apache ActiveMQ

November 3, 2023

On October 27, 2023, Apache published a security advisory addressing that a critical remote code execution (RCE) vulnerability has been fixed in the latest updates

CVE-2023-46747: Critical Unauthenticated RCE Vulnerability in F5 BIG-IP

October 27, 2023

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited

Security bulletin with an exclamation point in the middle of the screen

CVE-2023-34048: Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation

October 26, 2023

On October 25, 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by

Data Exposure Misconfiguration Issue in ServiceNow (Potential Public List Widget Misconfiguration)

October 23, 2023

On October 18, 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue

CVE-2023-20198: Actively Exploited Privilege Escalation Vulnerability in Cisco IOS XE

October 23, 2023

On October 16, 2023, Cisco published a security advisory regarding an actively exploited and unpatched privilege escalation vulnerability (CVE-2023-20198) in the Web UI feature of

CVE-2023-35349 & CVE-2023-36434: Two Critical Vulnerabilities Headline Microsoft’s October 2023 Patch Tuesday Post

October 17, 2023

On October 10, 2023, Microsoft published their October 2023 Security Update including patches for 104 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted two with

CVE-2023-4966: Critical Data Exposure Vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway

October 16, 2023

On October 10, 2023, Citrix issued a security bulletin describing a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (CVE-2023-4966, CVSS: 9.4).

CVE-2023-20101: Critical Authentication Bypass Vulnerability in Cisco Emergency Responder

October 16, 2023

On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an

CVE-2023-22515: Critical Privilege Escalation Vulnerability in Confluence Data Center and Server

October 16, 2023

On October 4, 2023, Atlassian issued a security advisory revealing potential active exploitation of a previously unknown vulnerability (CVE-2023-22515, CVSS: 10) affecting Confluence Data Center

CVE-2023-42115: Critical RCE Vulnerability in Exim

October 3, 2023

On October 2, 2023, Exim released security fixes for an out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115, CVSS: 9.8). This vulnerability affects the Simple

CVE-2023-40044, CVE-2023-42657: Two Critical Vulnerabilities Impacting Progress WS_FTP Server

October 3, 2023

On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating.

CVE-2023-4863: Critical Vulnerability in Widely Used libwebp Library

October 3, 2023

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was

CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

September 26, 2023

On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability

CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

September 25, 2023

On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Vulnerability Description Impacted

Okta Environments Seeing Increased Targeted Threat Activity

September 22, 2023

In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools,

Actively Exploited Zero-day Vulnerabilities Patched in Microsoft’s September 2023 Patch Tuesday

September 14, 2023

On September 12, 2023, Microsoft published their September 2023 Security Update with patches for 59 vulnerabilities. Among these 59 vulnerabilities, Arctic Wolf has highlighted two

CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

September 12, 2023

On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently,

New Vulnerabilities in Apple Products Exploited in the Wild

September 12, 2023

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS,

Ongoing Ransomware Campaign Against Cisco ASA VPN Appliances

August 31, 2023

Arctic Wolf has been tracking multiple intrusions where Cisco VPN account credentials were harnessed by Akira ransomware for initial access. In a recent Cisco PSIRT

Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks: CVE-2023-34039

August 31, 2023

On Tuesday, August 29, 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could

CVE-2023-33246: Critical RCE Vulnerability in Apache RocketMQ

August 28, 2023

Summary On May 23, 2023, Apache patched a critical-severity remote code execution (RCE) vulnerability in Apache RocketMQ. Several components of RocketMQ, including the NameServer, Broker,

CVE-2023-38035: Critical Authentication Bypass Vulnerability in Ivanti Sentry

August 23, 2023

On August 21, 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be

CVE-2023-32560: Critical Remote Code Execution Vulnerabilities in Ivanti Avalanche

August 21, 2023

On August 14th, 2023, cybersecurity company Tenable released a research advisory detailing two stack-based buffer overflow vulnerabilities, collectively tracked as CVE-2023-32560, impacting Ivanti Avalanche products

Multiple Junos OS Vulnerabilities Could lead to Unauthenticated Remote Code Execution

August 18, 2023

On August 17th, 2023, Juniper Networks released out-of-band fixes for multiple vulnerabilities that could be chained together to achieve unauthenticated remote code execution (RCE) on

CVE-2023-39143: Critical Remote Code Execution Vulnerability in PaperCut Print Management Server

August 14, 2023

On August 4, 2023, security researchers published a blog detailing a critical remote code (RCE) vulnerability in PaperCut NG/MF print management servers (CVE-2023-39143: CVSS 8.4).

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Agentic SOC

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

CVE-2026-0300 — Critical Buffer Overflow in PAN-OS User-ID Authentication Portal

Beyond the Bug: Why Cybersecurity Still Matters Even If AI Improves Secure Development

Microsoft Patch Tuesday: April 2026

Partners

Company

Careers

Press

Brand Partnerships

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347