CVE-2023-36761: Microsoft Word (Multiple Versions) – Disclosure of Sensitive NTLM Hashes to Unauthorised Actors via Preview Pane

**CRITICAL RISK** CVE-2023-33246 Apache RocketMQ < v4.9.6 / 5.1.1 – Unauthorised Remote Execution of Arbitrary Commands via Code Injection in Update Configuration Function

What are Unvalidated Redirects, and why are they a security issue?

**CRITICAL RISK** CVE-2023-26359 Adobe Coldfusion 2018 / 2021 – Arbitrary Code Execution via Unsafe Deserialization of Untrusted Data

Kill Chains: An Overview

CVE-2023-38831: RARLabs WinRAR < v6.23 – Arbitrary Code Execution via Exploit of Incorrectly-Resolved Name or Reference

CVE-2023-32315: Ignite RealTime Openfire XMPP Server < v4.7.5 – Unauthorised Access to Administrative Console via Path Traversal Vulnerability in Setup Environment

**CRITICAL RISK** CVE-2023-27532 Veeam (Multiple Products) – Total Compromise of Host via Unauthorised Access to Credentials in Configuration Database

CVE-2023-38180: Microsoft .NET Core and Visual Studio – Denial of Service (DoS) Vulnerability in Kestrel Web Server

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability (CVE-2023-24489)