**CRITICAL RISK** CVE-2023-5631 Roundcube Webmail < v1.6.4 – Stored (Persistent) Cross-Site Scripting (‘XSS’) via JavaScript Injection in SVG Tags
**CRITICAL RISK** CVE-2023-4966 Cloud Software Group (Citrix) NetScaler ADC and NetScaler Gateway – Unauthorised Access to Critical Data and Credentials due to Improper Restriction of Operations within the Bounds of a Memory Buffer
**CRITICAL RISK** CVE-2023-21608 Adobe Acrobat (Multiple Editions) – Arbitrary Code Execution via ‘Use After Free’ (Memory Access Violation) Vulnerability in resetForm Method
**CRITICAL RISK** CVE-2023-36563 Microsoft Windows (Multiple Editions) – Disclosure of Sensitive NTLM Hashes via WordPad
**CRITICAL RISK** CVE-2023-42115 Exim Mail Transfer Agent < v4.9.7 – Unauthorised Remote Execution of Arbitrary Code via Out of Bounds Write in SMTP Service
**CRITICAL RISK** CVE-2023-28229 Microsoft Windows (Multiple Editions)- Unauthorised Escalation of Privilege to Superuser (‘SYSTEM’) Context via Race Condition in CNG Key Isolation Service
**CRITICAL RISK** CVE-2023-42793 JetBrains Teamcity Server < v2023.05.4 – Unauthorised Remote Execution of Arbitrary Code following Authentication Bypass