October 2023 Vulnerability Disclosure Report

This report is a comprehensive analysis of the vulnerabilities disclosed by eight major software vendors during October 2023. It details the total number of vulnerabilities disclosed, including critical and zero-day vulnerabilities, and highlights the number of vulnerabilities that were actively exploited during this period. The report identifies nine high-risk zero-day vulnerabilities affecting various vendors, including Apple and Microsoft, and discusses the ongoing mass exploitation of the 'Citrix Bleed' vulnerability (CVE-2023-4966), which has allowed threat actors to gain persistent access to enterprise environments. Additionally, the report outlines the exploitation of a zero-day vulnerability (CVE-2023-44487) affecting the HTTP/2 protocol, which has led to large-scale distributed denial-of-service (DDoS) attacks on major platforms like Google and AWS. The report also covers other significant vulnerabilities, including those affecting WordPress plugins and Microsoft products, emphasizing the need for immediate patching and remediation efforts to mitigate risks associated with these vulnerabilities.