PT-2026-40526

An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability...

EUVD-2025-199814

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-59026

CVE-2025-59026 affects Open-Xchange OX App Suite (and related advisories) where uploading a malicious file enables execution of script code when a user clicks attacker-controlled links. Actions may run in the user’s context and can include exfiltration of sensitive information. Public exploit det...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

PT-2025-47302

Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the Username argument within the login functionality,...

PT-2025-47003

Name of the Vulnerable Software and Affected Versions pojoin h3blog version 1.0 Description A flaw exists in pojoin h3blog version 1.0 where manipulation of the Name argument in an unknown function within the file '/admin/cms/material/add' can lead to cross site scripting. This issue is potential...

PT-2025-45476

Name of the Vulnerable Software and Affected Versions Campcodes School File Management version 1.0 Description A security flaw exists in Campcodes School File Management 1.0. The issue is related to SQL injection, which can be triggered by manipulating the user id argument in the /admin/update...

CVE-2025-30188

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-11450

CVE-2025-11450 describes a reflected cross-site scripting vulnerability in the ServiceNow AI Platform. The issue could allow arbitrary code execution in the browser of a ServiceNow user who clicks a crafted link. ServiceNow has deployed security updates to the majority of hosted instances and pro...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...

Adobe Releases Security Updates for Multiple Products

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

Cisco Releases Security Advisories for Multiple Products

Cisco released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessa...

Atlassian Releases September Security Bulletin

Atlassian has released its security bulletin for September 2023 to address vulnerabilities in multiple products. A malicious cyber actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Atlassian’s September 2023...

Atlassian Releases Security Updates

Atlassian has released its Security Bulletin for July 2023link is external to address vulnerabilities in Confluence Data Center & Server CVE-2023-22505link is external and CVE-2023-22508link is external and Bamboo Data Center CVE-2023-22506link is external. An attacker can exploit these...

Microsoft Releases July 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2023 Security Update Guidelink is external and...

PT-2023-7056 · Technicolor · Technicolor Tg670

Name of the Vulnerable Software and Affected Versions: Technicolor TG670 version 10.5.N.9 Description: The issue concerns the presence of multiple accounts with hard-coded passwords in the Technicolor TG670 device. One of these accounts has administrative privileges, which can allow for...

Microsoft Releases June 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2023 Security Update Guidelink is external and...