EUVD-2025-209911

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

CVE-2026-35440

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

CVE-2026-35440

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

Wizdom 2025 Product Announcements: Extending the Cloud Operating Model

At Wizdom 2025, we’re unveiling two new AI agents alongside new product innovations that deepen and extend the graph across SaaS, workloads, AI infrastructure, and external exposures. Together, these advances enable teams to secure everything they build and run in the cloud and beyond...

Linux Distros Unpatched Vulnerability : CVE-2024-9870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2...

CVE-2025-8415

CVE-2025-8415 affects Cryostat: the Cryostat HTTP API binds to all network interfaces, which can expose the API port externally if Network Policies are disabled. The vulnerability enables an unauthenticated attacker to jeopardize the environment, with CVSS 3.1 base metrics indicating network acce...

CVE-2025-8415 Cryostat: authentication bypass if network policies are disabled

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the src tag. An attacker can read arbitrary files from the server's file system. Remediation Upgrade tecnickcom/tcpdf to version 6.7.6 or higher. References - GitHub Commit Credit:...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

PT-2024-22254 · Gl.Inet · Gl-Inet A1300 +14

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 versions 4.3.10 through 4.5.6 GL-iNet XE3000 version 4.4.5 GL-iNet X3000 version 4.4.6 GL-iNet MT3000 version 4.5.0 GL-iNet MT2500 version 4.5.0 GL-iNet AXT1800 version 4.5.0 GL-iNet AX1800 version 4.5.0 GL-iNet A1300 version...

Priority 安全漏洞

Priority is an ERP solution from Priority Israel. Priority has a security vulnerability that originates from a file or directory that is accessible to external parties...

PT-2023-20806

Name of the Vulnerable Software and Affected Versions wangmarket CMS version 4.10 Description The issue allows remote attackers to run arbitrary SQL commands via the TableName parameter to the "/plugin/dataDictionary/tableView.do" API endpoint. This enables attackers to manipulate database querie...

Wiz enhances dynamic scanner to analyze and validate external exposure

Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise...

Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18...

CVE-2022-25990

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-25990

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...