CVE-2026-27647

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-08 2026-02-27 02:58:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfspoue6r42e 2026-03-03 00:00:15+00:00| seen|...

CVE-2025-66604

creationtimestamp| type| source ---|---|--- 2026-02-10 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-01...

CVE-2025-58317

creationtimestamp| type| source ---|---|--- 2025-11-04 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-03...

Who Coordinates U.S. Cyber Defense? A Co-Authorship Network Analysis of Joint Cybersecurity Advisories (2024--2025)

Cyber threats increasingly demand joint responses, yet the organizational dynamics behind multi-agency cybersecurity collaboration remain poorly understood. Understanding who leads, who bridges, and how agencies coordinate is critical for strengthening both U.S. homeland security and allied defen...

AutomationDirect MB-Gateway

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-1999-0524

creationtimestamp| type| source ---|---|--- 2025-04-15 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08 2025-12-10 15:00:07+00:00| published-proof-of-concept| Telegram/vGftsyUiEMeyjPcl2UtvJfMNUjwCrmwOhiCYLQD2SH3tqAc...

Patch it up: Old vulnerabilities are everyone’s problems

Welcome to this week's edition of the Threat Source newsletter. Let's pick up where we left off in my last newsletter. Please mark your calendars: The free support for Windows 10 will end on October 14, 2025. When a software loses vendor support, it no longer receives patches or updates. As...

Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)

CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...

AutomationDirect C-more EA9 HMI

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance ASA. The vulnerability, tracked as CVE-2014-2120 CVSS score: 4.3, concerns a case of insufficient input validation in ASA's WebVPN login page that...

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance CSA has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the...

PT-2024-6304 · Ivanti · Ivanti Cloud Services Appliance

The vulnerable software is Ivanti Cloud Services Appliance, specifically versions 4.6 Patch 518 and earlier. An OS command injection vulnerability in these versions allows a remote authenticated attacker to obtain remote code execution, but the attacker must have admin level privileges to exploit...

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol CIP programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS...

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...

CVE-2023-46343

creationtimestamp| type| source ---|---|--- 2024-01-23 11:21:28+00:00| seen| https://t.me/ctinow/171858 2024-01-24 13:11:25+00:00| seen| https://t.me/ctinow/172729 2024-02-17 07:36:23+00:00| seen| https://t.me/ctinow/186801 2025-08-14 10:00:00+00:00| seen|...

Rockwell Automation Stratix OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service (CVE-2015-0209)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. This plugin only works with Tenable.ot. Pleas...

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2022-36361)

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. Th...