Lucene search
K

33 matches found

The Hacker News
The Hacker News
added 2026/06/17 5:50 a.m.13 views

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

10CVSS6.2AI score0.80425EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42146

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description An issue exists where the Symbol.for override in setup-sandbox.js only intercepts a small portion of dangerous Node.js cross-realm symbols. This is compounded by the bridge's set, defineProperty, and...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References7
Information Security Automation
Information Security Automation
added 2026/05/14 10:0 a.m.10 views

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

8.8CVSS6.8AI score0.9619EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30585

The setup: 4 agents chain off each other in a loop, each reacting to the previous response. Dominus — finds a new vulnerability angle from the CISA KEV catalog Axiom — adds one new technical detail to the finding Cipher — identifies one specific flaw in the previous argument Vector — names one...

5.9AI score
Exploits0References3
Information Security Automation
Information Security Automation
added 2025/05/29 9:46 p.m.14 views

About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)

About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...

6.1CVSS7.3AI score0.58483EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2025/05/13 8:58 p.m.31 views

Patch Tuesday - May 2025

Microsoft is addressing 77 vulnerabilities this May 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for five of the vulnerabilities published today, and these are already reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for two...

10CVSS9.8AI score0.57672EPSS
Exploits14
Information Security Automation
Information Security Automation
added 2025/05/06 3:12 p.m.31 views

About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability

About Remote Code Execution & Arbitrary File Reading - Apache HTTP Server CVE-2024-38475 vulnerability. Improper escaping of output in modrewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. Apache HTTP Server 2.4.60,...

9.1CVSS8.7AI score0.99957EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/05/06 4:24 a.m.35 views

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA, citing evidence of active exploitation. The vulnerability, tracked as...

9.8CVSS10AI score0.99968EPSS
Exploits33
ATTACKERKB
ATTACKERKB
added 2025/04/25 12:0 a.m.18 views

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

8.8CVSS8.7AI score0.01932EPSS
In wildExploits0References7
Rapid7 Blog
Rapid7 Blog
added 2025/04/08 8:30 p.m.47 views

Patch Tuesday - April 2025

Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has...

8.8CVSS9.1AI score0.1806EPSS
Exploits11
Information Security Automation
Information Security Automation
added 2025/04/02 2:46 p.m.17 views

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability

About Remote Code Execution - Apache Tomcat CVE-2025-24813 vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of...

9.8CVSS10AI score0.99945EPSS
Exploits46
Rapid7 Blog
Rapid7 Blog
added 2025/01/14 10:12 p.m.58 views

Patch Tuesday - January 2025

Microsoft is addressing 161 vulnerabilities this January 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has...

9.8CVSS9.2AI score0.80912EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2024/12/10 10:15 p.m.6 views

Patch Tuesday - December 2024

Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published...

9.8CVSS8.2AI score0.70906EPSS
Exploits7
Information Security Automation
Information Security Automation
added 2024/11/19 9:26 p.m.33 views

About Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575) vulnerability

About Remote Code Execution - FortiManager "FortiJump" CVE-2024-47575 vulnerability. FortiManager is a centralized solution for configuring, enforcing policies, updating, and monitoring Fortinet network devices. The vulnerability was released on October 23. A missing authentication for critical...

9.8CVSS10AI score0.94761EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2024/11/14 3:34 p.m.1 views

webkitgtk: Arbitrary Remote Code Execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

8.8CVSS7.4AI score0.0937EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2024/10/08 9:28 p.m.107 views

Patch Tuesday - October 2024

Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as critical yet. Of those five, Microsoft lists two as...

9.8CVSS10AI score0.60954EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/08/13 11:36 p.m.99 views

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

9.8CVSS9.9AI score0.70564EPSS
Exploits32
hivepro
hivepro
added 2024/07/02 2:59 a.m.8 views

CISA Known Exploited Vulnerability Catalog June 2024

Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...

7.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/05/28 12:0 a.m.129 views

CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Recent assessments: remmons-r7 at May 30...

8.6CVSS8.9AI score0.99978EPSS
In wildExploits52References4
hivepro
hivepro
added 2024/05/07 6:42 a.m.13 views

CISA Known Exploited Vulnerability Catalog April 2024

Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...

7.5AI score
Exploits0
Rows per page
Query Builder