Lucene search
K

65 matches found

Circl
Circl
added 2026/03/17 12:0 p.m.5 views

CVE-2021-29239

creationtimestamp| type| source ---|---|--- 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

7.8CVSS5.7AI score0.00179EPSS
Exploits0References1
ICS
ICS
added 2025/05/20 6:0 a.m.10 views

AutomationDirect MB-Gateway

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

10CVSS8.1AI score0.01007EPSS
Exploits0References10
Talos Blog
Talos Blog
added 2025/03/13 6:4 p.m.25 views

Patch it up: Old vulnerabilities are everyone’s problems

Welcome to this week's edition of the Threat Source newsletter. Let's pick up where we left off in my last newsletter. Please mark your calendars: The free support for Windows 10 will end on October 14, 2025. When a software loses vendor support, it no longer receives patches or updates. As...

9.8CVSS10AI score0.99987EPSS
Exploits64
Tenable Nessus
Tenable Nessus
added 2025/02/17 12:0 a.m.7 views

Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)

CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...

10CVSS5.5AI score0.0143EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/12/03 12:51 p.m.12 views

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance ASA. The vulnerability, tracked as CVE-2014-2120 CVSS score: 4.3, concerns a case of insufficient input validation in ASA's WebVPN login page that...

6.1CVSS9AI score0.14029EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/09/20 4:18 a.m.37 views

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance CSA has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the...

9.4CVSS8.7AI score0.98557EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-6304 · Ivanti · Ivanti Cloud Services Appliance

The vulnerable software is Ivanti Cloud Services Appliance, specifically versions 4.6 Patch 518 and earlier. An OS command injection vulnerability in these versions allows a remote authenticated attacker to obtain remote code execution, but the attacker must have admin level privileges to exploit...

9CVSS8.4AI score0.88955EPSS
Exploits2References205
The Hacker News
The Hacker News
added 2024/08/27 2:0 p.m.33 views

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

7.2CVSS7.4AI score0.04006EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/08/06 6:12 a.m.81 views

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

8.8CVSS8AI score0.73469EPSS
Exploits7
The Hacker News
The Hacker News
added 2024/08/05 6:7 a.m.32 views

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol CIP programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS...

7.3CVSS7.4AI score0.09197EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/04 9:10 a.m.68 views

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...

9.8CVSS8.6AI score0.99485EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.18 views

Rockwell Automation Stratix OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service (CVE-2015-0209)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. This plugin only works with Tenable.ot. Pleas...

6.8CVSS6.9AI score0.1633EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/10/10 9:13 p.m.84 views

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS8AI score0.99999EPSS
Exploits19References8
Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.23 views

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2022-36361)

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. Th...

9.8CVSS8.2AI score0.00901EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.24 views

Moxa IKS, EDS Uncontrolled Resource Consumption (CVE-2019-6559)

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

6.5CVSS6.5AI score0.02403EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.23 views

Moxa IKS, EDS Predictable From Observable State (CVE-2019-6563)

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

10CVSS8.4AI score0.01733EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.14 views

Moxa IKS, EDS Improper Restriction of Excessive Authentication Attempts (CVE-2019-6524)

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

9.8CVSS8.4AI score0.0271EPSS
Exploits0References2
CISA
CISA
added 2023/06/08 12:0 p.m.5 views

VMware Releases Security Update for Aria Operations for Networks

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks Formerly vRealize Network Insight. The vulnerabilities were evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command...

8.9AI score
Exploits0References1
CISA
CISA
added 2023/05/23 12:0 p.m.6 views

CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

Today, CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, and the Multi-State Information Sharing and Analysis Center MS-ISAC published an updated version of the StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initia...

6.9AI score
Exploits0References8
The Hacker News
The Hacker News
added 2023/05/10 5:34 a.m.146 views

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including 2 Exploited Zero-Day Bugs

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including two zero-day bugs that it said are being actively exploited in the wild. Trend Micro's Zero Day Initiative ZDI said the volume is the lowest since August 2021, although it pointed out that "this...

8.1CVSS8.2AI score0.84386EPSS
Exploits4
Rows per page
Query Builder