Lucene search
K

262 matches found

Talos Blog
Talos Blog
added 2026/05/19 3:39 p.m.12 views

TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco 's...

8.8CVSS7.8AI score0.01232EPSS
Exploits0
Talos Blog
Talos Blog
added 2026/03/11 8:26 p.m.8 views

DirectX, OpenFOAM, Libbiosig vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched by their respective...

9.8CVSS6.5AI score0.00589EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/02/17 12:18 p.m.31 views

security-research

Security Research This project hosts security advisories and...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/16 10:33 a.m.42 views

security-research

Security Research This project hosts security advisories and...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/01 6:8 a.m.68 views

security-research

Security Research This project hosts security advisories and...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/01 6:37 p.m.10 views

Nvidia and Adobe vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability disclosure policy...

7.8CVSS8.6AI score0.00331EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/09/09 2:4 a.m.138 views

security-research

Security Research This project hosts security advisories and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/08 11:1 a.m.7 views

Google Project Zero Changes Its Disclosure Policy

Google's vulnerability finding team is again pushing the envelope of responsible disclosure: Google's Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period...

6.7AI score
Exploits0
GithubExploit
GithubExploit
added 2025/06/10 2:27 a.m.127 views

security-research

Security Research This project hosts security advisories and...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/11/22 12:0 a.m.934 views

Linux 6.6 Race Condition

Summary I found a security-relevant race between mremap and THP code. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the...

7CVSS7AI score0.00198EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2024/10/24 10:42 p.m.41 views

The Snowflake Connector for Python stores sensitive data in logs

Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...

5.5CVSS7AI score0.00203EPSS
Exploits0References5Affected Software1
CISA
CISA
added 2024/09/30 12:0 p.m.12 views

CISA’s VDP Platform 2023 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency CISA released its Vulnerability Disclosure Policy VDP Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased...

7.3AI score
Exploits0References3
Talos Blog
Talos Blog
added 2024/07/10 4:0 p.m.44 views

15 vulnerabilities discovered in software development kit for wireless routers

Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...

9.8CVSS9.1AI score0.26288EPSS
Exploits9
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/05/24 5:52 a.m.20 views

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program VDP In the supporting materials for the Act,...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/28 1:37 p.m.8 views

eurawheels.ch Cross Site Scripting vulnerability OBB-3890509

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/12/22 7:51 p.m.22 views

Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

Issue Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between...

7.5CVSS7.2AI score0.00348EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2023/09/07 4:6 a.m.6 views

security-research

Security Research This project hosts security advisories and...

6.8AI score
Exploits0
CISA
CISA
added 2023/08/25 12:0 p.m.10 views

CISA’s VDP Platform 2022 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency CISA released its inaugural Vulnerability Disclosure Policy VDP Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch FCEB. This...

7.1AI score
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2023/08/02 4:5 p.m.252 views

CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability

When this blog was originally published on August 2, it said that CVE-2023-35082 only affected MobileIron Core 11.2 and earlier, which are unsupported. On August 7, Ivanti published an updated advisory noting that since originally disclosing CVE-2023-35082, they have continued their investigation...

7.5CVSS8.7AI score0.99999EPSS
Exploits14
Talos Blog
Talos Blog
added 2023/07/19 3:58 p.m.40 views

Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over

Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser. In our new series called "Vulnerability Roundup," well be recapping the vulnerabilities we recently disclosed to provide readers wit...

4.4CVSS9.3AI score0.01283EPSS
Exploits3
Rows per page
Query Builder