Lucene search
+L

61 matches found

talosblog
talosblog
โ€ขadded 3 days agoโ€ข5 views

Microsoft Patch Tuesday for July 2026 โ€” Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical." Microsoft notes that two of the vulnerabilities disclosed this month have been exploited in the wild. CVE-2026-5615...

9.9CVSS7.6AI score0.20346EPSS
Exploits1
astralinux
astralinux
โ€ขadded 2026/06/24 3:11 p.m.โ€ข6 views

Astra Linux โ€“ Vulnerability in qBittTorrent

All versions of the qBittorrent client up to 4.5.5 use default credentials when the web user interface is enabled. Administrators are not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

9.8CVSS6AI score0.00908EPSS
Exploits0References3
vulnrichment
vulnrichment
โ€ขadded 2026/06/05 4:22 p.m.โ€ข8 views

CVE-2026-7473 Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass

On affected platforms running Arista EOS where a tunnel decapsulation configurationโ€”such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interfaceโ€”is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
Exploits1References1
euvd
euvd
โ€ขadded 2026/06/05 4:22 p.m.โ€ข15 views

EUVD-2026-34858

On affected platforms running Arista EOS where a tunnel decapsulation configurationโ€”such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interfaceโ€”is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
Exploits1References1
astralinux
astralinux
โ€ขadded 2026/05/20 5:53 a.m.โ€ข3 views

Astra Linux โ€“ Vulnerability in Firefox

An unexpected message in the WebGPU IPC framework could lead to a use-after-free error and an exploitable sandbox escape. There have been reports of attacks exploiting this flaw in real-world scenarios. This vulnerability affects Firefox versions earlier than 97.0.2, Firefox ESR versions earlier...

9.6CVSS8.4AI score0.02349EPSS
Exploits1References2
ptsecurity
ptsecurity
โ€ขadded 2026/05/10 12:0 a.m.โ€ข12 views

PT-2026-39534

Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...

9.8CVSS6AI score0.981EPSS
Exploits64References1
ptsecurity
ptsecurity
โ€ขadded 2026/05/05 12:0 a.m.โ€ข30 views

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms running Arista EOS with tunnel decapsulation configurationsโ€”such as VXLAN Virtual Extensible LAN, decap-groups, or GRE Generic Routing Encapsulation tunnel interfacesโ€”the swit...

6.9CVSS6AI score0.00836EPSS
Exploits1References33
ptsecurity
ptsecurity
โ€ขadded 2026/04/08 12:0 a.m.โ€ข8 views

PT-2026-32093

Name of the Vulnerable Software and Affected Versions Acrobat DC versions prior to 26.001.21411 Acrobat Reader DC versions prior to 26.001.21411 Acrobat 2024 affected versions not specified Description An Improperly Controlled Modification of Object Prototype Attributes, also known as Prototype...

10CVSS7.3AI score0.07086EPSS
Exploits4References241
rapid7blog
rapid7blog
โ€ขadded 2026/02/25 10:3 p.m.โ€ข15 views

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

Overview On February 25, 2026, Cisco disclosed a critical authentication bypass vulnerability in Cisco Catalyst SDโ€‘WAN Controller and Cisco Catalyst SDโ€‘WAN Manager, tracked as CVEโ€‘2026โ€‘20127, that allows an unauthenticated attacker to gain administrative access to affected systems. The Cisco...

10CVSS7.4AI score0.57793EPSS
Exploits10
avleonov
avleonov
โ€ขadded 2026/02/11 11:8 a.m.โ€ข15 views

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six โ—๏ธ vulnerabilities being exploited in the wild: ๐Ÿ”ป SFB/RCE - Windows Shell CVE-2026-21510 ๐Ÿ”ป SFB/RCE - Microsoft Word CVE-2026-21514 ๐Ÿ”ป SFB - MSHTML Framework CVE-2026-21513 ๐Ÿ”ป EoP -...

8.8CVSS6.9AI score0.25835EPSS
Exploits18
vulncheck_kev
vulncheck_kev
โ€ขadded 2026/02/05 12:0 a.m.โ€ข5 views

VulnCheck KEV: CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.8AI score0.00106EPSS
In wildExploits0References2
ptsecurity
ptsecurity
โ€ขadded 2026/02/05 12:0 a.m.โ€ข14 views

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

3.2CVSS5.5AI score0.00106EPSS
Exploits0References9
rapid7blog
rapid7blog
โ€ขadded 2026/01/30 4:14 p.m.โ€ข11 views

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Overview On January 29, 2026, Ivanti disclosed two new critical vulnerabilities affecting Endpoint Manager Mobile EPMM: CVE-2026-1281 and CVE-2026-1340. The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. This has been echoed by CISA who added...

9.8CVSS8.3AI score0.8404EPSS
Exploits6
avleonov
avleonov
โ€ขadded 2026/01/27 7:4 a.m.โ€ข11 views

About Remote Code Execution โ€“ Microsoft Office (CVE-2026-21509) vulnerability

About Remote Code Execution - Microsoft Office CVE-2026-21509 vulnerability. The vulnerability was urgently fixed on January 26, outside the regular Microsoft Patch Tuesday. Microsoft classified it as a Security Feature Bypass, but in fact, it is more of a Remote Code Execution. The vulnerability...

7.8CVSS8.6AI score0.72152EPSS
Exploits12
euvd
euvd
โ€ขadded 2025/12/05 9:30 p.m.โ€ข6 views

EUVD-2025-201500

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

7.2CVSS6.5AI score0.031EPSS
Exploits0References4
nvd
nvd
โ€ขadded 2025/12/05 7:15 p.m.โ€ข6 views

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

9.8CVSS0.031EPSS
Exploits0References4
cvelist
cvelist
โ€ขadded 2025/12/05 12:0 a.m.โ€ข27 views

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

7.2CVSS0.031EPSS
Exploits0References3
avleonov
avleonov
โ€ขadded 2025/11/21 4:21 p.m.โ€ข23 views

November Linux Patch Wednesday

NovemberLinux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild: MemCor - Chromium CVE-2025-13223. Added to CISA KEV on November 19. For 64 mor...

10CVSS6.8AI score0.66535EPSS
Exploits36
ptsecurity
ptsecurity
โ€ขadded 2025/11/11 12:0 a.m.โ€ข5 views

PT-2025-46508

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A race condition exists in the Windows Kernel due to improper synchronization when multiple threads concurrently access shared kernel resources. This flaw allows a local authenticat...

7CVSS6.2AI score0.06073EPSS
Exploits6References103
ptsecurity
ptsecurity
โ€ขadded 2025/10/30 12:0 a.m.โ€ข11 views

PT-2025-44459

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 Description The software does not properly decode and parse the enc parameter in the thirdpartyController.do endpoint. The decoded map values can influence session...

9.3CVSS6.5AI score0.00602EPSS
Exploits0References7
Rows per page
Query Builder