49 matches found
CVEs with a CVSS Score Greater Than or Equal to 9
Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage from cyberattacks. This paper provides a thorough analysis...
PT-2026-23031
Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
PT-2026-4686
In jump to payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Solaris 10 (x86) : 153154-09
The 153154-09 patch has not been applied. The Solaris 10 host is, therefore, affected by the vulnerability as referenced in the 153154-09 patch. SunOS 5.10x86: kernel patch. Date this patch was last updated by Sun : 2026-01-15 Tenable has extracted the preceding description block directly from th...
CVE-2024-49587
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...
CVE-2025-30186
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-11435
A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and ma...
CVE-2025-11435
A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and ma...
EUVD-2020-24078
Malware in sbrugna...
EUVD-2024-22910
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-9688
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function writeisviewer of the file src/device/cart/isviewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high...
Horcrux Double Sign Possibility
Horcrux Incident Disclosure: Possible Double-Sign Summary On March 6, 2025, a Horcrux user 01node experienced a double-signing incident on the Osmosis network, resulting in a 5% slash penalty approximately 75,000 OSMO or $20,000 USD. After thorough investigation, we have identified a race conditi...
Citrix Endpoint Management (aka XenMobile Server) 10.16.0 Rolling Patch 4
Package name: xms10.16.0.10427.bin For: XenMobile Server 10.16.0 Deployment type: On-premises only Replaces: xms10.16.0.10318.bin, xms10.16.0.10205.bin, xms10.16.0.10108.bin Date: December 2024 Languages supported: English US Important notes about this update As a best practice, Citrix recommends...
Citrix Endpoint Management (aka XenMobile Server) 10.15.0 Rolling Patch 9
Package name: xms10.15.0.10915.bin For: XenMobile Server 10.15.0 Deployment type: On-premises only Replaces: xms10.15.0.10808.bin, xms10.15.0.10731.bin, xms10.15.0.10624.bin, xms10.15.0.10517.bin, xms10.15.0.10417.bin, xms10.15.0.10327.bin, xms10.15.0.10220.bin, and xms10.15.0.10125.bin Date:...
aqualinkusa.com Cross Site Scripting vulnerability OBB-3901393
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 12
Package name: xms10.14.0.11222.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.11121.bin, xms10.14.0.11013.bin, xms10.14.0.10942.bin, xms10.14.0.10813.bin, xms10.14.0.10742.bin, xms10.14.0.10628.bin, xms10.14.0.10521.bin, xms10.14.0.10424.bin,...
Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management
GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...
Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 11
Package name: xms10.14.0.11121.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.11013.bin, xms10.14.0.10942.bin, xms10.14.0.10813.bin, xms10.14.0.10742.bin, xms10.14.0.10628.bin, xms10.14.0.10521.bin, xms10.14.0.10424.bin, xms10.14.0.10303.bin,...
Microsoft Releases April 2023 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2023 Security Update Guidelink is external an...