Lucene search
K

21 matches found

NCSC
NCSC
added 2026/06/17 8:53 a.m.8 views

Vulnerabilities in Oracle E-Business Suite products

Oracle has identified vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost...

9.9CVSS5.5AI score0.00473EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 8:6 a.m.11 views

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox versions 4.2 through 5.0.5, including FortiSandbox Cloud and FortiSandbox PaaS. The vulnerability involves OS command injection in the FortiSandbox’s webinterface. As a result, unauthorized attackers can execute arbitrary OS commands by...

9.8CVSS6.3AI score0.23393EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/23 11:55 a.m.29 views

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive...

9.3CVSS6.7AI score0.00468EPSS
Exploits1
NCSC
NCSC
added 2026/04/10 12:6 p.m.6 views

Vulnerability fixed in Juniper Networks Junos OS Evolved

Juniper has fixed a vulnerability in Junos OS Evolved running on PTX Series devices. A malicious party can exploit this vulnerability to increase privileges. The vulnerability is in the Flexible PIC Concentrators FPCs of Juniper Networks Junos OS Evolved on PTX systems. The vulnerability can lead...

8.5CVSS5.8AI score0.00114EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2026/01/22 1:54 p.m.6 views

Foxit, Epic Games Store, MedDreams vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco...

9.6CVSS5.8AI score0.00436EPSS
Exploits22
Talos Blog
Talos Blog
added 2025/12/04 8:23 p.m.8 views

Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been patched by their...

8.8CVSS7.3AI score0.00825EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.4 views

PT-2025-39230

Yes, Zoho has faced several security issues: - 2021: ManageEngine ADSelfService Plus vulnerability CVE-2021-40539 exploited by APT27, affecting 9+ organizations and 11,000+ servers with Godzilla Webshell malware. Patched by Zoho. - 2022: Critical RCE flaw in ManageEngine led to BankingLab breach,...

9.8CVSS7.5AI score0.9896EPSS
Exploits8References1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34192 · Undefined · Undefined

New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...

7.7AI score
Exploits0References1
NVD
NVD
added 2025/08/12 4:15 p.m.2 views

CVE-2025-3089

ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading...

5.3CVSS0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 4:6 p.m.7 views

CVE-2025-3089 Broken Access Control in ServiceNow AI Platform

ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading...

5.3CVSS0.0042EPSS
Exploits0References1
NCSC
NCSC
added 2025/05/14 1:50 p.m.7 views

Vulnerability fixed in FortiVoice

Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...

9.8CVSS9.9AI score0.31419EPSS
Exploits3References1
NCSC
NCSC
added 2025/03/14 9:14 a.m.8 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

9.8CVSS9.8AI score0.63792EPSS
Exploits6References1
OSV
OSV
added 2023/09/08 12:19 p.m.6 views

GHSA-PMXQ-PJ47-J8J4 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...

3.9CVSS6AI score0.00571EPSS
Exploits0References4
OSV
OSV
added 2021/10/15 3:15 p.m.3 views

CVE-2021-40996

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

9.8CVSS5.8AI score0.01704EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/10/12 4:15 p.m.2 views

CVE-2021-37735

A remote denial of service vulnerability was discovered in Aruba Instant versions: Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant IAP that address this security...

5.3CVSS5.4AI score0.01249EPSS
Exploits0References3
OSV
OSV
added 2021/04/29 1:15 p.m.3 views

CVE-2021-29138

A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability...

6.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2021/04/29 1:15 p.m.2 views

CVE-2021-29140

A remote XML external entity XXE vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability...

8.2CVSS7.3AI score0.01573EPSS
Exploits0References1
PyPA
PyPA
added 2021/04/15 9:15 p.m.3 views

PYSEC-2021-21

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...

7.5CVSS6.8AI score0.01833EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2020/12/08 5:44 a.m.7 views

NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks

The US National Security Agency NSA on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMwar...

9.1CVSS7.6AI score0.23771EPSS
Exploits0
NCSC
NCSC
added 2020/11/27 12:0 a.m.3 views

Vulnerability fixed in Netapp products

A vulnerability has been fixed in Jackson databind, used by several Netapp products. The vulnerability allows a malicious party to execute arbitrary code under the user's privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to...

9.8CVSS7.4AI score0.0864EPSS
Exploits0
Rows per page
Query Builder