Lucene search
K
AvleonovMost viewed

389 matches found

Information Security Automation
Information Security Automation
โ€ขadded 2021/11/01 12:19 a.m.โ€ข19 views

VMconf 22 Vulnerability Management conference: Call For Papers started

Hello everyone! This episode will be about the VMconf 22 Vulnerability Management conference. CFP started on November 1, which will last a month and a half. So please submit your talk or share this video with someone who might be interested. Lets talk about the conference itself. All started with...

7AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/11/14 8:44 p.m.โ€ข18 views

November โ€œIn the Trend of VMโ€ (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

November "In the Trend of VM" 21: vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here's a big one. Post on Habr rus Post on SecurityLab rus Digest on the PT website rus A total of nine vulnerabilities: RCE -...

9.9CVSS8.6AI score0.99962EPSS
Exploits104
Information Security Automation
Information Security Automation
โ€ขadded 2025/09/17 11:16 a.m.โ€ข18 views

About Remote Code Execution โ€“ SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability

About Remote Code Execution - SAP NetWeaver CVE-2025-31324, CVE-2025-42999 vulnerability. SAP NetWeaver is the core SAP platform for running applications and integrating systems. Vulnerabilities were found in its Visual Composer component - a web tool for business app modeling. A lack of...

10CVSS8.8AI score0.99359EPSS
Exploits19
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/14 12:58 a.m.โ€ข18 views

May Microsoft Patch Tuesday

May Microsoft Patch Tuesday. A total of 93 vulnerabilities - about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation: EoP - Microsoft DWM Core Library CVE-2025-30400 EoP - Windows CLFS Driver...

8.8CVSS7.1AI score0.21562EPSS
Exploits9
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/02 2:46 p.m.โ€ข18 views

About Remote Code Execution โ€“ Apache Tomcat (CVE-2025-24813) vulnerability

About Remote Code Execution - Apache Tomcat CVE-2025-24813 vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of...

9.8CVSS10AI score0.99945EPSS
Exploits46
Information Security Automation
Information Security Automation
โ€ขadded 2025/02/12 10:1 p.m.โ€ข18 views

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: EoP - Windows Ancillary Function Driver for WinSock CVE-2025-21418 EoP - Windows Storage CVE-2025-21391 There are no vulnerabilities with public exploits, but there are 7 with private...

9.9CVSS7.6AI score0.29778EPSS
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2024/10/23 8:26 p.m.โ€ข18 views

On Monday, October 21, updates for the critical Remote Code Execution โ€“ VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...

9.8CVSS7.9AI score0.54143EPSS
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2024/10/16 9:56 p.m.โ€ข18 views

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel. 5 vulnerabilities with signs of exploitation in the wild: Remote Code Execution - CUPS CVE-2024-47176 and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks Remote Co...

9.8CVSS7.7AI score0.50174EPSS
Exploits26
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/10 2:43 p.m.โ€ข17 views

About Elevation of Privilege โ€“ Windows Common Log File System Driver (CVE-2025-29824) vulnerability

About Elevation of Privilege - Windows Common Log File System Driver CVE-2025-29824 vulnerability. The vulnerability from the April Microsoft Patch Tuesday allows an attacker operating under a regular user account to escalate their privileges to SYSTEM level. According to Microsoft, the...

7.8CVSS7.2AI score0.1806EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2022/12/18 9:27 p.m.โ€ข17 views

Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions?

Hello everyone! In my English-language telegram chat avleonovchat, the question was asked: "How to find zero day vulnerabilities with Qualys?" Apparently this question can be expanded. Not just with Qualys, but with any VM solution in general. And is it even possible? There was an interesting...

7AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2022/01/21 6:57 p.m.โ€ข17 views

End of CentOS Linux. Where to migrate?

Hello everyone! As you probably know, CentOS Linux, the main Enterprise-level Linux server distribution, will soon disappear. It wasnt hard to predict when RedHat acquired CentOS in 2014, and now it is actually happening. End of life of CentOS Linux 8 was 31.12.2021. There wont be CentOS Linux as...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2017/12/19 11:14 p.m.โ€ข17 views

Microsoft security solutions against ransomware and APT

Last Tuesday I was invited to Microsoft business breakfast "Effective protection against targeted and multilevel attacks". Here I would like to share some of my thoughts on this. Need to mention that the food was delicious and the restaurant of Russian Geographical Society is a very lovely place...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/03/30 8:0 p.m.โ€ข16 views

March Linux Patch Wednesday

MarchLinux Patch Wednesday. In March, Linux vendors began addressing 575 vulnerabilities, which is 57 fewer than in February. Of these, 93 are in the Linux Kernel โฌ‡๏ธ a significant decrease - there were 305 in February. There are two vulnerabilities with signs of in-the-wild exploitation: ๐Ÿ”ป RCE -...

10CVSS7AI score0.02EPSS
Exploits36
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/16 5:41 p.m.โ€ข16 views

July Microsoft Patch Tuesday

July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: Memory Corruption - Chromium CVE-2025-6554 One vulnerability has an exploit available on...

9.8CVSS8.1AI score0.99907EPSS
Exploits19
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/10 8:44 a.m.โ€ข16 views

About Elevation of Privilege โ€“ Microsoft DWM Core Library (CVE-2025-30400) vulnerability

About Elevation of Privilege - Microsoft DWM Core Library CVE-2025-30400 vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successf...

7.8CVSS9.5AI score0.05687EPSS
Exploits3
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/22 12:51 p.m.โ€ข16 views

March episode โ€œIn the Trend of VMโ€ (#13): vulnerabilities of Microsoft, PAN-OS, ะกommuniGate and who should patch hosts with deployed application

March episode "In the Trend of VM" 13: vulnerabilities of Microsoft, PAN-OS, ะกommuniGate and who should patch hosts with deployed application. I'm posting the translated video with a big delay, but it's better than never. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website...

5.9CVSS7.7AI score0.98338EPSS
Exploits8
Information Security Automation
Information Security Automation
โ€ขadded 2022/05/10 9:28 p.m.โ€ข16 views

Malicious Open Source: the cost of using someone elseโ€™s code

Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about malicious open source and the cost of using someone elses code. Alternative video link for Russia: Video in Russian from CISO Forum 2022: To be honest, at the beginnin...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2019/10/27 8:19 p.m.โ€ข16 views

Zbrunk search launcher and event types statistics

I also changed the priorities. Now I think it would be better not to integrate with Grafana, but to create own dashboards and GUI. And to begin with, I created a simple interface for Searching and Deleting events. upd. 16.12.2019 A small update on Zbrunk. First of all, I created a new API call th...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/05/25 5:0 p.m.โ€ข15 views

May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader

May "In the Trend of VM" 27: high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. While the previous April edition featured only one vulnerability, this one...

8.8CVSS7AI score0.96666EPSS
Exploits246
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/13 10:4 p.m.โ€ข15 views

August Microsoft Patch Tuesday

August Microsoft Patch Tuesday. A total of 132 vulnerabilities, 20 fewer than in July. Of these, 25 were added between the July and August MSPT. Three are actively exploited, including two related to the trending SharePoint "ToolShell" flaw, exploited since July 17. RCE - Microsoft SharePoint...

9.8CVSS6.9AI score0.99982EPSS
Exploits48
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/29 9:46 p.m.โ€ข15 views

About Cross Site Scripting โ€“ MDaemon Email Server (CVE-2024-11182)

About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...

6.1CVSS7.3AI score0.58483EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2022/03/27 11:20 a.m.โ€ข15 views

How to remove sensitive information from a Github repository

Hello everyone! In this episode, I would like to talk about Github and how to remove sensitive information that was accidentally uploaded there. Alternative video link for Russia: This is a fairly common problem. When publishing the project code on Github, developers forget to remove credentials:...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/04/28 6:0 p.m.โ€ข14 views

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

9.8CVSS5.8AI score0.31109EPSS
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/03/12 3:14 p.m.โ€ข14 views

About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability

About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...

7.8CVSS6AI score0.0242EPSS
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/02/11 11:8 a.m.โ€ข14 views

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six โ—๏ธ vulnerabilities being exploited in the wild: ๐Ÿ”ป SFB/RCE - Windows Shell CVE-2026-21510 ๐Ÿ”ป SFB/RCE - Microsoft Word CVE-2026-21514 ๐Ÿ”ป SFB - MSHTML Framework CVE-2026-21513 ๐Ÿ”ป EoP -...

8.8CVSS6.9AI score0.25835EPSS
Exploits18
Information Security Automation
Information Security Automation
โ€ขadded 2025/11/26 11:24 a.m.โ€ข14 views

About SQL Injection โ€“ Django (CVE-2025-64459) vulnerability

About SQL Injection - Django CVE-2025-64459 vulnerability. Django is a free and open-source high-level Python web framework. The vulnerability allows attackers to manipulate database query logic by injecting internal query parameters connector and negated when applications pass user-controlled...

9.1CVSS8.4AI score0.19396EPSS
Exploits10
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/12 3:47 p.m.โ€ข14 views

August โ€œIn the Trend of VMโ€ (#18): vulnerabilities in Microsoft Windows and SharePoint

August "In the Trend of VM" 18: vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup - this time, it's extremely short. Post on Habr rus Digest on the PT website rus Only two trending vulnerabilities: Remote Code Execution - Microsoft SharePoint Server "ToolShell"...

9.8CVSS7.1AI score0.99982EPSS
Exploits45
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/22 3:18 p.m.โ€ข14 views

About Remote Code Execution โ€“ Microsoft SharePoint Server โ€œToolShellโ€ (CVE-2025-53770) vulnerability

About Remote Code Execution - Microsoft SharePoint Server "ToolShell" CVE-2025-53770 vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises...

9.8CVSS8.7AI score0.99982EPSS
Exploits41
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/21 11:50 a.m.โ€ข14 views

About Remote Code Executionย โ€“ Internet Shortcut Files (CVE-2025-33053) vulnerability

About Remote Code Execution - Internet Shortcut Files CVE-2025-33053 vulnerability. A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a...

8.8CVSS8.8AI score0.81558EPSS
Exploits10
Information Security Automation
Information Security Automation
โ€ขadded 2026/06/05 10:0 a.m.โ€ข13 views

About Remote Code Execution - PAN-OS (CVE-2026-0300) vulnerability

About Remote Code Execution - PAN-OS CVE-2026-0300 vulnerability. PAN-OS is an operating system for Palo Alto Networks firewalls and security platforms. User-IDโ„ข Authentication Portal also known as Captive Portal is a non-default PAN-OS feature used to map IP addresses to usernames. By exploiting...

9.8CVSS6.7AI score0.36157EPSS
Exploits6
Information Security Automation
Information Security Automation
โ€ขadded 2026/03/12 9:6 a.m.โ€ข13 views

About Elevation of Privilege - Windows RDS (CVE-2026-21533) vulnerability

About Elevation of Privilege - Windows RDS CVE-2026-21533 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Remote Desktop Services RDS is a component of Microsoft Windows that allows a user to initiate and control an interactive session on a remote computer or virtua...

7.8CVSS6AI score0.03846EPSS
Exploits5
Information Security Automation
Information Security Automation
โ€ขadded 2026/01/24 9:19 p.m.โ€ข13 views

January Linux Patch Wednesday

JanuaryLinux Patch Wednesday. In January, Linux vendors started fixing 918 vulnerabilities, one and a half times more than in December. Of these, 616 are in the Linux Kernel. Three show signs of exploitation in the wild: ๐Ÿ”ป AuthBypass - GNU Inetutils telnetd CVE-2026-24061 ๐Ÿ”ป RCE - Safari...

9.8CVSS7.2AI score0.98871EPSS
Exploits91
Information Security Automation
Information Security Automation
โ€ขadded 2025/11/13 1:56 p.m.โ€ข13 views

About Remote Code Execution โ€“ Microsoft SharePoint โ€œToolShellโ€ (CVE-2025-49704) vulnerability

About Remote Code Execution - Microsoft SharePoint "ToolShell" CVE-2025-49704 vulnerability. This vulnerability is from the Microsoft's July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work...

9.8CVSS8.3AI score0.99982EPSS
Exploits41
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/30 9:47 p.m.โ€ข13 views

July Linux Patch Wednesday

JulyLinux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild CISA KEV: SFB - Chromium CVE-2025-6554 There are also 36 vulnerabilities for which public exploits...

9.8CVSS7.5AI score0.64846EPSS
Exploits111
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/21 4:30 p.m.โ€ข13 views

July โ€œIn the Trend of VMโ€ (#17): vulnerabilities in Microsoft Windows and Roundcube

July "In the Trend of VM" 17: vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it's a very short one. Post on Habr rus Digest on the PT website rus Only three trending vulnerabilities: Remote Code Execution - Internet Shortcut Files CVE-2025-33053...

9.9CVSS7.6AI score0.89462EPSS
Exploits45
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/21 1:39 p.m.โ€ข13 views

June โ€œIn the Trend of VMโ€ (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...

9.1CVSS6.9AI score0.99957EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/03 12:54 p.m.โ€ข13 views

About Cross Site Scripting โ€“ Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2024-27443 vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user...

6.1CVSS6.8AI score0.19543EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2019/08/25 8:6 p.m.โ€ข13 views

Zbrunk universal data analysis system

Zbrunk project github began almost like a joke. And in a way it is. In short, my friends and I decided to make an open-source MIT license tool, which will be a kind of alternative to Splunk for some specific tasks. So, it will be possible to: Put structured JSON events in Zbrunk using http...

7AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/05/28 2:0 p.m.โ€ข12 views

About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability

About Elevation of Privilege - Linux Kernel "Fragnesia" CVE-2026-46300 vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from...

7.8CVSS6.2AI score0.03663EPSS
Exploits11
Information Security Automation
Information Security Automation
โ€ขadded 2026/05/13 11:0 a.m.โ€ข12 views

ะŸั€ะพ ัƒัะทะฒะธะผะพัั‚ัŒ Spoofing - Microsoft SharePoint Server (CVE-2026-32201)

About Spoofing - Microsoft SharePoint Server CVE-2026-32201 vulnerability. A vulnerability from the April Microsoft Patch Tuesday. The description provided by Microsoft experts is extremely vague: "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform...

6.5CVSS5.8AI score0.24172EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2026/03/11 7:20 p.m.โ€ข12 views

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. A total of 79 vulnerabilities, about one and a half times more than in February. What's truly unusual is that this time there were no vulnerabilities with signs of exploitation in the wild or a public exploit! ๐Ÿค” At least not yet. ๐Ÿ˜ The following vulnerabilities can ...

8.8CVSS7.2AI score0.04491EPSS
Exploits3
Information Security Automation
Information Security Automation
โ€ขadded 2026/01/26 1:52 p.m.โ€ข12 views

January โ€œIn the Trend of VMโ€ (#23): vulnerabilities in Windows, React and MongoDB

January "In the Trend of VM" 23: vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. ๐Ÿ™‚ ๐Ÿ—ž Post on Habr rus ๐Ÿ—’ Digest on the PT website rus In total, three vulnerabilities: ๐Ÿ”ป EoP - Windows Cloud Files Mini Filter Driver...

10CVSS6.7AI score0.99562EPSS
Exploits415
Information Security Automation
Information Security Automation
โ€ขadded 2025/11/03 12:37 p.m.โ€ข12 views

About Remote Code Execution โ€“ XWiki Platform (CVE-2025-24893) vulnerability

About Remote Code Execution - XWiki Platform CVE-2025-24893 vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags...

9.8CVSS8.3AI score0.99898EPSS
Exploits51
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/21 11:9 a.m.โ€ข12 views

About Remote Code Execution โ€“ Roundcube (CVE-2025-49113) vulnerability

About Remote Code Execution - Roundcube CVE-2025-49113 vulnerability. Roundcube is a popular open-source webmail client IMAP. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted...

9.9CVSS8.5AI score0.89462EPSS
Exploits29
Information Security Automation
Information Security Automation
โ€ขadded 2017/07/27 3:3 p.m.โ€ข12 views

Qualys new look and new products

As you all know, it's Black Hat 2017 time. This year Qualys seems to be the main newsmaker among Vulnerability Management vendors. Qualys Team renewed logo and website, updated marketing strategy, presented two new products: CloudView and CertView. I decided to take a look. Talking about design, ...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2026/06/02 11:0 a.m.โ€ข11 views

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

9.8CVSS7.8AI score0.96267EPSS
Exploits359
Information Security Automation
Information Security Automation
โ€ขadded 2026/05/14 10:0 a.m.โ€ข11 views

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

8.8CVSS6.8AI score0.96666EPSS
Exploits13
Information Security Automation
Information Security Automation
โ€ขadded 2025/11/14 7:49 p.m.โ€ข11 views

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. A total of 65 vulnerabilities. I'm not comparing this with the October report because I've decided to cover only MSPT-day vulnerabilities. The thing is, Microsoft has started massively adding Linux-product vulnerabilities to their official website, and these...

9.8CVSS6.9AI score0.061EPSS
Exploits6
Information Security Automation
Information Security Automation
โ€ขadded 2025/10/26 9:35 p.m.โ€ข11 views

About Cross Site Scripting โ€“ Zimbra Collaboration (CVE-2025-27915) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2025-27915 vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client Classic Web Client allows an unauthenticated attacker to execute...

5.4CVSS7.2AI score0.04241EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2025/09/09 8:48 p.m.โ€ข11 views

September Microsoft Patch Tuesday

September Microsoft Patch Tuesday. A total of 103 vulnerabilities, 29 fewer than in August. Of these, 25 vulnerabilities were added between the August and September MSPT. So far, no vulnerabilities are known to be exploited in the wild. Two have public PoC exploits: DoS - Newtonsoft.Json...

10CVSS7AI score0.32908EPSS
Exploits8
Total number of security vulnerabilities389