Lucene search
K
AvleonovRecent

389 matches found

Information Security Automation
Information Security Automation
โ€ขadded 2025/09/17 11:16 a.m.โ€ข17 views

About Remote Code Execution โ€“ SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability

About Remote Code Execution - SAP NetWeaver CVE-2025-31324, CVE-2025-42999 vulnerability. SAP NetWeaver is the core SAP platform for running applications and integrating systems. Vulnerabilities were found in its Visual Composer component - a web tool for business app modeling. A lack of...

10CVSS8.8AI score0.99359EPSS
Exploits19
Information Security Automation
Information Security Automation
โ€ขadded 2025/09/09 8:48 p.m.โ€ข11 views

September Microsoft Patch Tuesday

September Microsoft Patch Tuesday. A total of 103 vulnerabilities, 29 fewer than in August. Of these, 25 vulnerabilities were added between the August and September MSPT. So far, no vulnerabilities are known to be exploited in the wild. Two have public PoC exploits: DoS - Newtonsoft.Json...

10CVSS7AI score0.32908EPSS
Exploits8
Information Security Automation
Information Security Automation
โ€ขadded 2025/09/04 8:28 a.m.โ€ข8 views

August Linux Patch Wednesday

AugustLinux Patch Wednesday. Iโ€™m late with this LPW since I was improving the generation of LPW bulletin lists and the operation of Vulristics. In August, Linux vendors addressed 867 vulnerabilities, nearly twice Julyโ€™s total, including 455 in the Linux Kernel. One vulnerability is confirmed...

9CVSS7.7AI score0.62368EPSS
Exploits11
Information Security Automation
Information Security Automation
โ€ขadded 2025/09/02 3:43 p.m.โ€ข8 views

About Remote Code Execution โ€“ WinRAR (CVE-2025-6218, CVE-2025-8088) vulnerabilities

About Remote Code Execution - WinRAR CVE-2025-6218, CVE-2025-8088 vulnerabilities. A crafted file path inside an archive may cause the extraction process to move into unintended directories including the Startup directories , which can result in archive extraction leading to the execution of...

8.8CVSS7.8AI score0.86192EPSS
Exploits43
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/27 11:18 a.m.โ€ข8 views

๐Ÿ” Vulners Lookup โ€“ augmented CVE reality

Vulners Lookup โ€“ augmented CVE reality. Yesterday, VulnCheck unveiled a prototype Chrome/Chromium plugin that highlights CVE identifiers on any website and shows a popup with vulnerability details, including whether the vulnerability is in the VulnCheck KEV an extended CISA KEV. The Vulners team...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/18 6:28 p.m.โ€ข8 views

Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report

Statistics on2024 trending vulnerabilitieswere featured in the OIC-CERT annual report. The Organisation of Islamic Cooperation OIC is the largest and most influential official intergovernmental Muslim international organization. It currently unites 57 countries with a population of about 2 billio...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/13 10:4 p.m.โ€ข15 views

August Microsoft Patch Tuesday

August Microsoft Patch Tuesday. A total of 132 vulnerabilities, 20 fewer than in July. Of these, 25 were added between the July and August MSPT. Three are actively exploited, including two related to the trending SharePoint "ToolShell" flaw, exploited since July 17. RCE - Microsoft SharePoint...

9.8CVSS6.9AI score0.99982EPSS
Exploits48
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/12 3:47 p.m.โ€ข14 views

August โ€œIn the Trend of VMโ€ (#18): vulnerabilities in Microsoft Windows and SharePoint

August "In the Trend of VM" 18: vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup - this time, it's extremely short. Post on Habr rus Digest on the PT website rus Only two trending vulnerabilities: Remote Code Execution - Microsoft SharePoint Server "ToolShell"...

9.8CVSS7.1AI score0.99982EPSS
Exploits45
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/06 10:44 p.m.โ€ข31 views

About Elevation of Privilege โ€“ Windows Update Service (CVE-2025-48799) vulnerability

About Elevation of Privilege - Windows Update Service CVE-2025-48799 vulnerability. This vulnerability is from the July Microsoft Patch Tuesday. Improper link resolution before file access 'link following' in the Windows Update Service allows an authorized attacker to elevate privileges to "NT...

7.8CVSS7.2AI score0.0103EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2025/08/05 10:37 a.m.โ€ข8 views

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management

Qualys hasintroducedAgentic AI, a solution for autonomous cyber risk management. As part of this solution, Qualys provides ready-to-use Cyber Risk Agents that operate autonomously and act as an additional skilled digital workforce. Agentic AI not only detects issues and provides analytics but als...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/30 9:47 p.m.โ€ข13 views

July Linux Patch Wednesday

JulyLinux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild CISA KEV: SFB - Chromium CVE-2025-6554 There are also 36 vulnerabilities for which public exploits...

9.8CVSS7.5AI score0.64846EPSS
Exploits111
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/22 3:18 p.m.โ€ข14 views

About Remote Code Execution โ€“ Microsoft SharePoint Server โ€œToolShellโ€ (CVE-2025-53770) vulnerability

About Remote Code Execution - Microsoft SharePoint Server "ToolShell" CVE-2025-53770 vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises...

9.8CVSS8.7AI score0.99982EPSS
Exploits41
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/21 4:30 p.m.โ€ข13 views

July โ€œIn the Trend of VMโ€ (#17): vulnerabilities in Microsoft Windows and Roundcube

July "In the Trend of VM" 17: vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it's a very short one. Post on Habr rus Digest on the PT website rus Only three trending vulnerabilities: Remote Code Execution - Internet Shortcut Files CVE-2025-33053...

9.9CVSS7.6AI score0.89462EPSS
Exploits45
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/21 11:50 a.m.โ€ข13 views

About Remote Code Executionย โ€“ Internet Shortcut Files (CVE-2025-33053) vulnerability

About Remote Code Execution - Internet Shortcut Files CVE-2025-33053 vulnerability. A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a...

8.8CVSS8.8AI score0.81558EPSS
Exploits10
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/21 11:9 a.m.โ€ข11 views

About Remote Code Execution โ€“ Roundcube (CVE-2025-49113) vulnerability

About Remote Code Execution - Roundcube CVE-2025-49113 vulnerability. Roundcube is a popular open-source webmail client IMAP. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted...

9.9CVSS8.5AI score0.89462EPSS
Exploits29
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/16 5:41 p.m.โ€ข16 views

July Microsoft Patch Tuesday

July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: Memory Corruption - Chromium CVE-2025-6554 One vulnerability has an exploit available on...

9.8CVSS8.1AI score0.99907EPSS
Exploits19
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/13 12:26 p.m.โ€ข40 views

About Elevation of Privilege โ€“ Windows SMB Client (CVE-2025-33073) vulnerability

About Elevation of Privilege - Windows SMB Client CVE-2025-33073 vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim's host to connect to the attacker's SMB server and authenticate, resulting in gaining SYSTEM...

8.8CVSS7.4AI score0.64987EPSS
Exploits6
Information Security Automation
Information Security Automation
โ€ขadded 2025/07/01 11:28 a.m.โ€ข24 views

June Linux Patch Wednesday

JuneLinux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities CISA KEV. SFB - Chromium CVE-2025-2783 MemCor - Chromium CVE-2025-5419 CodeInj - Hibernate...

9.9CVSS7.5AI score0.89462EPSS
Exploits70
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/26 3:5 p.m.โ€ข7 views

I added support for ALT Linux OVAL content in Linux Patch Wednesday

I added support forALT Linux OVAL contentin Linux Patch Wednesday. Now I track when specific CVEs were fixed in ALT Linux packages and take that into account when generating the monthly bulletins. The more data sources on patched vulnerabilities in Linux distributions are used, the more accurate...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/21 1:39 p.m.โ€ข13 views

June โ€œIn the Trend of VMโ€ (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...

9.1CVSS6.9AI score0.99957EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/10 9:49 p.m.โ€ข23 views

June Microsoft Patch Tuesday

June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild: RCE - WEBDAV/Internet Shortcut Files CVE-2025-33053. For successful...

8.8CVSS7.7AI score0.81558EPSS
Exploits22
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/10 12:14 p.m.โ€ข19 views

About Elevation of Privilege โ€“ Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706) vulnerabilities

About Elevation of Privilege - Windows Common Log File System Driver CVE-2025-32701, CVE-2025-32706 vulnerabilities. When Microsoft disclosed these vulnerabilities in the May Patch Tuesday, attackers were already exploiting them in the wild. The Common Log File System CLFS is a general-purpose...

7.8CVSS9.4AI score0.1806EPSS
Exploits5
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/10 8:44 a.m.โ€ข16 views

About Elevation of Privilege โ€“ Microsoft DWM Core Library (CVE-2025-30400) vulnerability

About Elevation of Privilege - Microsoft DWM Core Library CVE-2025-30400 vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successf...

7.8CVSS9.5AI score0.05687EPSS
Exploits3
Information Security Automation
Information Security Automation
โ€ขadded 2025/06/03 12:54 p.m.โ€ข13 views

About Cross Site Scripting โ€“ Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2024-27443 vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user...

6.1CVSS6.8AI score0.19543EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/29 9:46 p.m.โ€ข15 views

About Cross Site Scripting โ€“ MDaemon Email Server (CVE-2024-11182)

About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...

6.1CVSS7.3AI score0.58483EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/27 11:55 p.m.โ€ข22 views

Vulnerabilities of Western logistics

Vulnerabilities of Western logistics. On May 21, Western intelligence agencies released joint advisory AA25-141A about attacks targeting infrastructure of Western logistics and tech companies. Alongside the usual Five Eyes, intelligence services from Germany, Czech Republic, Poland, Denmark,...

9.8CVSS9AI score0.97798EPSS
Exploits69
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/25 11:7 p.m.โ€ข8 views

Impressions from PHDays Fest

Impressions from PHDays Fest. The scale was just insane. You walk and walk - and there's action everywhere, and all of it is PHDays, every bit of it. It totally blew my mind, I saw just a tiny fraction of everything that was going on. In the public area, I was impressed by the university pavilion...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/23 9:25 p.m.โ€ข21 views

May

MayLinux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 5 vulnerabilities are exploited in the wild: RCE - PHP CSS Parser CVE-2020-13756. In AttackerKB, an exploit exists. DoS - Apache ActiveMQ CVE-2025-27533. In AttackerKB, an exploit exists. SFB -...

10CVSS7.6AI score0.99098EPSS
Exploits68
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/21 1:22 p.m.โ€ข19 views

May โ€œIn the Trend of VMโ€ (#15): vulnerabilities in Microsoft Windows and the Erlang/OTP framework

May "In the Trend of VM" 15: vulnerabilities in Microsoft Windows and the Erlang/OTP framework. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 4 trending vulnerabilities: Elevation of Privilege - Windows Common Log File System Driver...

10CVSS7.6AI score0.97673EPSS
Exploits61
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/20 11:46 p.m.โ€ข21 views

About Remote Code Execution โ€“ 7-Zip (BDU:2025-01793) vulnerability

About Remote Code Execution - 7-Zip BDU:2025-01793 vulnerability. It's about the fact that files unpacked using 7-Zip don't get the Mark-of-the-Web. As a result, Windows security mechanisms don't block the execution of the unpacked malware. If you remember, there was a similar vulnerability in...

7CVSS8AI score0.67071EPSS
Exploits8
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/18 9:56 p.m.โ€ข5 views

Iโ€™m done preparing the slides for my talk about Vulristics at PHDays

I 'm done preparing the slides for my talk about Vulristics at PHDays. I'll be speaking on the last day of the festival - Saturday, May 24, at 16:00 in Popov Hall 25. If you're there at that time, I'd be glad to see you. If not - join online! I'll have an hour to dive into Vulristics, vulnerabili...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/14 10:8 a.m.โ€ข7 views

I checked out the European vulnerability database, EUVD, which was officially launched yesterday

I checked out the European vulnerability database,EUVD, which was officiallylaunchedyesterday. Its usefulness is questionable for now. !๐Ÿคทโ€โ™‚๏ธhttps://s.w.org/images/core/emoji/15.1.0/72x72/1f937-200d-264...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/14 12:58 a.m.โ€ข18 views

May Microsoft Patch Tuesday

May Microsoft Patch Tuesday. A total of 93 vulnerabilities - about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation: EoP - Microsoft DWM Core Library CVE-2025-30400 EoP - Windows CLFS Driver...

8.8CVSS7.1AI score0.21562EPSS
Exploits9
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/12 8:46 p.m.โ€ข11 views

About Remote Code Execution โ€“ Erlang/OTP (CVE-2025-32433) vulnerability

About Remote Code Execution - Erlang/OTP CVE-2025-32433 vulnerability. Erlang is a programming language used to build massively scalable soft real-time systems with requirements for high availability. Used in telecom, banking, e-commerce, telephony, and messaging. OTP is a set of Erlang libraries...

10CVSS8.5AI score0.97673EPSS
Exploits36
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/10 2:43 p.m.โ€ข17 views

About Elevation of Privilege โ€“ Windows Common Log File System Driver (CVE-2025-29824) vulnerability

About Elevation of Privilege - Windows Common Log File System Driver CVE-2025-29824 vulnerability. The vulnerability from the April Microsoft Patch Tuesday allows an attacker operating under a regular user account to escalate their privileges to SYSTEM level. According to Microsoft, the...

7.8CVSS7.2AI score0.1806EPSS
Exploits4
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/08 1:6 p.m.โ€ข22 views

About Spoofing โ€“ Windows NTLM (CVE-2025-24054) vulnerability

About Spoofing - Windows NTLM CVE-2025-24054 vulnerability. It was patched in the March Microsoft Patch Tuesday. VM vendors didn't mention this vulnerability in their reviews; it was only known to be exploited via user interaction with a malicious file. A month later, on April 16, Check Point...

6.5CVSS6.9AI score0.58974EPSS
Exploits35
Information Security Automation
Information Security Automation
โ€ขadded 2025/05/06 3:12 p.m.โ€ข31 views

About Remote Code Execution & Arbitrary File Reading โ€“ Apache HTTP Server (CVE-2024-38475) vulnerability

About Remote Code Execution & Arbitrary File Reading - Apache HTTP Server CVE-2024-38475 vulnerability. Improper escaping of output in modrewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. Apache HTTP Server 2.4.60,...

9.1CVSS8.7AI score0.99957EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/30 11:34 p.m.โ€ข41 views

April Linux Patch Wednesday

AprilLinux Patch Wednesday. Total vulnerabilities: 251. 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits. For 2 vulnerabilities, exploit code with detailed explanation is available on...

6.9CVSS8AI score0.75782EPSS
Exploits8
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/29 9:4 p.m.โ€ข24 views

About Elevation of Privilege โ€“ Windows Process Activation (CVE-2025-21204) vulnerability

About Elevation of Privilege - Windows Process Activation CVE-2025-21204 vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before fil...

7.8CVSS7.4AI score0.06422EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/22 9:16 p.m.โ€ข28 views

April โ€œIn the Trend of VMโ€ (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

April "In the Trend of VM" 14: vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. Post on Habr rus Digest on the PT website rus A total of 11 trending vulnerabilities: Elevation of Privilege - Windo...

9.8CVSS10AI score0.99945EPSS
Exploits99
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/22 12:51 p.m.โ€ข15 views

March episode โ€œIn the Trend of VMโ€ (#13): vulnerabilities of Microsoft, PAN-OS, ะกommuniGate and who should patch hosts with deployed application

March episode "In the Trend of VM" 13: vulnerabilities of Microsoft, PAN-OS, ะกommuniGate and who should patch hosts with deployed application. I'm posting the translated video with a big delay, but it's better than never. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website...

5.9CVSS7.7AI score0.98338EPSS
Exploits8
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/10 10:59 p.m.โ€ข22 views

April Microsoft Patch Tuesday

April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild: EoP - Windows Common Log File System Driver CVE-2025-29824. An attacker can gain SYST...

9.8CVSS9.7AI score0.99098EPSS
Exploits37
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/07 8:39 a.m.โ€ข20 views

About Elevation of Privilege โ€“ Windows Cloud Files Mini Filter Driver (CVE-2024-30085) vulnerability

About Elevation of Privilege - Windows Cloud Files Mini Filter Driver CVE-2024-30085 vulnerability. cldflt.sys is a Windows Cloud Files Mini Filter driver responsible for representing cloud-stored files and folders as if they were located on the local machine. The vulnerability in this driver,...

7.8CVSS8.8AI score0.15127EPSS
Exploits3
Information Security Automation
Information Security Automation
โ€ขadded 2025/04/02 2:46 p.m.โ€ข17 views

About Remote Code Execution โ€“ Apache Tomcat (CVE-2025-24813) vulnerability

About Remote Code Execution - Apache Tomcat CVE-2025-24813 vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of...

9.8CVSS10AI score0.99945EPSS
Exploits46
Information Security Automation
Information Security Automation
โ€ขadded 2025/03/27 6:51 p.m.โ€ข24 views

About Remote Code Execution โ€“ Kubernetes (CVE-2025-1974) vulnerability

About Remote Code Execution - Kubernetes CVE-2025-1974 vulnerability. An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. In the default...

9.8CVSS9.4AI score0.99098EPSS
Exploits21
Information Security Automation
Information Security Automation
โ€ขadded 2025/03/26 3:52 p.m.โ€ข21 views

About Remote Code Execution โ€“ Veeam Backup & Replication (CVE-2025-23120) vulnerability

About Remote Code Execution - Veeam Backup & Replication CVE-2025-23120 vulnerability. Veeam B&R is a client-server software solution for centralized backup of virtual machines in VMware vSphere and Microsoft Hyper-V environments. A deserialization flaw CWE-502 lets an attacker run arbitrary code...

8.8CVSS9.7AI score0.18335EPSS
Exploits1
Information Security Automation
Information Security Automation
โ€ขadded 2025/03/20 8:49 p.m.โ€ข19 views

March Linux Patch Wednesday

MarchLinux Patch Wednesday. Total vulnerabilities: 1083. 879 in the Linux Kernel. Two vulnerabilities show signs of exploitation in the wild: Code Injection - GLPI CVE-2022-35914. An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux. Memory Corruption - Safari...

5.3CVSS8.1AI score0.99945EPSS
Exploits223
Information Security Automation
Information Security Automation
โ€ขadded 2025/03/19 5:4 p.m.โ€ข27 views

About Spoofing โ€“ Windows File Explorer (CVE-2025-24071) vulnerability

About Spoofing - Windows File Explorer CVE-2025-24071 vulnerability. The vulnerability is from the March Microsoft Patch Tuesday. The VM vendors didn't highlight it in their reviews. A week later, on March 18, researcher 0x6rss published a write-up and a PoC exploit. According to him, the...

6.5CVSS7.7AI score0.25068EPSS
Exploits21
Information Security Automation
Information Security Automation
โ€ขadded 2025/03/12 9:56 a.m.โ€ข31 views

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild: RCE - Windows Fast FAT File System Driver CVE-2025-24985 RCE - Windows NTFS CVE-2025-24993 SFB - Microsoft Management Console CVE-2025-26633 EoP - Windows Win...

9.8CVSS7.8AI score0.31894EPSS
Exploits9
Information Security Automation
Information Security Automation
โ€ขadded 2025/03/11 10:10 a.m.โ€ข30 views

New episode โ€œIn the Trend of VMโ€ (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists

New episode "In the Trend of VM" 12: 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website Content: 00:00 Greetings 00:23 Remote Code Execution - Windows Lightweight...

9.8CVSS9.1AI score0.98259EPSS
Exploits33
Total number of security vulnerabilities389