Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2026/05/20 12:0 p.m.23 views

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-4250link is external Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537link is external Microsoft DirectX NULL Byte Overwrite Vulnerability...

10CVSS7.3AI score0.98751EPSS
Exploits64References12
CISA
CISA
added 2024/12/10 12:0 p.m.23 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138link is external Microsoft Windows Common Log File System CLFS Driver Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent...

7.8CVSS8.5AI score0.25414EPSS
Exploits4References6
CISA
CISA
added 2024/12/04 12:0 p.m.23 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-51378link is external CyberPanel Incorrect Default Permissions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...

10CVSS7.2AI score0.94878EPSS
Exploits7References6
CISA
CISA
added 2024/09/10 12:0 p.m.23 views

Cisco Releases Security Updates for Cisco Smart Licensing Utility

Cisco released security updates to address two vulnerabilities CVE-2024-20439 and CVE-2024-20440 in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the followin...

9.8CVSS7.2AI score0.9201EPSS
Exploits0References1
CISA
CISA
added 2023/12/05 12:0 p.m.23 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vulnerability...

8.4CVSS7.4AI score0.00892EPSS
Exploits0References9
CISA
CISA
added 2023/10/27 12:0 p.m.23 views

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software releas...

10CVSS9AI score0.99571EPSS
Exploits27References8
CISA
CISA
added 2023/10/10 12:0 p.m.23 views

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Researchers and vendors have disclosed a denial-of-service DoS vulnerability in HTTP/2 protocollink is external. The vulnerability CVE-2023-44487link is external, known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References9
CISA
CISA
added 2023/02/21 12:0 a.m.23 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two 2 Industrial Control Systems ICS advisories on February 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

2.1AI score
Exploits0References2
CISA
CISA
added 2023/02/02 12:0 a.m.23 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on February 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

1.5AI score
Exploits0References6
CISA
CISA
added 2022/11/22 12:0 a.m.23 views

CISA Releases Eight Industrial Control Systems Advisories

CISA has released eight 8 Industrial Control Systems ICS advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...

1.1AI score
Exploits0References8
CISA
CISA
added 2022/09/22 12:0 a.m.23 views

CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

CISA and the National Security Agency NSA have published a joint cybersecurity advisory about control system defense for operational technology OT and industrial control systems ICSs. Control System Defense: Know the Opponent is intended to provide critical infrastructure owners and operators wit...

2.6AI score
Exploits0References5
CISA
CISA
added 2022/01/16 12:0 a.m.23 views

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

Microsoft has released a blog post on possible Master Boot Record MBR Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the...

6.8AI score
Exploits0References3
CISA
CISA
added 2021/11/24 12:0 a.m.23 views

CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations

CISA has released actionable Capacity Enhancement Guides CEGs to help users and organizations improve mobile device cybersecurity. The CEG: Mobile Device Cybersecurity Checklist for Consumers provides steps for consumers, including using strong authentication and enabling automatic operating syst...

7.1AI score
Exploits0References3
CISA
CISA
added 2021/10/29 12:0 a.m.23 views

GoCD Authentication Vulnerability

GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA...

6.8AI score
Exploits0References3
CISA
CISA
added 2021/07/21 12:0 a.m.23 views

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

6.9AI score
Exploits0References4
CISA
CISA
added 2021/07/19 12:0 a.m.23 views

Fortinet Releases Security Updates for FortiManager and FortiAnalyzer

Fortinet has released security advisory FG-IR-21-067 to address a use-after-free vulnerability in the FortiManager fgfmsd daemon. A use-after-free condition occurs when a program marks a section of memory as free but then subsequently tries to use that memory, which could result in a program cras...

8AI score
Exploits0References2
CISA
CISA
added 2021/04/26 12:0 a.m.23 views

FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations

The Federal Bureau of Investigation FBI, Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory CSA addressing Russian Foreign Intelligence Service SVR cyber actors—also known as Advanced Persistent Threat 29 APT 29, the Dukes, CozyBear, and Yttrium—continued...

6.6AI score
Exploits0References6
CISA
CISA
added 2020/12/03 12:0 a.m.23 views

Apple Releases Security Updates for iCloud for Windows

Apple has released security updates to address vulnerabilities in iCloud for Windows. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

6.9AI score
Exploits0References1
CISA
CISA
added 2020/11/19 12:0 a.m.23 views

Google Releases Security Updates for Chrome

Google has released Chrome version 87.0.4280.66 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrato...

7.1AI score
Exploits0References1
CISA
CISA
added 2020/07/17 12:0 a.m.23 views

Microsoft Releases Security Update for Edge

Microsoft has released a security update to address a vulnerability in Edge Chromium-based. An attacker could exploit this vulnerability to drop Dynamic Link Library DLL files and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrato...

8.7AI score
Exploits0References1
CISA
CISA
added 2020/05/27 12:0 a.m.23 views

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...

7AI score
Exploits0References5
CISA
CISA
added 2019/10/17 12:0 a.m.24 views

ISC Releases Security Advisories for BIND

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructu...

5CVSS7.4AI score0.02883EPSS
Exploits0References2
CISA
CISA
added 2019/08/22 12:0 a.m.23 views

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller IMC Supervisor, Unified Computing System UCS Director, and UCS Director Express for Big Data. A remote attacker could exploit these vulnerabilities to take control of an affected system. The...

7AI score
Exploits0References4
CISA
CISA
added 2019/07/16 12:0 a.m.23 views

Oracle Releases July 2019 Security Bulletin

Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

7.1AI score
Exploits0References1
CISA
CISA
added 2018/05/02 12:0 a.m.23 views

Microsoft Releases Security Update

Microsoft has released a security update to address a vulnerability in the Windows Host Compute Service Shim hcsshim library. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Adviso...

9.3CVSS8.2AI score0.32516EPSS
Exploits0References1
CISA
CISA
added 2018/03/27 12:0 a.m.23 views

Creating and Managing Strong Passwords

NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping...

7.1AI score
Exploits0References2
CISA
CISA
added 2017/08/24 12:0 a.m.23 views

FCC Promotes Best Practices for SS7 Communications

The Federal Communications Commission FCC has released a public notice encouraging communications service providers to voluntarily use security best practices recommended by the Communications Security, Reliability, and Interoperability Council CSRIC, a federal advisory committee to the FCC. Thes...

6.8AI score
Exploits0References2
CISA
CISA
added 2017/01/24 12:0 a.m.23 views

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in its WebEx browser extensions. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and Vulnerability...

6.8AI score
Exploits0References2
CISA
CISA
added 2013/05/22 12:0 a.m.23 views

Google Releases Google Chrome 27.0.1453.93

Google has released Google Chrome 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition, obtain sensitive information, or execute arbitrary code. US-CERT encourages use...

7.5AI score
Exploits0References1
CISA
CISA
added 2013/01/14 12:0 a.m.23 views

CERT Releases Oracle Java 7 Security Advisory

CERT released Vulnerability Note VU625617 to address a vulnerability in Oracle Java Runtime Environment JRE 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems. US-CERT encourages users and...

7.6AI score
Exploits0References4
CISA
CISA
added 2012/09/19 12:0 a.m.23 views

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2757760 to address a vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted HTML documents e.g., a web page or an HTML email message or attachmen...

9.3CVSS1.8AI score0.81716EPSS
Exploits8References5
CISA
CISA
added 2011/10/12 12:0 a.m.23 views

Apple Releases Multiple Security Updates

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive...

7.6AI score
Exploits0References6
CISA
CISA
added 2011/06/30 12:0 a.m.23 views

WordPress Releases Version 3.1.4

WordPress has released WordPress 3.1.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.4 and apply any necessary...

7.1AI score
Exploits0References1
CISA
CISA
added 2011/03/10 12:0 a.m.23 views

Apple Releases iOS 4.3

Apple has released iOS 4.3 for the iPhone 3 GS and later, iPod touch 3rd generation and later, and iPad to address multiple vulnerabilities. These vulnerabilities affect the CoreGraphics, ImageIO, libxml, Networking, Safari, and WebKit packages. Exploitation of these vulnerabilities may allow an...

7.9AI score
Exploits0References1
CISA
CISA
added 2010/04/21 12:0 a.m.23 views

McAfee DAT 5958 Issues

US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:\Windows\system32\svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms includ...

6.8AI score
Exploits0References3
CISA
CISA
added 2010/04/02 12:0 a.m.23 views

Mozilla Releases Firefox V3.6.3

The Mozilla Foundation has released Firefox V3.6.3 to address a critical vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Mozilla Foundation Security Advisory mfsa2010-25 and upgrade to Firefox...

7.6AI score
Exploits0References1
CISA
CISA
added 2010/03/17 12:0 a.m.23 views

Zeus Trojan Campaign Warning

US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security DHS. The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain ...

6.8AI score
Exploits0References2
CISA
CISA
added 2026/02/05 12:0 p.m.22 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...

9.8CVSS5.5AI score0.87693EPSS
Exploits5References7
CISA
CISA
added 2025/01/07 12:0 p.m.22 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713link is external Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550link is external Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883lin...

9.8CVSS8.7AI score0.99698EPSS
Exploits32References11
CISA
CISA
added 2024/10/22 12:0 p.m.22 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38094link is external link is externalMicrosoft SharePoint Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

7.2CVSS7.3AI score0.49979EPSS
Exploits1References7
CISA
CISA
added 2024/02/15 12:0 p.m.22 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability These types of...

9.8CVSS7.3AI score0.71789EPSS
Exploits0References7
CISA
CISA
added 2022/03/09 12:0 a.m.22 views

Updated: Conti Ransomware

CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, and the United States Secret Service USSS have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations...

6.9AI score
Exploits0References4
CISA
CISA
added 2022/03/08 12:0 a.m.22 views

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

CISA has released an Industrial Controls Systems Advisory ICSA, detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change...

7.3AI score
Exploits0References2
CISA
CISA
added 2021/09/16 12:0 a.m.22 views

ACSC Releases Annual Cyber Threat Report

The Australian Cyber Security Centre ACSC has released its annual report on key cyber security threats and trends for the 2020–21 financial year. The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid...

6.9AI score
Exploits0References2
CISA
CISA
added 2021/08/19 12:0 a.m.22 views

 Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

7.6AI score
Exploits0References8
CISA
CISA
added 2021/08/05 12:0 a.m.22 views

Cisco Releases Security Updates 

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users an...

7.7AI score
Exploits0References6
CISA
CISA
added 2021/08/04 12:0 a.m.22 views

Google Releases Security Updates for Chrome

Google has released Chrome version 92.0.4515.131 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/07/02 12:0 a.m.22 views

Kaseya VSA Supply-Chain Ransomware Attack

CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers MSPs that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/04/27 12:0 a.m.22 views

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/02/24 12:0 a.m.22 views

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86,...

7.1AI score
Exploits0References3
Total number of security vulnerabilities4188