Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2016/02/23 12:0 a.m.18 views

Microsoft Releases Update for EMET

US-CERT is aware of a vulnerability in Microsoft Enhanced Mitigation Experience Toolkit EMET versions prior to 5.5. Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET to take control of an affected system. US-CERT recommends users and administrators visit the...

6.9AI score
Exploits0References2
CISA
CISA
added 2015/12/08 12:0 a.m.18 views

Apple Releases Multiple Security Updates

Apple has released security updates for iOS, tvOS, OS X, watchOS, Safari, and Xcode to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: iOS 9.2 for iPhone 4s and later, iPod touch 5th generation and late...

6.8AI score
Exploits0References6
CISA
CISA
added 2015/09/22 12:0 a.m.18 views

Mozilla Releases Security Updates for Firefox

The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 41 Firefox ESR 38.3 US-CERT...

7.3AI score
Exploits0References2
CISA
CISA
added 2015/09/01 12:0 a.m.18 views

Google Releases Security Update for Chrome

Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page...

7.2AI score
Exploits0References1
CISA
CISA
added 2015/03/03 12:0 a.m.18 views

Guidance for Defending Against Destructive Malware

The Information Assurance Directorate of the National Security Agency NSA has released a report on Defensive Best Practices for Destructive Malware. This report details several steps network defenders can take to detect, contain, and minimize destructive malware infections. US-CERT encourages use...

6.6AI score
Exploits0References2
CISA
CISA
added 2014/12/09 12:0 a.m.18 views

Certain TLS Implementations Vulnerable to POODLE Attacks

A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and administrators to review TA14-290A for...

6.5AI score
Exploits0References1
CISA
CISA
added 2014/06/10 12:0 a.m.18 views

Adobe Releases Security Updates for Flash Player and Air

Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash Player 14.0.0.125 for Windows,...

7AI score
Exploits0References1
CISA
CISA
added 2014/03/18 12:0 a.m.18 views

Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, execute arbitrary code, or operate wit...

7.6AI score
Exploits0References4
CISA
CISA
added 2013/11/18 12:0 a.m.18 views

Google Releases Google Chrome 31.0.1650.57

Google has released Google Chrome 31.0.1650.57 for Windows, Mac, Linux and Chrome Frame to address a vulnerability. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google...

7.6AI score
Exploits0References1
CISA
CISA
added 2013/11/12 12:0 a.m.18 views

Microsoft Addresses New Watering Hole Attack in the November, 2013 Security Bulletin Release

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer and Office as part of the Microsoft Security Bulletin Summary for November, 2013. These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of...

7AI score
Exploits0References2
CISA
CISA
added 2013/10/24 12:0 a.m.18 views

Apple Releases OS X Mavericks v10.9

Apple has released OS X Mavericks v10.9 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass security restrictions, cause a denial-of-service condition, or execute arbitrary code. US-CERT encourages users and administrators to review Apple Support...

7.5AI score
Exploits0References1
CISA
CISA
added 2013/01/29 12:0 a.m.18 views

CERT Releases UPnP Security Advisory

Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU922681. US-CERT recommends that affected UPnP device vendors and...

7.1AI score
Exploits0References2
CISA
CISA
added 2012/05/24 12:0 a.m.18 views

Google Releases Google Chrome 19.0.1084.52

Google has released Google Chrome 19.0.1084.52 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

7.8AI score
Exploits0References1
CISA
CISA
added 2012/05/10 12:0 a.m.18 views

Apple Releases Multiple Security Updates

Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products: Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later OS X Lion v10.7.4 and Security...

7AI score
Exploits0References2
CISA
CISA
added 2012/03/28 12:0 a.m.18 views

Cisco Releases Multiple Security Advisories

Cisco has released nine security advisories to address multiple vulnerabilities affecting Cisco IOS software. These vulnerabilities may allow an attacker to execute arbitrary code, operate at elevated privileges, or cause a denial-of-service condition. US-CERT encourages users and administrators ...

7.6AI score
Exploits0References10
CISA
CISA
added 2012/03/05 12:0 a.m.18 views

Google Releases Chrome 17.0.963.65

Google has released Chrome 17.0.963.65 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

7.9AI score
Exploits0References1
CISA
CISA
added 2012/02/16 12:0 a.m.18 views

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a security advisory to alert users of vulnerabilities affecting the following software: Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x Adobe Fla...

6.4AI score
Exploits0References1
CISA
CISA
added 2011/12/28 12:0 a.m.18 views

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby...

6.6AI score
Exploits0References5
CISA
CISA
added 2011/07/15 12:0 a.m.18 views

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server. The vulnerability may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause ...

6.4AI score
Exploits0References1
CISA
CISA
added 2011/04/28 12:0 a.m.18 views

Cisco Releases Security Advisory for Cisco Unified Communications Manager

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Manager. These vulnerabilities may allow an attacker to perform SQL injection attacks, conduct directory traversal attacks, or cause a denial-of-service condition. US-CERT encourages users a...

8.1AI score
Exploits0References1
CISA
CISA
added 2010/10/27 12:0 a.m.18 views

Firefox 3.5 and 3.6 Vulnerability

Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected. Update: T...

7.6AI score
Exploits0References5
CISA
CISA
added 2010/06/23 12:0 a.m.18 views

Mozilla Releases Firefox 3.6.4

The Mozilla Foundation has released Firefox 3.6.4 and Firefox 3.5.10 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. Some of thes...

7.1AI score
Exploits0References2
CISA
CISA
added 2010/01/22 12:0 a.m.18 views

RealNetworks, Inc. Releases Updates to Address Vulnerabilities

RealNetworks, Inc. has released updates to address multiple vulnerabilities in several versions of RealPlayer for Windows, Mac, and Linux and several versions of the Helix Player for Linux. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...

7.7AI score
Exploits0References1
CISA
CISA
added 2026/06/02 12:0 p.m.17 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-0492link is external Linux Kernel Improper Authentication Vulnerability CVE-2025-48595link is external Android Framework Integer Overflow Vulnerability The...

8.4CVSS7AI score0.05528EPSS
Exploits13References7
CISA
CISA
added 2026/03/11 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-68613link is external n8n Improper Control of Dynamically-Managed Code Resources Vulnerability This type of vulnerability is a frequent attack vector for...

9.9CVSS5.8AI score0.97875EPSS
Exploits29References6
CISA
CISA
added 2026/02/10 12:0 p.m.17 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-21510link is external Microsoft Windows Shell Protection Mechanism Failure Vulnerability CVE-2026-21513link is external Microsoft MSHTML Framework Security...

8.8CVSS5.5AI score0.25835EPSS
Exploits8References11
CISA
CISA
added 2025/08/07 12:0 p.m.17 views

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...

6.8AI score
Exploits0References10
CISA
CISA
added 2025/04/08 12:0 p.m.17 views

Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways

Updated April 8, 2025 CISA updated these mitigations based on identification of a new malware variant called RESURGE that could undermine the effectiveness of the mitigations previously provided. For more information on RESURGE, see MAR-25993211.R1.V1.CLEAR and CISA Releases Malware Analysis Repo...

9CVSS7.9AI score0.99971EPSS
Exploits13References8
CISA
CISA
added 2025/01/29 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation , as confirmed by Fortinet. CVE-2025-24085link is external Apple Multiple Products Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors...

10CVSS6.9AI score0.18668EPSS
Exploits5References6
CISA
CISA
added 2024/11/18 12:0 p.m.17 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212link is external Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012link is external Palo Alto Networks PAN-OS Management Interface...

10CVSS9AI score0.99698EPSS
Exploits27References11
CISA
CISA
added 2024/10/30 12:0 p.m.17 views

Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability CVE-2024-47575 to include additional workarounds and indicators of compromise IOCs. A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take...

9.8CVSS10AI score0.94761EPSS
Exploits7References4
CISA
CISA
added 2024/10/17 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40711link is external Veeam Backup and Replication Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

9.8CVSS7.2AI score0.88193EPSS
Exploits3References6
CISA
CISA
added 2024/10/03 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519link is external Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

10CVSS7.2AI score0.99976EPSS
Exploits4References6
CISA
CISA
added 2024/09/13 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8190link is external Ivanti Cloud Services Appliance OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

7.2CVSS8.2AI score0.88955EPSS
Exploits2References6
CISA
CISA
added 2024/08/13 12:0 p.m.17 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213...

8.8CVSS7.8AI score0.39457EPSS
Exploits5References11
CISA
CISA
added 2024/07/30 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...

7.2CVSS7.3AI score0.2677EPSS
Exploits0References6
CISA
CISA
added 2024/07/15 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

9.8CVSS7.6AI score0.99813EPSS
Exploits25References6
CISA
CISA
added 2024/06/12 12:0 p.m.17 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability These types of vulnerabilities are freque...

9.8CVSS7.9AI score0.99987EPSS
Exploits64References7
CISA
CISA
added 2024/05/14 12:0 p.m.17 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Thes...

8.8CVSS7AI score0.05687EPSS
Exploits2References7
CISA
CISA
added 2024/05/13 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4671 Google Chromium in Visuals Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

9.6CVSS7.2AI score0.08348EPSS
Exploits0References6
CISA
CISA
added 2024/04/24 12:0 p.m.17 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbo...

10CVSS8.9AI score0.99539EPSS
Exploits24References8
CISA
CISA
added 2024/03/06 12:0 p.m.17 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability These types of vulnerabilities a...

7.8CVSS6.7AI score0.01481EPSS
Exploits0References7
CISA
CISA
added 2024/02/09 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significan...

9.8CVSS9.6AI score0.80835EPSS
Exploits12References6
CISA
CISA
added 2024/01/08 12:0 p.m.17 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38203 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability CVE-2023-29300 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability...

9.8CVSS8.2AI score0.99984EPSS
Exploits65References11
CISA
CISA
added 2023/11/21 12:0 p.m.17 views

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

Today, the Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing & Analysis Center MS-ISAC, and Australian Signals Directorate’s Australian Cyber Security Center ASD’s ACSC released a joint Cybersecurity Advisory CSA,...

9.4CVSS9.3AI score0.99999EPSS
Exploits15References4
CISA
CISA
added 2023/11/07 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22518 Atlassian Confluence Data Center and Server Improper Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

10CVSS9.7AI score0.99999EPSS
Exploits14References7
CISA
CISA
added 2023/10/10 12:0 p.m.17 views

Citrix Releases Security Updates for Multiple Products

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply...

9.4CVSS9.3AI score0.99999EPSS
Exploits15References2
CISA
CISA
added 2023/05/09 12:0 p.m.17 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-129-02 Hitachi Energy MSM ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series Update F CISA...

7AI score
Exploits0References3
CISA
CISA
added 2023/01/12 12:0 a.m.17 views

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

0.8AI score
Exploits0References12
CISA
CISA
added 2022/11/17 12:0 a.m.17 views

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain 

Today, CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers. This publication follow...

7.2AI score
Exploits0References8
Total number of security vulnerabilities4188