Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2014/03/18 12:0 a.m.17 views

Google Releases Security Updates for Chrome

Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Updates available include: Chrome 33.0.1750.154 for Windows. Chrome 33.0.1750.152 for Mac and Linux. Chrome 33.0.1750.152 fo...

7.7AI score
Exploits0References3
CISA
CISA
added 2013/06/18 12:0 a.m.17 views

Oracle Java SE Critical Patch Update Announcement - June 2013

Oracle has released a June 2013 Critical Patch Update for Oracle Java SE. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. The update contains 40 new security vulnerability fixes, including a patch for Oracle JavaDoc frame injection...

7.2AI score
Exploits0References2
CISA
CISA
added 2013/01/30 12:0 a.m.17 views

Apple Releases iOS 6.1

Apple has released iOS 6.1 for the iPhone 3GS and later, iPod touch 4th generation and later, and iPad 2 and later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges or execute arbitrary code. US-CERT encourages users and...

7.5AI score
Exploits0References1
CISA
CISA
added 2012/12/03 12:0 a.m.17 views

Google Releases Google Chrome 23.0.1271.95

Google has released Google Chrome 23.0.1271.95 for Windows, Mac, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities could result in a denial of service or allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome...

7.5AI score
Exploits0References1
CISA
CISA
added 2012/06/13 12:0 a.m.17 views

Oracle Releases Critical Patch Update for June 2012

Oracle released its Critical Patch Update for June 2012 containing 14 security fixes for the following products: JDK and JRE 7 Updates 4 and earlier JDK and JRE 6 Update 32 and earlier JDK and JRE 5.0 Update 35 and earlier SDK and JRE 1.4.237 and earlier JavaFX 2.1 and earlier US-CERT encourages...

6.6AI score
Exploits0References1
CISA
CISA
added 2012/03/28 12:0 a.m.17 views

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a Security Advisory for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems Adobe Flash Player 11.1.111.7 and earlier...

6.9AI score
Exploits0References2
CISA
CISA
added 2012/02/23 12:0 a.m.17 views

DNSChanger Malware

UPDATE: On March 5, 2012, a federal judge agreed to allow more time for organizations and individuals to clean systems of the DNSChanger malware and extended the deadline for shutting off servers that had been keeping infected computers connected to the internet. Although the new deadline is July...

6.7AI score
Exploits0References4
CISA
CISA
added 2012/01/24 12:0 a.m.17 views

Symantec pcAnywhere Hotfix

Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows: pcAnywhere 12.5 SP3 pcAnywhere Solutions 7.1 GA, SP 1, and SP 2 US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and appl...

6.9AI score
Exploits0References1
CISA
CISA
added 2011/11/08 12:0 a.m.17 views

Adobe Releases Security Bulletin for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. These vulnerabilities affect Shockwave Player 11.6.1.629 and earlier versions for the Windows and Macintosh...

7.7AI score
Exploits0References1
CISA
CISA
added 2011/10/27 12:0 a.m.17 views

Apple Releases QuickTime 7.7.1

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5016 a...

7.5AI score
Exploits0References1
CISA
CISA
added 2011/06/06 12:0 a.m.17 views

VideoLAN Releases VLC Media Player 1.1.10

VideoLAN has released VLC Media Player 1.1.10 to address an integer overflow vulnerability in the xspf demuxer. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the release notes for VLC Media Player 1.1.10 a...

7.8AI score
Exploits0References1
CISA
CISA
added 2011/06/02 12:0 a.m.17 views

Gmail Phishing Attack

US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials' Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that...

6.8AI score
Exploits0References4
CISA
CISA
added 2011/02/02 12:0 a.m.17 views

VideoLAN Releases Security Advisory for VLC Media Player

VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1102 and apply any necessary updates or...

7.4AI score
Exploits0References1
CISA
CISA
added 2010/12/03 12:0 a.m.17 views

Google Releases Chrome 8.0.552.215

Google has released Chrome 8.0.552.215 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and administrators to revi...

7.5AI score
Exploits0References1
CISA
CISA
added 2010/04/07 12:0 a.m.17 views

Adobe Releases Guidance for Launch Functionality Mitigation in Acrobat and Reader

Adobe has released a blog entry addressing a vulnerability in Acrobat and Reader. This vulnerability exists due to the way in which Adobe Acrobat and Adobe Reader handle launch actions embedded in PDFs. When users open a PDF that contains a launch action, they are presented with a dialog box...

7.2AI score
Exploits0References3
CISA
CISA
added 2010/03/04 12:0 a.m.17 views

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities. Security advisory cisco-sa-20100303-cucm, addresses multiple vulnerabilities in the Cisco Unified Communications Manager which affect the Session Initiation Protocol SIP, Skinny Client Control Protocol SCCP, and the Computer...

6.8AI score
Exploits0References6
CISA
CISA
added 2026/01/12 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-8110link is external Gogs Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significan...

8.8CVSS6.8AI score0.7654EPSS
Exploits15References6
CISA
CISA
added 2025/12/04 12:0 p.m.16 views

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

6.6AI score
Exploits0References10
CISA
CISA
added 2025/08/25 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-8069link is external Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068link is external Citrix Session Recording...

8CVSS8.1AI score0.14736EPSS
Exploits11References8
CISA
CISA
added 2025/08/13 12:0 p.m.16 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-8875link is external N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876link is external N-able N-central Command Injection Vulnerability...

9.4CVSS7.7AI score0.03171EPSS
Exploits1References7
CISA
CISA
added 2025/01/16 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603link is external Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

10CVSS10AI score0.98545EPSS
Exploits5References6
CISA
CISA
added 2024/12/16 12:0 p.m.16 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767link is external Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250link is external Microsoft Windows Kernel-Mode Driver Untrusted...

7.8CVSS7.7AI score0.98514EPSS
Exploits14References7
CISA
CISA
added 2024/12/13 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50623link is external Cleo Multiple Products Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cybe...

9.8CVSS9.8AI score0.98529EPSS
Exploits6References6
CISA
CISA
added 2024/11/21 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308link is external Apple Multiple Products Code Execution Vulnerability CVE-2024-44309link is external Apple Multiple Products Cross-Site Scripting XSS...

9.8CVSS7.1AI score0.99698EPSS
Exploits19References11
CISA
CISA
added 2024/10/24 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation , as confirmed by Fortinet. CVE-2024-47575link is external Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent attack...

9.8CVSS9.8AI score0.94761EPSS
Exploits7References8
CISA
CISA
added 2024/09/19 12:0 p.m.16 views

Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance

Ivanti has released a security update to address an admin bypass vulnerability CVE-2024-8963link is external affecting Ivanti Cloud Services Appliance CSA version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190link is external–detailed in a Sept. 13...

9.4CVSS7.6AI score0.98557EPSS
Exploits3References6
CISA
CISA
added 2024/09/16 12:0 p.m.16 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43461link is external Microsoft Windows MSHTML Platform Spoofing Vulnerability CVE-2024-6670link is external Progress WhatsUp Gold SQL Injection Vulnerability...

9.8CVSS10AI score0.94661EPSS
Exploits2References7
CISA
CISA
added 2024/08/13 12:0 p.m.16 views

Ivanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager

Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager vTM. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface...

10AI score
Exploits0References4
CISA
CISA
added 2024/06/03 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3506 Oracle WebLogic Server OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

7.4CVSS7.5AI score0.96015EPSS
Exploits9References6
CISA
CISA
added 2024/05/28 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-5274 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...

9.6CVSS7.2AI score0.1002EPSS
Exploits3References6
CISA
CISA
added 2024/05/16 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-100005 D-Link DIR-600 Router Cross-Site Request Forgery CSRF Vulnerability CVE-2021-40655 D-Link DIR-605 Router Information Disclosure Vulnerability...

8.8CVSS7.5AI score0.87039EPSS
Exploits5References8
CISA
CISA
added 2024/03/25 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance EPM CSA Code Injection Vulnerabilit...

10CVSS8.7AI score0.99105EPSS
Exploits29References8
CISA
CISA
added 2024/03/25 12:0 p.m.16 views

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

Today, CISA and the Federal Bureau of Investigation FBI released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent, well-publicized exploitation of SQL injection SQLi defects in a managed file transfer application...

9.8CVSS8.3AI score0.99934EPSS
Exploits15References4
CISA
CISA
added 2024/03/04 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for...

7.8CVSS7.2AI score0.51865EPSS
Exploits13References6
CISA
CISA
added 2024/01/22 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

9.8CVSS9.7AI score0.99428EPSS
Exploits1References6
CISA
CISA
added 2024/01/17 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway Code Injection...

8.8CVSS8.8AI score0.57633EPSS
Exploits1References9
CISA
CISA
added 2023/12/08 12:0 p.m.16 views

Atlassian Releases Security Advisories for Multiple Products

Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply th...

9.8CVSS10AI score0.99615EPSS
Exploits9References4
CISA
CISA
added 2023/12/07 12:0 p.m.16 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41265 Qlik Sense HTTP Tunneling Vulnerability CVE-2023-41266 Qlik Sense Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors...

9.9CVSS7AI score0.84967EPSS
Exploits0References7
CISA
CISA
added 2023/12/05 12:0 p.m.16 views

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Today, CISA released a Cybersecurity Advisory CSA, Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs. The vulnerability in ColdFusion CVE-2023-26360 presen...

9.8CVSS7.2AI score0.97115EPSS
Exploits13References4
CISA
CISA
added 2023/11/16 12:0 p.m.16 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36584 Microsoft Windows Mark of the Web MOTW Security Feature Bypass Vulnerability CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability...

9.8CVSS7.2AI score0.99999EPSS
Exploits28References8
CISA
CISA
added 2023/11/02 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-46604 Apache ActiveMQ Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...

10CVSS7.3AI score0.99654EPSS
Exploits31References6
CISA
CISA
added 2023/10/26 12:0 p.m.16 views

VMware Releases Security Advisory for vCenter Server

VMware released a security advisory for vulnerabilities CVE-2023-34048, CVE-2023-34056 affecting the VMware vCenter Serverlink is external. A remote cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

9.8CVSS10AI score0.99428EPSS
Exploits1References1
CISA
CISA
added 2023/10/16 12:0 p.m.16 views

CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

Today, CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-22515. This critical vulnerability affects certain versions of Atlassian...

10CVSS9.5AI score0.99156EPSS
Exploits39References2
CISA
CISA
added 2023/10/16 12:0 p.m.16 views

Cisco Releases Security Advisory for IOS XE Software Web UI

Cisco released a security advisory to address a vulnerability CVE-2023-20198 affecting IOS XE Software Web UIlink is external. A cyber threat actor can exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the Cisco security...

10CVSS9.8AI score0.99571EPSS
Exploits26References4
CISA
CISA
added 2023/09/18 12:0 p.m.16 views

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Zyxel EMG2926 Route...

10CVSS10AI score0.99975EPSS
Exploits51References14
CISA
CISA
added 2023/08/21 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...

9.8CVSS7AI score0.17937EPSS
Exploits1References6
CISA
CISA
added 2022/09/22 12:0 a.m.16 views

CISA Releases Three Industrial Control Systems Advisories

CISA has released three Industrial Control Systems ICS advisories on September 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...

1.5AI score
Exploits0References3
CISA
CISA
added 2021/06/15 12:0 a.m.16 views

Apple Releases Security Updates for iOS 12.5.4

Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provid...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/06/09 12:0 a.m.16 views

CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets

CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology OT assets and control systems. The guidance: provides steps to prepare for, mitigate against, and respond to attacks; details how the...

6.9AI score
Exploits0References3
CISA
CISA
added 2021/06/02 12:0 a.m.16 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following Cisco advisory and apply the necessary updates: Lasso SAM...

6.8AI score
Exploits0References1
Total number of security vulnerabilities4188