Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2013/10/03 12:0 a.m.16 views

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, an...

6.7AI score
Exploits0References1
CISA
CISA
added 2013/09/10 12:0 a.m.16 views

Security Update Available for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities, if exploited, could allow an attacker to run malicious code on an affected system. US-CERT recommends that users an...

6.9AI score
Exploits0References1
CISA
CISA
added 2013/05/16 12:0 a.m.16 views

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 21.0 Firefox ESR 17.0.6 Thunderbird 17.0.6 Thunderbird ESR 17.0.6 These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtai...

7.6AI score
Exploits0References4
CISA
CISA
added 2013/03/05 12:0 a.m.16 views

Google Releases Google Chrome 25.0.1364.152

Google has released Google Chrome 25.0.1364.152 for Windows, Linux, and Mac to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security features, or cause a denial-of-service condition. US-CERT encourages users and administrators to...

7.6AI score
Exploits0References1
CISA
CISA
added 2012/09/28 12:0 a.m.16 views

Adobe Releases Security Bulletin About Code Signing Certificate

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...

7AI score
Exploits0References1
CISA
CISA
added 2012/07/12 12:0 a.m.16 views

Microsoft Releases a Security Advisory for Microsoft Digital Certificates

Microsoft has released security advisory 2728973 to replace a number of certificates that did not meet Microsoft's high standard of Public-Key Infrastructure PKI management. This update places the intermediate certificate authority CA certificates in the Untrusted Certificate Store and replaces...

6.5AI score
Exploits0References2
CISA
CISA
added 2012/04/05 12:0 a.m.16 views

Microsoft Releases April Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012. These vulnerabilities may...

8.1AI score
Exploits0References2
CISA
CISA
added 2012/02/14 12:0 a.m.16 views

Oracle Releases Critical Patch Update for February 2012

Oracle released its February Critical Patch Update CPU containing 14 security fixes for the following products: JDK and JRE 7 Update 2 and earlier JDK and JRE 5 Update 30 and earlier JDK and JRE 5.0 Update 33 and earlier SDK and JRE 1.4.235 and earlier JavaFX 2.0.2 and earlier US-CERT encourages...

6.6AI score
Exploits0References1
CISA
CISA
added 2012/01/10 12:0 a.m.16 views

Phishing Campaign Using Spoofed US-CERT Email Addresses

On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...

6.4AI score
Exploits0References3
CISA
CISA
added 2012/01/06 12:0 a.m.16 views

Google Releases Chrome 16.0.912.75

Google has released Chrome 16.0.912.75 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

7.6AI score
Exploits0References1
CISA
CISA
added 2011/12/08 12:0 a.m.16 views

Adobe Releases Security Advisory for Adobe Reader and Acrobat

Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions: Adobe Reader X 10.1.1 and earlier versions for Windows and Macintosh Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and Unix Adobe Acrobat...

6.6AI score
Exploits0References4
CISA
CISA
added 2011/09/21 12:0 a.m.16 views

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adob...

6.9AI score
Exploits0References2
CISA
CISA
added 2011/08/29 12:0 a.m.16 views

Potential Hurricane Irene Phishing Scams

In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem...

6.8AI score
Exploits0References4
CISA
CISA
added 2011/08/17 12:0 a.m.16 views

Mozilla Releases Firefox 6 and 3.6.20

The Mozilla Foundation has released Firefox 6 and Firefox 3.6.20 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review th...

7.7AI score
Exploits0References2
CISA
CISA
added 2011/05/16 12:0 a.m.16 views

Mississippi Flooding Disaster Email Scams, Fake Antivirus, and Phishing Attack Warning

Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash...

6.6AI score
Exploits0References5
CISA
CISA
added 2011/04/06 12:0 a.m.16 views

WordPress Releases Version 3.1.1

WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition. US-CERT encourages users and...

6.7AI score
Exploits0References1
CISA
CISA
added 2011/03/30 12:0 a.m.16 views

Cisco Releases Security Advisories

Cisco has released a security advisory to address a vulnerability in some versions of Cisco Secure Access Control System ACS. This vulnerability may allow an attacker to change the password of a user account without any previous access to the user's account or knowledge of the account's previous...

7AI score
Exploits0References2
CISA
CISA
added 2011/02/08 12:0 a.m.16 views

Adobe Releases Updates for Adobe Reader and Acrobat

Adobe has released updates for Reader and Acrobat to address multiple vulnerabilities affecting the following software versions: Adobe Reader X 10.0 and earlier versions for Windows and Macintosh Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh, and Unix Adobe Acrobat x 10.0 and...

6.9AI score
Exploits0References1
CISA
CISA
added 2010/11/10 12:0 a.m.16 views

Adobe Releases Security Update for Flash Media Server

Adobe has released Flash Media Server 4.0.1, 3.5.5, and 3.0.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-27 and apply appropriate updates to help...

7.7AI score
Exploits0References1
CISA
CISA
added 2010/09/09 12:0 a.m.16 views

Cisco Releases Updates for Wireless LAN Controller

Cisco has released updates to address multiple vulnerabilities in the Cisco Wireless LAN Controller WLC. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition, modify the device configuration, or bypass access control lists. US-CERT encourages...

7.1AI score
Exploits0References1
CISA
CISA
added 2010/08/20 12:0 a.m.16 views

Google Releases Chrome 5.0.375.127

Google has released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks. US-CERT encourages users and administrators to review th...

7.6AI score
Exploits0References1
CISA
CISA
added 2010/08/05 12:0 a.m.16 views

Microsoft Releases Advance Notification for August Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will hav...

6.6AI score
Exploits0References1
CISA
CISA
added 2010/08/02 12:0 a.m.16 views

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote...

7.3AI score
Exploits0References6
CISA
CISA
added 2026/05/15 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42897link is external Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

8.1CVSS5.8AI score0.0564EPSS
Exploits1References6
CISA
CISA
added 2026/04/20 12:0 p.m.15 views

​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency CISA is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager npm.1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments...

6AI score
Exploits0References9
CISA
CISA
added 2026/02/20 12:0 p.m.15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-49113link is external RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461link is external RoundCube Webmail Cross-site Scripti...

9.9CVSS5.5AI score0.89462EPSS
Exploits30References7
CISA
CISA
added 2026/01/26 12:0 p.m.15 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-14634link is external Linux Kernel Integer Overflow Vulnerability CVE-2025-52691link is external SmarterTools SmarterMail Unrestricted Upload of File with...

10CVSS7.4AI score0.98871EPSS
Exploits96References10
CISA
CISA
added 2026/01/13 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20805link is external Microsoft Windows Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actor...

5.5CVSS6.6AI score0.05028EPSS
Exploits5References6
CISA
CISA
added 2025/12/18 12:0 p.m.15 views

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor...

6.6AI score
Exploits0References9
CISA
CISA
added 2025/10/30 12:0 p.m.15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-24893link is external XWiki Platform Eval Injection Vulnerability CVE-2025-41244link is external Broadcom VMware Aria Operations and VMware Tools Privilege...

9.8CVSS7.2AI score0.99898EPSS
Exploits53References7
CISA
CISA
added 2025/07/24 12:0 p.m.15 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on July 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-205-01 Mitsubishi Electric CNC Series ICSA-25-205-02 Network Thermostat X-Series WiFi...

7AI score
Exploits0References6
CISA
CISA
added 2025/07/22 12:0 p.m.15 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...

9.8CVSS7.3AI score0.92034EPSS
Exploits10References9
CISA
CISA
added 2025/01/23 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023link is external JQuery Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pos...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References6
CISA
CISA
added 2025/01/14 12:0 p.m.15 views

Ivanti Releases Security Updates for Multiple Products

Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Avalanchelink is...

7.8CVSS7.2AI score0.00222EPSS
Exploits0References3
CISA
CISA
added 2024/11/04 12:0 p.m.15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8957link is external PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability CVE-2024-8956link is external PTZOptics PT30X-SDI/NDI Cameras...

9.1CVSS7.6AI score0.81973EPSS
Exploits2References7
CISA
CISA
added 2024/10/31 12:0 p.m.15 views

Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology IT. The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote deskto...

7.7AI score
Exploits0References5
CISA
CISA
added 2024/10/15 12:0 p.m.15 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088link is external Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680link is external Mozilla Firefox Use-After-Free Vulnerability...

9.8CVSS8.8AI score0.93159EPSS
Exploits13References9
CISA
CISA
added 2024/10/02 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824link is external Ivanti Endpoint Manager EPM SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

9.6CVSS8.4AI score0.99951EPSS
Exploits5References6
CISA
CISA
added 2024/09/20 12:0 p.m.15 views

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

Versa Networks has released an advisory for a vulnerability CVE-2024-45229link is external affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, repo...

6.6CVSS6.9AI score0.00509EPSS
Exploits0References2
CISA
CISA
added 2024/07/29 12:0 p.m.15 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-45249 Acronis...

9.8CVSS7.2AI score0.99976EPSS
Exploits11References8
CISA
CISA
added 2024/05/30 12:0 p.m.15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability These types of...

8.6CVSS7.4AI score0.99978EPSS
Exploits68References7
CISA
CISA
added 2024/04/12 12:0 p.m.15 views

Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

Palo Alto Networks has released workaround guidance for a command injection vulnerability CVE-2024-3400 affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. CISA encourages users and administrators to review the Pal...

10CVSS10AI score0.99999EPSS
Exploits43References4
CISA
CISA
added 2024/04/04 12:0 p.m.15 views

Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways

Ivanti has released security updates to address vulnerabilities in all supported versions 9.x and 22.x of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encourage...

9.8CVSS7.3AI score0.18987EPSS
Exploits0References1
CISA
CISA
added 2024/02/29 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

8.4CVSS7AI score0.22133EPSS
Exploits2References6
CISA
CISA
added 2024/01/11 12:0 p.m.15 views

Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved

Juniper Networks has released a security advisory to address a vulnerability CVE-2024-21611 in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Juniper Advisory...

7.5CVSS6.9AI score0.00586EPSS
Exploits0References1
CISA
CISA
added 2023/11/13 12:0 p.m.15 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-47246 SysAid Server Path Traversal Vulnerability CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845...

9.8CVSS7.4AI score0.98851EPSS
Exploits31References11
CISA
CISA
added 2023/10/19 12:0 p.m.15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability These types of...

9.4CVSS9.9AI score0.99999EPSS
Exploits15References7
CISA
CISA
added 2023/10/03 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4211 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

5.5CVSS9.7AI score0.01361EPSS
Exploits1References6
CISA
CISA
added 2023/09/21 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41179 Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for...

7.2CVSS7.7AI score0.04739EPSS
Exploits0References6
CISA
CISA
added 2023/09/19 12:0 p.m.15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risk...

8.8CVSS7.1AI score0.06736EPSS
Exploits2References6
Total number of security vulnerabilities4188