4188 matches found
Apple Releases Safari 4.0.5
Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions...
Energizer DUO USB Battery Charger Software Allows Remote System Access
US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows an...
Apple Releases Security Update 2010-001
Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4004 and...
Microsoft Releases Security Advisory 979352
Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitatio...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-7473link is external Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability CVE-2026-11645link is external Google...
CISA Adds One Known Exploited Vulnerability to Catalog
Updated December 9, 2025: Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, see React Blog: Critical Security Vulnerability in React Server Componentslink is external. CISA has added one new vulnerability to its...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-322-01 Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio ICSA-25-322-02 Shel...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54236link is external Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287link is external Microsoft Windows Server Update...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-5777link is external Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability These types of vulnerabilities are frequent attack vectors for malicio...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30406link is external Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability CVE-2025-29824link is external Microsoft Windows Common Log File...
CISA Adds One Vulnerability to the KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-22457link is external Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20118link is external Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2022-43939link is external Hitachi Vantara Pentaho BA Server...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481link is external Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383link is external RoundCube Webmail Cross-Site Scripting XSS Vulnerability...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Updated September 25, 2024 CISA has removed one vulnerability from its Known Exploited Vulnerabilities Catalog, based on information found in the FAQ section of Microsoft's Security Update Guide for CVE-2024-43491link is external. CVE-2024-43491link is external Microsoft Windows Update Remote Cod...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7593link is external Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4978 Justice AV Solutions JAVS Viewer Installer Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29745 Android Pixel Information Disclosure Vulnerability CVE-2024-29748 Android Pixel Privilege Escalation Vulnerability These types of vulnerabilities are...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-21237 Android Pixel Information Disclosure Vulnerability CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity These types of vulnerabilities are...
CISA, NCSC-UK, and Partners Release Advisory on Russian SVR Actors Targeting Cloud Infrastructure
CISA, in partnership with UK National Cyber Security Centre NCSC and other U.S. and international partners released the joint advisory, SVR Cyber Actors Adapt Tactics for Initial Cloud Access. This advisory provides recent tactics, techniques, and procedures TTPs used by Russian Foreign...
JetBrains Releases Security Advisory for TeamCity On-Premises
JetBrains released a security advisory to address a vulnerability CVE-2024-23917 in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity...
Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways
Ivanti has released a security updatelink is external to address an authentication bypass vulnerability CVE-2023-46805link is external and a command injection vulnerability CVE-2024-21887link is external in all supported versions 9.x and 22.x of Connect Secure and Policy Secure gateways. A cyber...
CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793
Today, CISA—along with the U.S. Federal Bureau of Investigation FBI, National Security Agency NSA, Polish Military Counterintelligence Service SKW, CERT Polska CERT.PL, and the UK’s National Cyber Security Centre NCSC—released a joint Cybersecurity Advisory CSA, Russian Foreign Intelligence Servi...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-46747 F5 BIG-IP Authentication Bypass Vulnerability CVE-2023-46748 F5 BIG-IP SQL Injection Vulnerability These types of vulnerabilities are frequent attack...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20273 Cisco IOS XE Web UI Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco IOS XE software releas...
CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Today, CISA, Federal Bureau of Investigation FBI, and U.S. Cyber Command’s Cyber National Mission Force CNMF published a joint Cybersecurity Advisory CSA, Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 14, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...
Cisco Releases Security Advisory for Unified CM and Unified CM SME
Cisco released a security advisory for a vulnerability affecting Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updat...
CISA Releases Forty-One Industrial Control Systems Advisories
CISA has released forty-one 41 Industrial Control Systems ICS advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...
Cisco Releases Security Update for Cisco Identity Services Engine
Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine ISE. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security...
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA, Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat APT activity...
CISA Releases Six Industrial Control Systems Advisories
CISA has released six 6 Industrial Control Systems ICS advisories on September 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on September 08, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA Releases Five Industrial Control Systems Advisories
CISA has released five Industrial Control Systems ICS advisories on September 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories fo...
CISA Adds Ten Known Exploited Vulnerabilities to Catalog
CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly adde...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory CSA to provide information on ways in which People’s Republic of China PRC state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to...
Drupal Releases Security Updates
Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website. CISA encourages users...
Weak Security Controls and Practices Routinely Exploited for Initial Access
The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory CSA on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly adde...
U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors
CISA and the Federal Bureau of Investigation FBI have updated the joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with U.S. government attribution to Russian state-sponsored malicious cyber actors. The United...
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory CSA to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious...
APT Actors Target ICS/SCADA Devices
CISA, the Department of Energy DOE, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory CSA, warning that certain advanced persistent threat APT actors have exhibited the capability to gain full system access to multiple...
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address a vulnerability in Hypervisor. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX390511 and apply the necessary updates. This product is...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users...