Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2025/08/12 12:0 p.m.73 views

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

Update 08/12/2025: CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker. Update 08/07/2025: CISA issued Emergency Directive ED 25-02: Mitigate Microsoft...

8CVSS7.1AI score0.07448EPSS
Exploits0References10
CISA
CISA
added 2024/03/25 12:0 p.m.73 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance EPM CSA Code Injection Vulnerabilit...

10CVSS8.7AI score0.99105EPSS
Exploits29References8
CISA
CISA
added 2023/01/23 12:0 a.m.73 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...

1.7AI score
Exploits0References5
CISA
CISA
added 2021/04/02 12:0 a.m.73 views

VMware Releases Security Update

VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-005 and...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/09/22 12:0 a.m.72 views

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international...

6.7AI score
Exploits0References3
CISA
CISA
added 2021/05/25 12:0 a.m.72 views

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

6.9AI score
Exploits0References6
CISA
CISA
added 2019/04/26 12:0 a.m.72 views

Oracle Releases Security Alert

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Oracle Security Alert...

7.5CVSS2.8AI score0.99964EPSS
Exploits35References2
CISA
CISA
added 2025/06/10 12:0 p.m.71 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-24016link is external Wazuh Server Deserialization of Untrusted Data Vulnerability CVE-2025-33053link is external Web Distributed Authoring and Versioning...

9.9CVSS7.3AI score0.93027EPSS
Exploits20References7
CISA
CISA
added 2021/02/02 12:0 a.m.71 views

Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products

CISA is aware of a vulnerability in SonicWall Secure Mobile Access SMA 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a...

6.9AI score
Exploits0References1
CISA
CISA
added 2020/10/16 12:0 a.m.71 views

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...

9.3CVSS8.1AI score0.04581EPSS
Exploits0References2
CISA
CISA
added 2022/11/10 12:0 a.m.69 views

CISA Releases SSVC Methodology to Prioritize Vulnerabilities

Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization SSVC, a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular...

0.4AI score
Exploits0References5
CISA
CISA
added 2015/07/08 12:0 a.m.69 views

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9-version 9.9.7-P1 BIND 9-version 9.10.2-P2 Users and...

7.8CVSS2.8AI score0.37872EPSS
Exploits0References1
CISA
CISA
added 2026/02/10 12:0 p.m.67 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-21510link is external Microsoft Windows Shell Protection Mechanism Failure Vulnerability CVE-2026-21513link is external Microsoft MSHTML Framework Security...

8.8CVSS5.5AI score0.25835EPSS
Exploits8References11
CISA
CISA
added 2021/06/10 12:0 a.m.67 views

Google Releases Security Updates for Chrome

Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild. CISA encourages users a...

6.8CVSS1.9AI score0.64701EPSS
Exploits1References2
CISA
CISA
added 2020/01/17 12:0 a.m.67 views

Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory

Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller ADC and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citr...

7.5CVSS2.2AI score0.99999EPSS
Exploits48References4
CISA
CISA
added 2018/04/12 12:0 a.m.67 views

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Juniper Security Advisories...

8.5CVSS0.9AI score0.74881EPSS
Exploits16References13
CISA
CISA
added 2014/10/07 12:0 a.m.67 views

Oracle Patches Bash Vulnerabilities

Oracle has released security updates to address bash vulnerabilities found across multiple products. US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary. This product is provided subject to this Notification and thi...

10CVSS2.1AI score0.9994EPSS
Exploits18References1
CISA
CISA
added 2025/02/04 12:0 p.m.66 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195link is external Apache OFBiz Forced Browsing Vulnerability CVE-2024-29059link is external Microsoft .NET Framework Information Disclosure Vulnerability...

9.8CVSS7.6AI score0.99983EPSS
Exploits13References9
CISA
CISA
added 2021/07/04 12:0 a.m.66 views

CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack

CISA and the Federal Bureau of Investigation FBI continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers MSPs and their customers. CISA and FBI strongly urge affected MSPs and their customers to...

7.2AI score
Exploits0References6
CISA
CISA
added 2018/05/08 12:0 a.m.66 views

Debug Exception May Cause Unexpected Behavior

CERT Coordination Center CERT/CC has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information. NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU 631579 for more...

7.2CVSS1.3AI score0.18696EPSS
Exploits9References2
CISA
CISA
added 2022/06/03 12:0 a.m.65 views

Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134

Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known...

7.5CVSS3.1AI score0.99999EPSS
Exploits76References3
CISA
CISA
added 2025/09/29 12:0 p.m.64 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-21311link is external Adminer Server-Side Request Forgery Vulnerability CVE-2025-20352link is external Cisco IOS and IOS XE Software SNMP Denial of Servic...

10CVSS8.1AI score0.99614EPSS
Exploits77References10
CISA
CISA
added 2025/05/14 12:0 p.m.64 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-32756link is external Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicio...

9.8CVSS7.3AI score0.31974EPSS
Exploits3References6
CISA
CISA
added 2020/08/21 12:0 a.m.64 views

ISC Releases Security Advisories for BIND

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructu...

5CVSS2.2AI score0.06348EPSS
Exploits0References5
CISA
CISA
added 2020/08/14 12:0 a.m.64 views

Apache Releases Security Advisory for Struts 2

The Apache Software Foundation has released a security advisory to address vulnerabilities in Struts in the version range 2.0.0—2.5.20. An attacker could exploit one of these vulnerabilities to take control of an affected system. The current version, Struts 2.5.22, is not affected. The...

7.5CVSS2.7AI score0.97399EPSS
Exploits15References1
CISA
CISA
added 2019/10/17 12:0 a.m.65 views

ISC Releases Security Advisories for BIND

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructu...

5CVSS7.4AI score0.02883EPSS
Exploits0References2
CISA
CISA
added 2019/08/06 12:0 a.m.64 views

SWAPGS Spectre Side-Channel Vulnerability

The Cybersecurity and Infrastructure Security Agency CISA is aware of a vulnerability CVE-2019-1125 known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory...

2.1CVSS1.5AI score0.04521EPSS
Exploits4References4
CISA
CISA
added 2026/06/05 12:0 p.m.63 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-28318link is external SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This type of vulnerability is a frequent attack vector for malicious...

7.5CVSS5.4AI score0.10659EPSS
Exploits2References6
CISA
CISA
added 2026/02/18 12:0 p.m.63 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-22175link is external GitLab Server-Side Request Forgery SSRF Vulnerability CVE-2026-22769link is external Dell RecoverPoint for Virtual Machines RP4VMs Us...

10CVSS8.6AI score0.53372EPSS
Exploits2References7
CISA
CISA
added 2015/09/24 12:0 a.m.63 views

Cisco Semiannual Security Advisory Bundle

Cisco has released its semiannual IOS and IOS XE Software Security Advisory bundle to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to bypass user authentication or cause a denial-of-service condition. US-CERT encourages users and...

7.3AI score
Exploits0References1
CISA
CISA
added 2021/09/16 12:0 a.m.62 views

Microsoft Releases Security Update for Azure Linux Open Management Infrastructure

Updated, September 17 On September 16, 2021, Microsoft released additional guidance on Open Management Infrastructure OMI vulnerabilities—CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647—which impact Azure VM Management Extensions. According to Microsoft, “customers must update...

7.5CVSS0.9AI score0.99723EPSS
Exploits20References8
CISA
CISA
added 2021/08/30 12:0 a.m.62 views

CISA Adds Single-Factor Authentication to list of Bad Practices

Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such...

7.4AI score
Exploits0References3
CISA
CISA
added 2021/11/09 12:0 a.m.61 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements and...

9CVSS7.7AI score0.01984EPSS
Exploits0References8
CISA
CISA
added 2020/07/04 12:0 a.m.61 views

F5 Releases Security Advisory for BIG-IP TMUI RCE vulnerability, CVE-2020-5902

F5 has released a security advisory to address a remote code execution RCE vulnerability—CVE-2020-5902—in the BIG-IP Traffic Management User Interface TMUI. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CIS...

10CVSS3.2AI score0.99999EPSS
Exploits60References2
CISA
CISA
added 2023/08/29 12:0 p.m.60 views

CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA has released additional indicators of compromise IOCs associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway ESG Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this...

9.8CVSS10AI score0.86956EPSS
Exploits3References6
CISA
CISA
added 2021/09/03 12:0 a.m.60 views

Atlassian Releases Security Updates for Confluence Server and Data Center

On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability CVE-2021-26084 affecting Confluence Server and Data Center. Recently, CVE-2021-26084 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take contr...

7.5CVSS4.4AI score0.99999EPSS
Exploits45References1
CISA
CISA
added 2021/07/16 12:0 a.m.60 views

Google Releases Security Updates for Chrome

Google has released Chrome version 91.0.4472.164 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30563—has been detected in exploits in the wild. CISA encourages users a...

6.8CVSS1.9AI score0.08928EPSS
Exploits0References1
CISA
CISA
added 2021/07/15 12:0 a.m.60 views

New StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware

The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new...

6.6AI score
Exploits0References3
CISA
CISA
added 2020/10/14 12:0 a.m.60 views

Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol TCP/IP stack handling of Internet Control Message Protocol version 6 ICMPv6 Router Advertisement packets. A remote attacker could exploit this vulnerability to take...

5.8CVSS8.3AI score0.09686EPSS
Exploits12References1
CISA
CISA
added 2020/07/14 12:0 a.m.60 views

Apache Releases Security Advisories for Apache Tomcat

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrato...

5CVSS2.1AI score0.87553EPSS
Exploits1References2
CISA
CISA
added 2015/11/17 12:0 a.m.60 views

Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip

Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to revi...

7.1AI score
Exploits0References3
CISA
CISA
added 2025/12/12 12:0 p.m.59 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-4063link is external Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent...

9CVSS6.9AI score0.27851EPSS
Exploits3References6
CISA
CISA
added 2021/08/10 12:0 a.m.59 views

Adobe Releases Security Updates for Multiple Products 

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

6.7AI score
Exploits0References3
CISA
CISA
added 2024/12/16 12:0 p.m.58 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767link is external Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250link is external Microsoft Windows Kernel-Mode Driver Untrusted...

7.8CVSS7.7AI score0.98514EPSS
Exploits14References7
CISA
CISA
added 2023/11/28 12:0 p.m.57 views

Exploitation of Unitronics PLCs used in Water and Wastewater Systems

CISA is responding to active exploitationlink is external of Unitronics programmable logic controllers PLCs used in the Water and Wastewater Systems WWS Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility...

9.8CVSS9.5AI score0.02089EPSS
Exploits0References13
CISA
CISA
added 2023/02/21 12:0 a.m.57 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 Mitel MiVoice Connect...

1.9AI score0.99968EPSS
Exploits5References8
CISA
CISA
added 2021/06/18 12:0 a.m.57 views

Google Releases Security Updates for Chrome

Google has released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30554—has been detected in exploits in the wild. CISA encourages users a...

6.8CVSS1.9AI score0.07367EPSS
Exploits0References1
CISA
CISA
added 2011/04/15 12:0 a.m.57 views

Oracle Releases Critical Patch Update for April 2011

Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes: 6 updates for the Oracle Database Server 9 updates for Oracle Fusion Middleware 1 update for Oracle Enterprise Manager Grid...

4.4CVSS6.1AI score0.00387EPSS
Exploits0References3
CISA
CISA
added 2024/06/26 12:0 p.m.56 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability CVE-2020-13965 Roundcube Webmail...

10CVSS7AI score0.98739EPSS
Exploits10References8
CISA
CISA
added 2023/11/14 12:0 p.m.56 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36033 Microsoft Windows Desktop Window Manager DWM Core Library Privilege Escalation Vulnerability CVE-2023-36025 Microsoft Windows SmartScreen Security...

8.8CVSS7.3AI score0.88196EPSS
Exploits2References8
Total number of security vulnerabilities4188