Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2010/06/25 12:0 a.m.11 views

Google Releases Chrome 5.0.375.86

Google has released Chrome 5.0.375.86 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google Chrome Releases bl...

7.1AI score
Exploits0References1
CISA
CISA
added 2010/06/10 12:0 a.m.11 views

Microsoft Windows Help and Support Center Vulnerability

US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands. US-CERT encourages users a...

7.3AI score
Exploits0References1
CISA
CISA
added 2010/04/28 12:0 a.m.11 views

Google Releases Chrome 4.1.249.1064

Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...

7.9AI score
Exploits0References1
CISA
CISA
added 2010/04/15 12:0 a.m.11 views

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory...

7.4AI score
Exploits0References2
CISA
CISA
added 2010/04/09 12:0 a.m.11 views

VMware Releases Security Advisory VMSA-2010-0007

VMware has released security advisory VMSA-2010-0007 to address multiple vulnerabilities in VMware hosted products, vCENTER Server and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cau...

7.6AI score
Exploits0References2
CISA
CISA
added 2010/03/03 12:0 a.m.11 views

Microsoft Re-Releases Security Bulletin MS10-015

Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to...

6.6AI score
Exploits0References5
CISA
CISA
added 2010/03/02 12:0 a.m.11 views

Microsoft Releases Security Advisory to Address VBScript Vulnerability

Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document web page...

6.8AI score
Exploits0References3
CISA
CISA
added 2010/02/12 12:0 a.m.11 views

Google Releases Chrome 4.0.249.89

Google has released Chrome 4.0.249.89 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

7.8AI score
Exploits0References1
CISA
CISA
added 2010/01/21 12:0 a.m.11 views

Microsoft Releases Cumulative Security Update for Internet Explorer

Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security...

7.6AI score
Exploits0References2
CISA
CISA
added 2026/04/06 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-35616link is external - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious...

9.8CVSS6AI score0.88505EPSS
Exploits8References6
CISA
CISA
added 2026/04/02 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3502link is external TrueConf Client Download of Code Without Integrity Check Vulnerability This type of vulnerability is a frequent attack vector for...

7.8CVSS6.1AI score0.0575EPSS
Exploits2References6
CISA
CISA
added 2026/03/13 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3909link is external Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910link is external Google Chromium V8 Unspecified Vulnerability These types o...

8.8CVSS5.8AI score0.02EPSS
Exploits1References7
CISA
CISA
added 2026/01/27 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-24858link is external Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability This type of vulnerability is a...

9.8CVSS5.9AI score0.85844EPSS
Exploits0References6
CISA
CISA
added 2025/12/29 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14847link is external MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability This type of vulnerability is a frequent...

8.7CVSS6.9AI score0.83007EPSS
Exploits39References6
CISA
CISA
added 2025/12/23 12:0 p.m.10 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS Advisory. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems Update B CISA encourages users and administrators to...

6.6AI score
Exploits0References1
CISA
CISA
added 2025/12/22 12:0 p.m.10 views

NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment

The Cybersecurity and Infrastructure Security Agency CISA and National Institute of Standards and Technology NIST have released an initial draft of Interagency Report IR 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report ...

7AI score
Exploits0References4
CISA
CISA
added 2025/12/17 12:0 p.m.10 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-20393link is external Cisco Multiple Products Improper Input Validation Vulnerability CVE-2025-40602link is external SonicWall SMA1000 Missing...

10CVSS6.7AI score0.2906EPSS
Exploits3References8
CISA
CISA
added 2025/12/09 12:0 p.m.10 views

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-343-01 Universal Boot Loader U-Boot ICSA-25-343-02 Festo LX Appliance ICSA-25-343-03 Multiple India-Base...

6.6AI score
Exploits0References3
CISA
CISA
added 2025/12/03 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26828link is external OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent attack vector fo...

8.8CVSS8.9AI score0.39096EPSS
Exploits8References6
CISA
CISA
added 2025/11/06 12:0 p.m.11 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-310-01 Advantech DeviceOn iEdge ICSA-25-310-02 Ubia Ubox ICSA-25-310-03 ABB FLXeon Controllers...

6.6AI score
Exploits0References4
CISA
CISA
added 2025/11/04 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11371link is external Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability CVE-2025-48703link is external CWP...

9CVSS7.2AI score0.99589EPSS
Exploits7References7
CISA
CISA
added 2025/10/09 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-43798link is external Grafana Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

7.5CVSS6.9AI score0.88849EPSS
Exploits44References6
CISA
CISA
added 2025/07/28 12:0 p.m.10 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-20281link is external Cisco Identity Services Engine Injection Vulnerability CVE-2025-20337link is external Cisco Identity Services Engine Injection...

10CVSS7.9AI score0.96732EPSS
Exploits11References8
CISA
CISA
added 2025/05/19 12:0 p.m.10 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4427link is external Ivanti Endpoint Manager Mobile EPMM Authentication Bypass Vulnerability CVE-2025-4428link is external Ivanti Endpoint Manager Mobile EPMM...

8.8CVSS6.8AI score0.99891EPSS
Exploits14References11
CISA
CISA
added 2025/04/11 12:0 p.m.10 views

Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475 within FortiGate products. This malicious file could enable read-only access to files on the device's file system, which may include...

9.8CVSS7.6AI score0.99474EPSS
Exploits29References3
CISA
CISA
added 2025/04/04 12:0 p.m.10 views

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)

Ivanti released security updates to address vulnerabilities CVE-2025-22457 in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system. CISA has added CVE-2025-22457 to its Known Exploited Vulnerabilities Catalog...

9.8CVSS7.7AI score0.99979EPSS
Exploits7References6
CISA
CISA
added 2025/04/01 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24813link is external Apache Tomcat Path Equivalence Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

10CVSS7.3AI score0.99945EPSS
Exploits46References6
CISA
CISA
added 2025/03/13 12:0 p.m.10 views

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation...

7.1AI score
Exploits0References13
CISA
CISA
added 2025/02/19 12:0 p.m.10 views

CISA and Partners Release Advisory on Ghost (Cring) Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation FBI and Multi-State Information Sharing and Analysis Center MS-ISAC—released a joint Cybersecurity Advisory, StopRansomware: Ghost Cring Ransomware. This advisory provides network defenders with indicators of compromise IOCs,...

10CVSS7.5AI score0.99999EPSS
Exploits65References10
CISA
CISA
added 2024/12/18 12:0 p.m.10 views

CISA Releases Best Practice Guidance for Mobile Communications

Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China PRC government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing...

7AI score
Exploits0References2
CISA
CISA
added 2024/11/25 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28461link is external Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for...

9.8CVSS7.4AI score0.67645EPSS
Exploits0References6
CISA
CISA
added 2024/10/31 12:0 p.m.10 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on October 31, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-305-01 Rockwell Automation FactoryTalk ThinManager ICSA-24-030-02 Mitsubishi Electric...

7.1AI score
Exploits0References4
CISA
CISA
added 2024/07/09 12:0 p.m.10 views

Microsoft Releases July 2024 Security Updates

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...

7.6AI score
Exploits0References1
CISA
CISA
added 2023/12/19 12:0 p.m.10 views

CISA and FBI Release Advisory on ALPHV Blackcat Affiliates

Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures TTPs and indicators of compromise IOCs identified through FBI investigations as...

7.2AI score
Exploits0References4
CISA
CISA
added 2023/12/01 12:0 p.m.10 views

CISA Removes One Known Exploited Vulnerability From Catalog

CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Execution...

7.8AI score
Exploits0References5
CISA
CISA
added 2023/11/30 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability These types of vulnerabilities are freque...

10CVSS7.1AI score0.78428EPSS
Exploits5References8
CISA
CISA
added 2023/11/08 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29552 Service Location Protocol SLP Denial-of-Service Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pos...

7.5CVSS7.1AI score0.65873EPSS
Exploits1References6
CISA
CISA
added 2023/09/25 12:0 p.m.10 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41991 Apple Multiple Products Improper Certificate Validation Vulnerability CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation Vulnerability...

8.8CVSS7.5AI score0.29179EPSS
Exploits3References8
CISA
CISA
added 2023/09/14 12:0 p.m.10 views

CISA Adds One Known Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26369 Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

7.8CVSS7.1AI score0.07036EPSS
Exploits0References7
CISA
CISA
added 2023/09/06 12:0 p.m.10 views

CISA Adds One Known Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33246 Apache RocketMQ Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...

9.8CVSS7.3AI score0.96604EPSS
Exploits11References6
CISA
CISA
added 2023/09/06 12:0 p.m.10 views

CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

The Cybersecurity and Infrastructure Security Agency CISA has released an update to a previously published Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations...

9.8CVSS10AI score0.99445EPSS
Exploits16References4
CISA
CISA
added 2023/08/30 12:0 p.m.10 views

Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved

Juniper Networks has released a security advisory to address a vulnerability for Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Juniper’s Support Portallink is external...

7.5CVSS6.9AI score0.15143EPSS
Exploits0References1
CISA
CISA
added 2023/08/25 12:0 p.m.10 views

CISA’s VDP Platform 2022 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency CISA released its inaugural Vulnerability Disclosure Policy VDP Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch FCEB. This...

7.1AI score
Exploits0References3
CISA
CISA
added 2023/07/20 12:0 p.m.10 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...

7AI score
Exploits0References1
CISA
CISA
added 2023/02/10 12:0 a.m.10 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly...

1.7AI score
Exploits0References5
CISA
CISA
added 2023/02/07 12:0 a.m.10 views

CISA Releases ESXiArgs Ransomware Recovery Script

CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines VMs unusable. CISA recommends organizations impacted by ESXiArgs evaluate t...

1.1AI score
Exploits0References1
CISA
CISA
added 2023/02/07 12:0 a.m.10 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on February 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...

2.7AI score
Exploits0References1
CISA
CISA
added 2023/01/12 12:0 a.m.10 views

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators...

2.1AI score
Exploits0References1
CISA
CISA
added 2023/01/10 12:0 a.m.10 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on January 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

2.9AI score
Exploits0References2
CISA
CISA
added 2022/12/13 12:0 a.m.10 views

Mozilla Releases Security Updates for Thunderbird and Firefox

Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6,...

2.8AI score
Exploits0References3
Total number of security vulnerabilities4188