Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2018/10/04 12:0 a.m.38 views

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrator...

4.3CVSS2.7AI score0.94494EPSS
Exploits3References1
CISA
CISA
added 2018/03/13 12:0 a.m.38 views

Samba Releases Security Updates

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2018-1050 an...

6.5CVSS2.3AI score0.10308EPSS
Exploits1References2
CISA
CISA
added 2015/07/08 12:0 a.m.38 views

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability CVE-2015-5119 in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119...

10CVSS1.4AI score0.99344EPSS
Exploits6References2
CISA
CISA
added 2026/05/14 12:0 p.m.37 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20182link is external Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicio...

10CVSS6.1AI score0.88496EPSS
Exploits4References9
CISA
CISA
added 2023/01/26 12:0 a.m.37 views

CISA Has Added One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...

1.7AI score
Exploits0References5
CISA
CISA
added 2022/09/01 12:0 a.m.37 views

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address a vulnerability CVE-2022-32893 in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation. Exploitation of this vulnerability could allow an attacker to take control of affected device. CISA encourages...

2AI score0.09785EPSS
Exploits0References1
CISA
CISA
added 2021/05/14 12:0 a.m.37 views

CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise

CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally,...

6.8AI score
Exploits0References8
CISA
CISA
added 2021/03/31 12:0 a.m.37 views

Citrix Releases Security Updates for Hypervisor

Citrix has released security updates to address vulnerabilities in Hypervisor formerly XenServer. An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/02/17 12:0 a.m.37 views

North Korean Malicious Cyber Activity: AppleJeus

CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports MARs on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S...

6.8AI score
Exploits0References9
CISA
CISA
added 2021/02/05 12:0 a.m.37 views

NCIJTF Releases Ransomware Factsheet

The National Cyber Investigative Joint Task Force NCIJTF has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts...

6.6AI score
Exploits0References4
CISA
CISA
added 2020/11/12 12:0 a.m.37 views

Google Releases Security Updates for Chrome

Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. T...

6.8CVSS2.3AI score0.02826EPSS
Exploits0References2
CISA
CISA
added 2020/10/14 12:0 a.m.37 views

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Apache...

4CVSS2.1AI score0.57286EPSS
Exploits0References1
CISA
CISA
added 2020/08/31 12:0 a.m.37 views

Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software

Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A...

7.8CVSS7.2AI score0.03631EPSS
Exploits0References1
CISA
CISA
added 2020/06/26 12:0 a.m.37 views

Apache Releases Security Advisory for Apache Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

5CVSS2.2AI score0.26699EPSS
Exploits0References1
CISA
CISA
added 2020/01/24 12:0 a.m.37 views

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

The National Security Agency NSA has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agenc...

6.6AI score
Exploits0References3
CISA
CISA
added 2018/11/05 12:0 a.m.37 views

Apache Releases Security Advisory for Apache Struts

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC...

7.5CVSS3.2AI score0.34731EPSS
Exploits0References1
CISA
CISA
added 2018/10/31 12:0 a.m.37 views

Apache Releases Security Update for Apache Tomcat JK Connectors

The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review the...

5CVSS2.2AI score0.90647EPSS
Exploits0References1
CISA
CISA
added 2018/03/01 12:0 a.m.37 views

ISC Releases Security Advisories for DHCP, BIND

The Internet Systems Consortium ISC has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol DHCP and Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition...

5CVSS1.2AI score0.06236EPSS
Exploits0References2
CISA
CISA
added 2025/12/18 12:0 p.m.36 views

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor...

6.6AI score
Exploits0References9
CISA
CISA
added 2021/06/23 12:0 a.m.36 views

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected...

7.1AI score
Exploits0References2
CISA
CISA
added 2020/07/03 12:0 a.m.36 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

7.8CVSS2.5AI score0.03874EPSS
Exploits0References4
CISA
CISA
added 2020/04/01 12:0 a.m.36 views

MS-ISAC Releases Advisory on DrayTek Devices

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...

10CVSS9.8AI score0.99993EPSS
Exploits7References2
CISA
CISA
added 2019/12/05 12:0 a.m.36 views

NCSC-NZ Releases Cyber Governance Resource for Leaders

The New Zealand National Cyber Security Centre NCSC-NZ has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with...

6.8AI score
Exploits0References3
CISA
CISA
added 2019/04/25 12:0 a.m.36 views

ISC Releases BIND Security Updates

The Internet Systems Consortium ISC has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA...

5CVSS2.4AI score0.06404EPSS
Exploits0References3
CISA
CISA
added 2017/09/20 12:0 a.m.36 views

Samba Releases Security Updates

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information. US-CERT encourages users and administrators to review the Samba Security Announcements for...

5.8CVSS2.9AI score0.13334EPSS
Exploits0References3
CISA
CISA
added 2017/02/10 12:0 a.m.36 views

Enhanced Analysis of GRIZZLY STEPPE

The Department of Homeland Security DHS has released an Analysis Report AR related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to...

6.6AI score
Exploits0References3
CISA
CISA
added 2011/04/08 12:0 a.m.36 views

ISC dhclient Vulnerability

The Internet Systems Consortium ISC has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine. US-CERT encourages administrators of this product to review the ISC advisory. Users ...

7.5CVSS2.5AI score0.84292EPSS
Exploits6References2
CISA
CISA
added 2023/02/16 12:0 a.m.35 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...

1.7AI score
Exploits0References5
CISA
CISA
added 2022/09/22 12:0 a.m.35 views

ISC Releases Security Advisories for Multiple Versions of BIND 9

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories...

2.6AI score0.02299EPSS
Exploits0References5
CISA
CISA
added 2022/03/03 12:0 a.m.35 views

NSA Releases Network Infrastructure Security Guidance

The National Security Agency NSA has released a new Cybersecurity Technical Report CTR: Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter an...

6.8AI score
Exploits0References3
CISA
CISA
added 2021/07/30 12:0 a.m.35 views

CISA Announces Vulnerability Disclosure Policy (VDP) Platform

CISA has announced the establishment of its Vulnerability Disclosure Policy VDP Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a...

7AI score
Exploits0References1
CISA
CISA
added 2021/06/29 12:0 a.m.35 views

CISA Begins Cataloging Bad Practices that Increase Cyber Risk

In a blog post by Executive Assistant Director EAD Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critic...

6.8AI score
Exploits0References4
CISA
CISA
added 2019/04/08 12:0 a.m.35 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Samba Securi...

5.5CVSS2.7AI score0.03392EPSS
Exploits1References2
CISA
CISA
added 2026/04/24 12:0 p.m.34 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...

9.9CVSS5.4AI score0.91941EPSS
Exploits4References9
CISA
CISA
added 2026/02/10 12:0 p.m.34 views

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team CERT Polska’s Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders. In December 2025, a malicious cyber actors targeted and compromised operational...

5.7AI score
Exploits0References5
CISA
CISA
added 2025/08/12 12:0 p.m.34 views

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on August 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-224-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-224-02 Johns...

7.1AI score
Exploits0References7
CISA
CISA
added 2024/08/13 12:0 p.m.34 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213...

8.8CVSS7.8AI score0.39196EPSS
Exploits5References11
CISA
CISA
added 2021/01/27 12:0 a.m.34 views

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisories for Firefox 85,...

4.3CVSS2.8AI score0.01047EPSS
Exploits0References3
CISA
CISA
added 2020/06/09 12:0 a.m.34 views

CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

The CERT Coordination Center CERT/CC has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play UPnP protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could...

7.8CVSS2.2AI score0.15193EPSS
Exploits3References2
CISA
CISA
added 2020/01/21 12:0 a.m.34 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

5.5CVSS2.4AI score0.03151EPSS
Exploits0References3
CISA
CISA
added 2019/03/25 12:0 a.m.34 views

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Mozilla Security...

6.8CVSS3AI score0.07387EPSS
Exploits4References1
CISA
CISA
added 2018/12/19 12:0 a.m.34 views

Microsoft Releases Out-of-Band Security Updates

Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The National Cybersecurity and...

7.6CVSS7.3AI score0.29822EPSS
Exploits0References2
CISA
CISA
added 2024/11/08 12:0 p.m.33 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Updated November 8, 2024 CISA has removed the following vulnerability from its Known Exploited Vulnerabilities Catalog, due to a transcription error: CVE-2021-4043link is external Motion Spell GPAC Null Pointer Dereference Vulnerability End of Update CISA has added four new vulnerabilities to its...

9.8CVSS8.2AI score0.98053EPSS
Exploits4References9
CISA
CISA
added 2019/10/01 12:0 a.m.33 views

Exim Releases Security Update

Exim has released a security update to address a vulnerability affecting Exim versions 4.92 to 4.92.2. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

7.5CVSS2.7AI score0.41589EPSS
Exploits3References1
CISA
CISA
added 2019/03/12 12:0 a.m.33 views

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

7AI score
Exploits0References2
CISA
CISA
added 2013/02/27 12:0 a.m.33 views

Security Updates Available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system. Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in...

9.3CVSS6.3AI score0.11094EPSS
Exploits0References1
CISA
CISA
added 2012/06/13 12:0 a.m.33 views

Microsoft Releases Security Advisory for Microsoft XML Core Services

Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory,...

9.3CVSS6.8AI score0.83638EPSS
Exploits12References4
CISA
CISA
added 2012/06/07 12:0 a.m.33 views

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, and Dynamics AX as part of the Microsoft Security Bulletin Summary for June 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated...

7.2CVSS3.5AI score0.37212EPSS
Exploits6References3
CISA
CISA
added 2026/05/15 12:0 p.m.32 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42897link is external Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

8.1CVSS5.8AI score0.0564EPSS
Exploits1References6
CISA
CISA
added 2024/01/16 12:0 p.m.32 views

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with threat actors...

9.8CVSS8.8AI score0.99999EPSS
Exploits180References6
Total number of security vulnerabilities4188