Lucene search
K

4197 matches found

NCSC
NCSC
added 12 hours ago5 views

Vulnerabilities handled in the n8n workflow automation platform

n8n has identified several vulnerabilities in its workflow automation platform. These vulnerabilities include: - An authorization issue where authenticated users can assign workflows to folders within projects to which they do not have access, due to insufficient validation of request payloads...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References9
NCSC
NCSC
added 13 hours ago4 views

Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks has identified several vulnerabilities in the PAN-OS software, particularly in PA-Series and VM-Series firewalls, as well as the Panorama management platform. These vulnerabilities affect various components of PAN-OS. - There are several XSS vulnerabilities in the User-ID...

9.9CVSS7.1AI score0.01172EPSS
Exploits0References10
NCSC
NCSC
added 13 hours ago5 views

Vulnerabilities are being addressed in the Progress MOVEit Transfer process.

Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...

8CVSS6AI score0.00442EPSS
Exploits0References1
NCSC
NCSC
added 16 hours ago7 views

Vulnerabilities in Siemens SICORE

Siemens has identified vulnerabilities in the SICORE Base system, particularly in versions under V26.20. These vulnerabilities are located in several components of the CPCI85 and SICORE Base systems. One of these vulnerabilities allows an authenticated attacker to crash the web service through an...

10CVSS6.2AI score0.0034EPSS
Exploits0References1
NCSC
NCSC
added 16 hours ago12 views

Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved

Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...

9.8CVSS7.1AI score0.02497EPSS
Exploits0References22
NCSC
NCSC
added 3 days ago5 views

Vulnerabilities found in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust has identified vulnerabilities in the products Remote Support and Privileged Remote Access. These vulnerabilities involve multiple aspects of these products. There is a pre-authentication vulnerability that allows a network-based attacker to bypass authentication checks without prior...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References1
NCSC
NCSC
added 3 days ago4 views

Vulnerabilities managed in GitLab Enterprise Edition and Community Edition

GitLab has identified several vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE versions ranging from 9.1 to 18.11.7, 19.0 to 19.0.4, and 19.1 to 19.1.2. The vulnerabilities include: - Creating repositories with discrepancies between the web interface and the actual...

8.7CVSS6.1AI score0.00282EPSS
Exploits0References1
NCSC
NCSC
added 6 days ago6 views

Vulnerabilities found in UniFi products from Ubiquiti Networks

Ubiquiti Networks has identified vulnerabilities in various UniFi products, including UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application, and UniFi Protect Application. These vulnerabilities involve command injection, SQL injection,...

10CVSS6.2AI score0.00872EPSS
Exploits0References1
NCSC
NCSC
added 2026/07/03 8:21 a.m.8 views

Vulnerabilities are addressed through Rancher Labs in Rancher.

Rancher Labs has identified vulnerabilities in Rancher versions 2.13.0 through 2.13.7, and 2.14.0 through 2.14.3. The first vulnerability relates to SAML authentication replay issues in the Assertion Consumer Service ACS handler in Rancher versions 2.14.0 onwards, but not including 2.14.3. The AC...

9.5CVSS6AI score0.00291EPSS
Exploits0References2
NCSC
NCSC
added 2026/07/03 8:21 a.m.6 views

Vulnerabilities in GitHub Enterprise Server

GitHub has identified several vulnerabilities in GitHub Enterprise Server, particularly in versions prior to 3.21 and 3.22. The first vulnerability involves stored XSS attacks, where authenticated attackers can inject malicious JavaScript payloads into discussion titles. These scripts are execute...

6.5CVSS6AI score0.00257EPSS
Exploits0References6
NCSC
NCSC
added 2026/07/02 12:39 p.m.10 views

Lack of sensitivity handled at Cisco Catalyst Center

Cisco has identified a vulnerability in Cisco Catalyst Center. This vulnerability lies in the insufficient validation of inputs provided by users, which can be manipulated through specially crafted HTTP requests to gain access to files within a limited container. As a result, unauthenticated...

7.5CVSS5.9AI score0.00756EPSS
Exploits0References1
NCSC
NCSC
added 2026/07/01 8:52 a.m.10 views

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unlimited uploading of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting XSS, and Server-Side...

10CVSS6AI score0.28583EPSS
Exploits3References1
NCSC
NCSC
added 2026/06/30 8:43 p.m.14 views

Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway

Citrix has identified vulnerabilities in NetScaler ADC and NetScaler Gateway that are related to inadequate input validation, incorrect access control, and improper memory release. The vulnerabilities, identified as CVE-2026-8451 and CVE-2026-10817, arise from inadequate input validation, where t...

9.8CVSS6AI score0.00502EPSS
Exploits1References1
NCSC
NCSC
added 2026/06/30 11:48 a.m.10 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NCSC
NCSC
added 2026/06/30 11:47 a.m.6 views

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in macOS Tahoe. These vulnerabilities included out-of-bounds access, use-after-free errors, memory handling issues, type confusion, double-free operations, stack overflows, insufficient input validation, and race conditions. These vulnerabilities could...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NCSC
NCSC
added 2026/06/29 8:8 a.m.8 views

Vulnerabilities handled in the MISP platform

MISP has addressed several vulnerabilities in its platform. These vulnerabilities involve unauthorized users being able to manipulate client-provided primary and foreign keys, leading to unauthorized data overwrites, ownership transfers, and changes to record scopes. Additionally, there were...

9.4CVSS6.6AI score0.00383EPSS
Exploits1References6
NCSC
NCSC
added 2026/06/29 8:2 a.m.16 views

Vulnerabilities handled in the n8n workflow automation platform

n8n has identified several vulnerabilities in the n8n workflow automation platform, particularly in versions 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2. These vulnerabilities affect various components of the n8n platform. Authorized users with workflow processing rights can exploit...

10CVSS5.9AI score0.00403EPSS
Exploits0References18
NCSC
NCSC
added 2026/06/25 11:26 a.m.10 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/24 9:1 a.m.6 views

The vulnerabilities in libssh2 are addressed through libssh.

LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...

9.2CVSS6.2AI score0.00732EPSS
Exploits11References2
NCSC
NCSC
added 2026/06/23 9:52 a.m.7 views

Vulnerabilities in MongoDB Server

MongoDB has identified several vulnerabilities in the MongoDB Server. These vulnerabilities concern various components of the MongoDB Server. One vulnerability in the logging mechanism can cause entire authentication data, including sensitive credentials, to be recorded in server logs without...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References14
NCSC
NCSC
added 2026/06/19 12:42 p.m.39 views

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified several vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities concern various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has classified the vulnerability with the identifier CVE-2026-20253 as a critical vulnerability in...

9.8CVSS6.9AI score0.88171EPSS
Exploits6References9
NCSC
NCSC
added 2026/06/19 6:52 a.m.10 views

Vulnerabilities in Cisco Identity Services Engine

Cisco has addressed several vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC. These vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative privileges can send special...

9.1CVSS6.2AI score0.00748EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:28 a.m.15 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:25 a.m.10 views

Vulnerabilities in Oracle JD Edwards EnterpriseOne

Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...

9.9CVSS5.5AI score0.00483EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:20 a.m.12 views

Vulnerabilities present in Oracle MySQL products

Oracle has identified vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. These vulnerabilities exist in various Oracle MySQL products and versions. In MySQL Shell for VS Code versions 2026.2.0+9.6.1, attackers with low privileges and network acce...

9.9CVSS5.5AI score0.00521EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:11 a.m.11 views

Vulnerabilities in Oracle PeopleSoft Enterprise

Oracle has identified vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 and PeopleSoft Enterprise CS Campus Community and Student Financials version 9.2.38. The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 allow...

9.8CVSS6AI score0.00576EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:5 a.m.12 views

Vulnerabilities in Oracle VM VirtualBox

Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 8:55 a.m.8 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

9.9CVSS5.4AI score0.00555EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 8:53 a.m.12 views

Vulnerabilities in Oracle E-Business Suite products

Oracle has identified vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost...

9.9CVSS5.5AI score0.00473EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 8:50 a.m.13 views

Vulnerabilities found in Oracle Communications

Oracle has uncovered vulnerabilities in Oracle Communications. The vulnerabilities reside in two underlying products: SQLite and Log4j. These vulnerabilities were previously exploited by the developers of these products. Oracle has incorporated these updates into its own software. In SQLite, a...

7.5CVSS5.5AI score0.00555EPSS
Exploits1References1
NCSC
NCSC
added 2026/06/16 1:30 p.m.8 views

Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager

Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...

6.5CVSS6AI score0.07683EPSS
Exploits2References1
NCSC
NCSC
added 2026/06/16 1:13 p.m.18 views

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

9.3CVSS6AI score0.70099EPSS
Exploits5References3
NCSC
NCSC
added 2026/06/12 7:45 a.m.12 views

Vulnerabilities hidden in Fortinet FortiPortal

Fortinet identified a vulnerability in FortiPortal versions 7.0 through 7.4.7. The vulnerability relates to the FortiPortal API endpoints, where an external attacker with organizational user privileges could access sensitive network configuration data through specially crafted HTTP requests. Thes...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/12 7:39 a.m.13 views

Vulnerabilities managed in GitLab Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition versions, ranging from 12.0 to 19.0.2, including important releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities affect various components of GitLab CE & EE. Authorized users...

8.7CVSS5.9AI score0.0037EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/12 7:25 a.m.11 views

Vulnerability handling in Oracle PeopleSoft Enterprise PeopleTools

Oracle has identified a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. This vulnerability allows unauthorized attackers to exploit the system via HTTP remotely. This can lead to remote code execution, which may result in the complete takeover of the system. The...

9.8CVSS6.1AI score0.9233EPSS
Exploits3References2
NCSC
NCSC
added 2026/06/11 11:11 a.m.19 views

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

10CVSS6AI score0.99041EPSS
Exploits6References1
NCSC
NCSC
added 2026/06/11 8:25 a.m.17 views

Vulnerabilities in Adobe InDesign Desktop Applications

Adobe has identified several vulnerabilities in Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier versions. These vulnerabilities lie in the way Adobe InDesign Desktop processes malicious files. There are stack-based and heap-based buffer overflow vulnerabilities that can lead to memory...

7.8CVSS6.5AI score0.00175EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 8:21 a.m.13 views

vulnerabilities present in Adobe Dreamweaver Desktop

Adobe has identified several vulnerabilities in Adobe Dreamweaver Desktop versions 21.7 and earlier. These vulnerabilities can be exploited by users who open specially crafted malicious files within the application. The vulnerabilities include executing arbitrary code by opening malicious files,...

8.6CVSS5.9AI score0.00195EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 8:18 a.m.13 views

Vulnerabilities present in Adobe Acrobat Reader

Adobe has identified vulnerabilities in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier versions. These vulnerabilities include an out-of-bounds write vulnerability and multiple Use After Free errors. These errors occur when processing certain malformed or maliciously...

7.8CVSS7.6AI score0.00285EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 8:15 a.m.17 views

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 2023.19, 2025.8, and earlier versions. These vulnerabilities include improper input validation, which allows arbitrary code to be executed without user interaction. There is also a path traversal vulnerability that enables...

10CVSS6.3AI score0.08871EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 8:12 a.m.14 views

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified several vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities include an OS command injection vulnerability, where a remote attacker can execute arbitrary operating system commands with root privileges. Additionally, there is a vulnerability due to incorre...

7.2CVSS6.7AI score0.34454EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 8:6 a.m.13 views

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox versions 4.2 through 5.0.5, including FortiSandbox Cloud and FortiSandbox PaaS. The vulnerability involves OS command injection in the FortiSandbox’s webinterface. As a result, unauthorized attackers can execute arbitrary OS commands by...

9.8CVSS6.3AI score0.23393EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/10 12:2 p.m.17 views

Veeam Backup & Replication’s vulnerability handling capabilities

Veeam has identified a vulnerability in Backup & Replication. This vulnerability allows an authenticated domain user to execute remote code on the Backup Server. As a result, an attacker with domain credentials can exploit this vulnerability to gain control over backup operations. This is a...

9.4CVSS8.5AI score0.02042EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/09 6:45 p.m.16 views

Vulnerabilities present in Siemens products

Siemens has identified vulnerabilities in various products, including SCALANCE, SIMATIC, SINAMICS, SIPROTEC, and TIA Portal. These vulnerabilities pose a threat to malicious actors, who could exploit them to cause the following types of damage: - Denial-of-Service DoS attacks - Data manipulation ...

9.8CVSS7.3AI score0.47621EPSS
Exploits7References5
NCSC
NCSC
added 2026/06/09 6:40 p.m.13 views

Flaws hidden in Microsoft Dynamics

Microsoft has identified a vulnerability in Dynamics on-premise. A malicious individual could exploit this vulnerability to gain increased privileges on the system. It is possible for a malicious person to gain privileges as a System Administrator. For successful exploitation, the malicious...

8.8CVSS5.5AI score0.0063EPSS
Exploits0
NCSC
NCSC
added 2026/06/09 6:35 p.m.16 views

Vulnerabilities in Microsoft Exchange

Microsoft has patched vulnerabilities in Exchange, both on-premise and online versions. A malicious individual could exploit these vulnerabilities to impersonate other users and access sensitive data. Additionally, a malicious actor could execute arbitrary code. The most severe vulnerability...

9.1CVSS5.8AI score0.01015EPSS
Exploits0
NCSC
NCSC
added 2026/06/09 6:23 p.m.23 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...

9.6CVSS5.7AI score0.0243EPSS
Exploits0
NCSC
NCSC
added 2026/06/09 6:15 p.m.15 views

Vulnerabilities in Microsoft Azure

Microsoft has addressed vulnerabilities in various Azure components. Malicious actors could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, or potentially access sensitive data. The most severe vulnerability was found in HorizonDB and ha...

10CVSS5.7AI score0.00973EPSS
Exploits0
NCSC
NCSC
added 2026/06/09 6:4 p.m.13 views

vulnerabilities present in Microsoft Office

Microsoft has identified vulnerabilities in various Office products such as Sharepoint, Word, Project, and Excel. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. For successful exploitation, th...

8.8CVSS7.3AI score0.01982EPSS
Exploits0
NCSC
NCSC
added 2026/06/09 5:44 p.m.19 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

9.8CVSS6.1AI score0.48438EPSS
Exploits5
Total number of security vulnerabilities4197