Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
added 2024/07/30 9:32 a.m.20 views

Vulnerabilities fixed in VMware ESXi and vCenter Server

VMware has fixed vulnerabilities in ESXi and vCenter Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service on the host, or to grant itself elevated privileges to perform actions that the malicious party is not initially authorized to perform. This does require the...

7.2CVSS7.1AI score0.2677EPSS
Exploits0References2
NCSC
NCSC
added 2022/04/19 12:0 a.m.20 views

Vulnerabilities fixed in Lenovo notebook BIOS

Vulnerabilities have been found in several Lenovo laptop models by researchers from security firm ESET. These vulnerabilities are Lenovo-specific, a full list of affected Lenovo laptops can be found under "Possible fixes." Two of these vulnerabilities, with attributes CVE-2021-3970 and...

7.2CVSS7AI score0.02999EPSS
Exploits1
NCSC
NCSC
added 2020/09/11 12:0 a.m.20 views

Vulnerability fixed in XWiki

The developers of XWiki have fixed a vulnerability. A malicious person with SCRIPT privileges could exploit the vulnerability to gain access to the server's Instance Manager and thereby create arbitrary Java objects. The developers have released updates to fix the vulnerability fix in XWiki 12.2....

6.6CVSS6.9AI score0.01341EPSS
Exploits0
NCSC
NCSC
added 2026/06/09 6:23 p.m.19 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...

9.6CVSS5.7AI score0.0243EPSS
Exploits0
NCSC
NCSC
added 2026/05/15 8:43 a.m.19 views

Vulnerabilities managed in Ivanti Endpoint Manager

Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...

8.8CVSS6.3AI score0.00883EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/15 8:19 a.m.19 views

Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

10CVSS6AI score0.87693EPSS
Exploits4References2
NCSC
NCSC
added 2026/02/13 1:35 p.m.19 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities included several problems such as memory corruption, buffer overflow, and post-release usage, which could lead to unauthorized access to sensitive data, unexpected process crashes and other stability issues. The vulnerabilitie...

9CVSS6.3AI score0.22359EPSS
Exploits18References2
NCSC
NCSC
added 2024/04/18 12:0 a.m.19 views

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed vulnerabilities in Communications products and applications. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...

9.8CVSS7.1AI score0.99999EPSS
Exploits77
NCSC
NCSC
added 2023/11/16 12:0 a.m.19 views

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to cause a denial-of-service, or to reboot the system with a rogue image. To reboot, the malicious party needs prior administrator privileges. Fortinet has released updates to fix the...

6.7CVSS7AI score0.01269EPSS
Exploits0
NCSC
NCSC
added 2023/04/11 12:0 a.m.19 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics 365. A remote malicious person could exploit the vulnerabilities for a cross-site scripting attack. Such an attack can result in execution of code in the context of the victim's browser and thereby potentially accessing sensitive data. Microsoft...

7.6CVSS6.1AI score0.00748EPSS
Exploits0
NCSC
NCSC
added 2023/02/14 12:0 a.m.19 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted, or to execute arbitrary code with privileges of the victim. To do this, the malicious party must entice t...

7.8CVSS7.8AI score0.01408EPSS
Exploits0
NCSC
NCSC
added 2022/05/04 12:0 a.m.19 views

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data Fortinet has released updates to...

6.3CVSS6.7AI score0.00844EPSS
Exploits0
NCSC
NCSC
added 2022/04/20 12:0 a.m.19 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in the following JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards World Security The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS...

9.8CVSS8.6AI score0.99964EPSS
Exploits181
NCSC
NCSC
added 2022/04/01 12:0 a.m.19 views

Vulnerability fixed in Zyxel Firewall and VPN systems

Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...

9.8CVSS7.1AI score0.84839EPSS
Exploits0
NCSC
NCSC
added 2022/02/21 12:0 a.m.19 views

Vulnerabilities fixed in Cobbler

The Cobbler project has fixed two vulnerabilities. A local malicious party can exploit the vulnerabilities to view configuration files or locally execute arbitrary code execute arbitrary code under the application's permissions. A third vulnerability was also found, CVE-2021-45081. There are...

7.8CVSS8AI score0.00897EPSS
Exploits1
NCSC
NCSC
added 2021/11/11 12:0 a.m.19 views

Vulnerability fixed in VMware vCenter and Cloud Foundation

VMware has fixed a vulnerability in vCenter Server and Cloud Foundation. An authenticated malicious party could, by exploiting this vulnerability obtain elevated privileges on the vulnerable system. The vulnerability is located in the Integrated Windows Authentication IWA authentication mechanism...

8.8CVSS7AI score0.09976EPSS
Exploits0
NCSC
NCSC
added 2021/04/16 12:0 a.m.19 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed several vulnerabilities in Jira. A unauthenticated remote malicious person can exploit the vulnerabilities exploit them to gain access to information about the system or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code...

6.1CVSS6.8AI score0.0161EPSS
Exploits0
NCSC
NCSC
added 2021/02/25 12:0 a.m.19 views

Vulnerabilities fixed in Cisco FXOS and NX-OS

Cisco has fixed vulnerabilities in FXOS and NX-OS. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service and to execute arbitrary code under root privileges. Cisco categorizes this vulnerability according to the CVSSv3 method with a score...

8.8CVSS7.5AI score0.00441EPSS
Exploits0
NCSC
NCSC
added 2026/06/16 1:13 p.m.18 views

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

9.3CVSS6AI score0.70099EPSS
Exploits5References3
NCSC
NCSC
added 2026/06/11 11:11 a.m.18 views

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

10CVSS6AI score0.99041EPSS
Exploits6References1
NCSC
NCSC
added 2026/06/09 5:44 p.m.18 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

9.8CVSS6.1AI score0.48438EPSS
Exploits5
NCSC
NCSC
added 2026/06/08 8:23 a.m.18 views

Vulnerabilities in IBM WebSphere Application Server and WebSphere Liberty

IBM has identified vulnerabilities in WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. These vulnerabilities reside in the Web Server Plug-ins, which are part of the request handling processes of these products. The first vulnerability relates to HTTP request smuggling,...

9.8CVSS6.3AI score0.00847EPSS
Exploits0References5
NCSC
NCSC
added 2026/06/02 11:33 a.m.18 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

9.8CVSS7.3AI score0.72253EPSS
Exploits39
NCSC
NCSC
added 2026/04/15 12:20 p.m.18 views

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

8.1CVSS6.2AI score0.00901EPSS
Exploits0References3
NCSC
NCSC
added 2025/11/07 10:7 a.m.18 views

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. The vulnerabilities include a stack-based buffer overflow that allows authenticated attackers to execute unauthorized code via specially crafted CLI commands. In addition, there are issues with incorrect certificate validation that all...

7.8CVSS7.3AI score0.00402EPSS
Exploits2References6
NCSC
NCSC
added 2025/11/04 3:3 p.m.18 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities in Samsung Mobile The vulnerabilities include an out-of-bounds write and read, as well as a vulnerability in USB connection mode that allows local attackers to gain unauthorized access to user data. These vulnerabiliti...

8CVSS7.2AI score0.00911EPSS
Exploits8References2
NCSC
NCSC
added 2025/11/04 12:44 p.m.18 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2 and macOS Tahoe 26.1. The vulnerabilities covered a wide range of issues, including unauthorized access to sensitive user data, race conditions, and logic flaws that could lead to unwanted access or system instability...

9.8CVSS6.6AI score0.03239EPSS
Exploits80References3
NCSC
NCSC
added 2025/10/31 9:35 a.m.18 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine Edition. The vulnerabilities include an authentication bypass that allows unauthorized access to the PanelView Plus 7 Series B file system and diagnostic information. In addition, there is a path-traversal vulnerability tha...

9.8CVSS7.5AI score0.00554EPSS
Exploits0References3
NCSC
NCSC
added 2025/05/13 7:10 p.m.18 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, assign themselves elevated privileges and gain access to sensitive data. Microsoft has since released updates to fix the vulnerabilities marked...

9.9CVSS8.5AI score0.02621EPSS
Exploits2
NCSC
NCSC
added 2025/04/16 8:37 a.m.18 views

Vulnerabilities fixed in Oracle Database Products

Oracle has fixed vulnerabilities in several Oracle Database Products and subsystems, including Oracle Server, NoSQL, TimesTen, Secure Backup and Essbase. The vulnerabilities allow unauthenticated malicious actors to cause a Denial-of-Service or gain unauthorized access to sensitive data and...

10CVSS7.4AI score0.99999EPSS
Exploits150References1
NCSC
NCSC
added 2025/01/22 1:30 p.m.18 views

Vulnerabilities fixed in Oracle Communications

Oracle has fixed several vulnerabilities in its Communications products, including Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function and Oracle Communications Order and Service Management. The vulnerabilities allow unauthenticated malicious actors t...

10CVSS7.5AI score0.99957EPSS
Exploits103References1
NCSC
NCSC
added 2025/01/15 1:25 p.m.18 views

Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy. The vulnerabilities include hard-coded cryptographic keys, improper processing of OS commands, and out-of-bounds write and read errors. Attackers can exploit these vulnerabilities to gain...

9.8CVSS7.8AI score0.83428EPSS
Exploits13References27
NCSC
NCSC
added 2023/08/31 12:0 a.m.18 views

Vulnerabilities fixed in VMware Aria Operations Networks

VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to bypass authentication, or to execute arbitrary code on the underlying system. The most serious vulnerability has been given attribute...

9.8CVSS7.8AI score0.63947EPSS
Exploits9
NCSC
NCSC
added 2023/05/09 12:0 a.m.18 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer Tools. In order to exploit the vulnerabilities, the malicious party must have local access to the development environment. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...

7.8CVSS6.1AI score0.01747EPSS
Exploits1
NCSC
NCSC
added 2023/04/19 12:0 a.m.18 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several Oracle Fusion Middleware products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights...

9.8CVSS8.2AI score0.99677EPSS
Exploits126
NCSC
NCSC
added 2022/05/31 12:0 a.m.18 views

Vulnerabilities fixed in IBM SPSS

Several vulnerabilities have been fixed in Spring Framework version 5.3.20 as part of IBM SPSS Collaboration and Deployment Services. The vulnerabilities can be exploited by a malicious be exploited to execute arbitrary code and/or to cause a denial-of-service DoS exploit. These vulnerabilities...

9.8CVSS7.8AI score0.99677EPSS
Exploits105
NCSC
NCSC
added 2022/03/08 12:0 a.m.18 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Increased user privileges The...

9CVSS6.2AI score0.88106EPSS
Exploits106
NCSC
NCSC
added 2021/03/10 12:0 a.m.18 views

Vulnerabilities fixed in Adobe Creative Cloud

Adobe has fixed vulnerabilities in Creative Cloud Desktop Application. A malicious party can exploit the vulnerabilities to injecting system commands which are then executed by the application. Also, the vulnerabilities can be exploited to obtain elevated privileges and to overwrite arbitrary...

9.3CVSS8AI score0.02467EPSS
Exploits0
NCSC
NCSC
added 2021/01/14 12:0 a.m.18 views

Vulnerabilities fixed in Nagios XI

Vulnerabilities have been fixed in Nagios XI. The vulnerabilities allow a malicious person to perform attacks that lead to Cross-Site Scripting XSS and Remote code execution User Rights. Nagios has released updates to fix the vulnerabilities in Nagios XI 5.8.0. For more information, see:...

9CVSS6.3AI score0.81915EPSS
Exploits7
NCSC
NCSC
added 2020/12/22 12:0 a.m.18 views

Serious vulnerabilities fixed in Dell Wyse ThinOS

Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...

10CVSS6.6AI score0.01848EPSS
Exploits0
NCSC
NCSC
added 2020/09/08 12:0 a.m.19 views

Vulnerabilities fixed in Microsoft SharePoint

Microsoft is fixing several vulnerabilities in Microsoft SharePoint. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code or to conduct a Cross-Site-Scripting XSS attack. Two of the vulnerabilities in SharePoint can be exploited to execute arbitrary code in th...

9.9CVSS6.7AI score0.03703EPSS
Exploits3
NCSC
NCSC
added 2020/09/08 12:0 a.m.18 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code or to bypass a security measure. Microsoft considers the vulnerability with attribute CVE-2020-16874 to be critical. The vulnerability in...

9.3CVSS7.2AI score0.06624EPSS
Exploits0
NCSC
NCSC
added 2026/05/29 7:8 p.m.17 views

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References2
NCSC
NCSC
added 2026/05/29 12:20 p.m.17 views

Vulnerabilities in Oracle Database Server

Oracle has identified vulnerabilities in Oracle REST Data Services versions 24.2.0 to 26.1.0 and Oracle Database Server versions 23.4.0 to 23.26.2. The vulnerabilities in Oracle REST Data Services allow attackers with low privileges and network access via HTTPS to perform various actions without...

10CVSS5.9AI score0.01127EPSS
Exploits2References1
NCSC
NCSC
added 2025/12/09 6:39 p.m.17 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...

8.8CVSS9.8AI score0.02342EPSS
Exploits2
NCSC
NCSC
added 2025/04/16 8:39 a.m.17 views

Vulnerabilities fixed in Oracle Communications

Oracle has fixed several vulnerabilities in Oracle Communications products, including Cloud Native Core and Policy Management. The vulnerabilities in Oracle Communications products allow unauthenticated attackers to gain unauthorized access to sensitive data and can lead to denial-of-service DoS...

10CVSS7.5AI score0.99945EPSS
Exploits96References1
NCSC
NCSC
added 2025/03/04 10:15 a.m.17 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...

9.8CVSS8AI score0.00809EPSS
Exploits1References2
NCSC
NCSC
added 2024/06/18 11:46 a.m.17 views

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the server. For successful abuse, however, the malicious party must have access to the LAN infrastructure. VMware has...

9.8CVSS8AI score0.22377EPSS
Exploits3References1
NCSC
NCSC
added 2023/11/14 12:0 a.m.17 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in System Center. A malicious party could exploit the vulnerabilities to gain elevated permissions or gain access to sensitive data. For successful abuse, the malicious party needs local access. Open Management Infrastructure:...

7.8CVSS8.8AI score0.01399EPSS
Exploits0
NCSC
NCSC
added 2023/10/12 12:0 a.m.17 views

Vulnerabilities fixed in Adobe Bridge and Photoshop

Adobe has fixed vulnerabilities in Photoshop and Bridge. A malicious party could exploit the vulnerabilities to execute attacks that could lead to the execution of arbitrary code with the victim's privileges. In order for the code to be executed in order for the code to be executed, the malicious...

7.8CVSS7.1AI score0.00435EPSS
Exploits0
Total number of security vulnerabilities4190