Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2020/09/03 12:0 a.m.•11 views

Vulnerabilities fixed in Cisco Jabber for Windows client

Vulnerabilities have been fixed in Cisco Jabber for Windows client. The vulnerabilities allow an authenticated remote malicious person to remote user to obtain sensitive information and to execute arbitrary code under user privileges. To exploit the vulnerabilities, the malicious party must send...

9.9CVSS7.5AI score0.62119EPSS
Exploits0
NCSC
NCSC
•added 2020/09/03 12:0 a.m.•11 views

Vulnerabilities fixed in Samsung Mobile

Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious potentially able to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

9.8CVSS8.6AI score0.03291EPSS
Exploits6
NCSC
NCSC
•added 2020/02/22 12:0 a.m.•11 views

Vulnerability fixed in Apache Tomcat

A malicious party can exploit the vulnerability to obtain information from the system. The vulnerability was caused because the AJP protocol was incorrectly was implemented incorrectly. A malicious party could possibly read files a malicious request to read files from the webroot directory. The A...

9.8CVSS7.5AI score0.9927EPSS
Exploits45
NCSC
NCSC
•added 2026/06/30 8:43 p.m.•10 views

Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway

Citrix has identified vulnerabilities in NetScaler ADC and NetScaler Gateway that are related to inadequate input validation, incorrect access control, and improper memory release. The vulnerabilities, identified as CVE-2026-8451 and CVE-2026-10817, arise from inadequate input validation, where t...

9.8CVSS6AI score0.00502EPSS
Exploits1References1
NCSC
NCSC
•added 2026/06/25 11:26 a.m.•10 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References1
NCSC
NCSC
•added 2026/06/17 9:20 a.m.•10 views

Vulnerabilities present in Oracle MySQL products

Oracle has identified vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. These vulnerabilities exist in various Oracle MySQL products and versions. In MySQL Shell for VS Code versions 2026.2.0+9.6.1, attackers with low privileges and network acce...

9.9CVSS5.5AI score0.00521EPSS
Exploits0References1
NCSC
NCSC
•added 2026/06/17 9:11 a.m.•10 views

Vulnerabilities in Oracle PeopleSoft Enterprise

Oracle has identified vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 and PeopleSoft Enterprise CS Campus Community and Student Financials version 9.2.38. The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 allow...

9.8CVSS6AI score0.00576EPSS
Exploits0References1
NCSC
NCSC
•added 2026/06/17 9:5 a.m.•10 views

Vulnerabilities in Oracle VM VirtualBox

Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References1
NCSC
NCSC
•added 2026/06/17 8:50 a.m.•10 views

Vulnerabilities found in Oracle Communications

Oracle has uncovered vulnerabilities in Oracle Communications. The vulnerabilities reside in two underlying products: SQLite and Log4j. These vulnerabilities were previously exploited by the developers of these products. Oracle has incorporated these updates into its own software. In SQLite, a...

7.5CVSS5.5AI score0.00555EPSS
Exploits1References1
NCSC
NCSC
•added 2026/05/13 11:39 a.m.•10 views

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox and FortiSandbox PaaS versions. The vulnerability involves an absence of authorization checks, allowing unauthorized attackers to execute unauthorized code or commands through specially crafted HTTP requests. This issue arises due to...

9.8CVSS6.4AI score0.00733EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/13 9:18 a.m.•10 views

vulnerabilities handled in Adobe Illustrator

Adobe has identified several vulnerabilities in Adobe Illustrator versions 29.8.6, 30.3, and earlier. These vulnerabilities lie in the way Adobe Illustrator processes specially crafted files. There are issues with out-of-bounds write operations, NULL pointer dereferences, out-of-bounds reads, and...

7.8CVSS6AI score0.00174EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/12 5:53 p.m.•10 views

Vulnerabilities in Microsoft Azure

Microsoft has identified vulnerabilities in various Azure components. A malicious individual could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, and potentially access sensitive data. The vulnerabilities with IDs CVE-2026-40379,...

10CVSS6.3AI score0.05378EPSS
Exploits0
NCSC
NCSC
•added 2026/05/06 11:33 a.m.•10 views

Vulnerabilities in Apache HTTP Server

The Apache Software Foundation has addressed several vulnerabilities in Apache HTTP Server. These vulnerabilities concern various modules and functions within Apache HTTP Server. The most serious vulnerability relates to a double-free in the HTTP/2 implementation, which allows an attacker to...

9.8CVSS7.9AI score0.4581EPSS
Exploits18References1
NCSC
NCSC
•added 2026/05/06 9:18 a.m.•10 views

Vulnerabilities are being addressed in the Progress MOVEit Automation system.

Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...

9.8CVSS6AI score0.05633EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/06 8:42 a.m.•10 views

Vulnerability handling in Palo Alto Networks PAN-OS

Palo Alto Networks has identified a vulnerability in PAN-OS, specifically in the User-ID Authentication Portal component of the PA-Series and VM-Series firewalls. The vulnerability involves a buffer overflow in the User-ID Authentication Portal, allowing unauthenticated attackers to execute...

9.8CVSS6.7AI score0.36157EPSS
Exploits6References1
NCSC
NCSC
•added 2026/04/15 12:23 p.m.•10 views

vulnerabilities in Fortinet FortiSandbox

Fortinet has identified several vulnerabilities in FortiSandbox, including those in on-premises versions and FortiSandbox Cloud. Two of these vulnerabilities are classified as critical by Fortinet. Malicious actors can exploit these vulnerabilities through CVE-2026-39813 and CVE-2026-39808. In...

9.8CVSS6AI score0.48668EPSS
Exploits7References5
NCSC
NCSC
•added 2026/03/30 11:36 a.m.•10 views

Vulnerability fixed in Fortinet FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS version 7.4.4. The vulnerability with reference CVE-2026-21643 concerns a critical vulnerability in FortiClient EMS. The cause lies in the improper neutralization of special SQL commands, which allows an unauthenticated malicious person to...

9.8CVSS6.1AI score0.94085EPSS
Exploits1References1
NCSC
NCSC
•added 2026/03/25 2:15 p.m.•10 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Specifically Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4. The vulnerabilities include several issues such as insufficient input validation, improper memory handling, and issues with permissions that could lead to unauthorized access to sensitive...

9.3CVSS5.7AI score0.01527EPSS
Exploits7References3
NCSC
NCSC
•added 2026/03/20 3:56 p.m.•10 views

Vulnerability fixed in Oracle Identity Manager and Oracle Web Services Manager

Oracle has fixed a vulnerability in two components of Fusion Middleware, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability comes from insufficient access controls within Oracle Identity Manager and Oracle Web Services Manager, allowing unauthenticated remote attackers to...

9.8CVSS6.3AI score0.01008EPSS
Exploits1References2
NCSC
NCSC
•added 2026/02/27 7:15 a.m.•10 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 9.0 to but not including 18.7.5, 18.8 to but not including 18.8.5, and 18.9 to but not including 18.9.1. The vulnerabilities included several Denial of Service DoS and security vulnerabilities that could be exploited by both authenticated and...

8CVSS5.8AI score0.00357EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/25 10:39 a.m.•10 views

Vulnerabilities fixed in SolarWinds Serv-U

SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...

9.1CVSS6.1AI score0.0057EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/09 7:48 a.m.•10 views

Vulnerabilities fixed in Samsung mobile

Samsung has fixed vulnerabilities in several software components, including Emergency Sharing, KnoxGuard Manager, Settings, PACM, FacAtFunction, ShortcutService and Samsung Dialer, specific to the SMR Feb-2026 Release 1. The vulnerabilities are related to improper access management, improper...

8.5CVSS6AI score0.00295EPSS
Exploits1References1
NCSC
NCSC
•added 2026/02/02 9:47 a.m.•10 views

Vulnerabilities fixed in SolarWinds Web Help Desk

SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...

9.8CVSS6.2AI score0.8413EPSS
Exploits6References6
NCSC
NCSC
•added 2025/12/31 2:19 p.m.•10 views

Vulnerability fixed in SmarterMail

SmarterTools has fixed a vulnerability in SmarterMail. The vulnerability allows an unauthenticated remote malicious person to upload arbitrary files to the mail server. In this way, the malicious party can, among other things, execute code on the vulnerable mail server and access data stored on i...

10CVSS7.6AI score0.85457EPSS
Exploits15References1
NCSC
NCSC
•added 2025/12/27 11:38 a.m.•10 views

Vulnerability fixed in MongoDB

MongoDB developers have fixed a vulnerability in MongoDB. The vulnerability with reference CVE-2025-14847 allows an unauthenticated remote attacker to read uninitialized heap memory. It is caused by improperly processing length parameters in Zlib-compressed protocol headers. Misuse of the...

8.7CVSS6.7AI score0.83007EPSS
Exploits39References2
NCSC
NCSC
•added 2025/12/12 10:46 a.m.•10 views

Vulnerabilities fixed in React Server Components

Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...

7.5CVSS7.2AI score0.65592EPSS
Exploits13References4
NCSC
NCSC
•added 2025/12/12 9:29 a.m.•10 views

Vulnerabilities fixed in SAP Software

SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...

9.9CVSS7.4AI score0.64718EPSS
Exploits1References1
NCSC
NCSC
•added 2025/12/10 1:34 p.m.•10 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...

9.1CVSS7.3AI score0.08453EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/05 12:13 p.m.•10 views

Vulnerabilities fixed in React Server Components

React has fixed vulnerabilities in certain versions of React Server Components specifically for versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0. An unauthenticated attacker can send a rogue HTTP request to any Server Function endpoint that, when processed by React, can lead to remote code execution on...

10CVSS8.6AI score0.99562EPSS
Exploits388References5
NCSC
NCSC
•added 2025/11/11 6:31 p.m.•10 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and gain access to sensitive data. Successful exploitation requires the malicious party to tric...

9.8CVSS6.6AI score0.05815EPSS
Exploits0
NCSC
NCSC
•added 2025/11/03 8:27 a.m.•10 views

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Versions before 2024R1.4.2 and 2024R2. The vulnerabilities include a remote code execution vulnerability within the Business Process Intelligence component, insufficient permissions on systemd unit files, unauthorized access to API keys, a command...

9.4CVSS8.9AI score0.04188EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/23 1:45 p.m.•10 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed several vulnerabilities in Oracle Analytics products. The vulnerabilities can compromise confidentiality, integrity and availability, with a maximum impact score of "HIGH. Attackers can exploit these vulnerabilities to gain unauthorized access or conduct denial-of-service DoS...

8.7CVSS7.1AI score0.64718EPSS
Exploits2References1
NCSC
NCSC
•added 2025/10/23 7:18 a.m.•10 views

Vulnerabilities fixed in Zohocorp's ManageEngine

Zohocorp has fixed vulnerabilities in ManageEngine Specifically for ADManager Plus, EndPoint Central and Analytics Plus. The vulnerabilities include an authenticated command injection in ADManager Plus, XML injections in EndPoint Central, and an authenticated SQL injection in Analytics Plus. Thes...

8.8CVSS8.2AI score0.25403EPSS
Exploits0References3
NCSC
NCSC
•added 2025/10/17 8:42 a.m.•10 views

Vulnerability fixed in FortiOS

Fortinet has fixed a vulnerability in FortiOS multiple versions. The vulnerability is in the way FortiOS handles memory allocation. Authenticated users can exploit this vulnerability by sending specially crafted requests, which can lead to the execution of unauthorized code. This can have serious...

8.8CVSS6.9AI score0.00621EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/16 6:32 a.m.•10 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Specifically for versions 2.4.9-alpha2 and earlier. The vulnerabilities include improper authorization that allows low-privileged attackers to bypass security measures, which can lead to unauthorized access to sensitive data without user...

8.1CVSS5.8AI score0.00551EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/14 6:21 p.m.•10 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, bypass security measures and gain access to sensitive data. The most serious vulnerability has been assigned CVE-2025-55315 and is located i...

9.9CVSS6.5AI score0.66258EPSS
Exploits5
NCSC
NCSC
•added 2025/09/16 12:21 p.m.•10 views

Vulnerabilities fixed in Ivanti products

Ivanti has fixed vulnerabilities in several products such as Connect Secure and Policy Secure. The vulnerabilities are in several Ivanti products and allow remote authenticated attackers with read-only admin rights to change authentication settings, configure restricted settings, hijack existing...

8.9CVSS6.9AI score0.00855EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/09 6:22 p.m.•10 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...

9.8CVSS7.6AI score0.18834EPSS
Exploits5
NCSC
NCSC
•added 2025/08/13 9:6 a.m.•10 views

Vulnerabilities fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways

Ivanti has fixed vulnerabilities in Connect Secure, Policy Secure and ZTA Gateways. The vulnerabilities include a buffer over-read and a heap-based buffer overflow, both of which can be exploited by remote unauthenticated attackers to cause a denial-of-service DoS. There is also an issue with the...

8.7CVSS7.4AI score0.01045EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/30 1:2 p.m.•10 views

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...

9.8CVSS7AI score0.09185EPSS
Exploits3References7
NCSC
NCSC
•added 2025/07/14 6:6 a.m.•10 views

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

10CVSS9.5AI score0.95343EPSS
Exploits23References2
NCSC
NCSC
•added 2025/07/11 10:1 a.m.•10 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in Adobe InDesign Desktop Versions 19.5.3 and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...

7.8CVSS8.2AI score0.00251EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/09 8:29 a.m.•10 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP S/4HANA, SAP SCM, and SAP NetWeaver. The vulnerabilities include remote code execution, code injection, and insecure deserialization, which can be exploited by attackers with user privileges to create or execute malicious code. This...

9.9CVSS10AI score0.78198EPSS
Exploits15References1
NCSC
NCSC
•added 2025/05/21 1:8 p.m.•10 views

Vulnerabilities fixed in VMware products

Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion and vCenter Server. The vulnerabilities include a command-execution vulnerability in vCenter Server that allows authenticated attackers to execute arbitrary code on the server. There is also a denial-of-service...

8.8CVSS6.8AI score0.00785EPSS
Exploits2References1
NCSC
NCSC
•added 2025/05/16 9:42 a.m.•10 views

Vulnerabilities fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron)

Ivanti has fixed vulnerabilities in the Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron. Only the On-prem versions of the EPMM are vulnerable. The vulnerabilities involve an authentication bypass and remote code execution that can be jointly abused to remotely execute code on Ivanti...

8.8CVSS9.9AI score0.99891EPSS
Exploits10References5
NCSC
NCSC
•added 2025/04/14 11:29 a.m.•10 views

Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena. The vulnerabilities in Rockwell Automation Arena are related to local code execution caused by improper validation of user-supplied data. This allows malicious actors to reveal sensitive information and execute arbitrary code when a legitima...

8.5CVSS7.6AI score0.00277EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/11 6:43 p.m.•10 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

8.8CVSS9.1AI score0.58974EPSS
Exploits48
NCSC
NCSC
•added 2025/03/11 12:20 p.m.•10 views

Vulnerabilities fixed in SAP software

SAP has fixed several vulnerabilities in its software components, including SAP Commerce, SAP NetWeaver, and SAP BusinessObjects. The vulnerabilities include Cross-Site Scripting XSS and missing authorization controls, which allow attackers to gain unauthorized access, manipulate data, and reveal...

8.8CVSS7.3AI score0.54862EPSS
Exploits6References1
NCSC
NCSC
•added 2025/02/12 9:35 a.m.•10 views

Vulnerabilities fixed in Ivanti Connect Secure and Ivanti Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The most pressing vulnerabilities include buffer overflow, command injection and code injection. These vulnerabilities allow remote authenticated attackers to remotely execute code, gain unauthorized access to sensitive...

9.9CVSS8AI score0.03705EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/14 7:10 p.m.•10 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious party to trick the...

8.8CVSS7.4AI score0.03148EPSS
Exploits0
Total number of security vulnerabilities4190