Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2022/04/20 12:0 a.m.•10 views

Vulnerabilities fixed in Liferay

Vulnerabilities have been fixed in Liferay Portal versions 7.3.3 through through 7.4.1. The vulnerabilities allow a malicious party to perform a Cross-Site Scripting attack or unintentionally view the list of groups and sites used within the portal. Liferay has made updates available for Liferay...

5.4CVSS6.5AI score0.00738EPSS
Exploits0
NCSC
NCSC
•added 2022/02/28 12:0 a.m.•10 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Remote code execution User rights The vulnerabilit...

10CVSS7.5AI score0.80004EPSS
Exploits6
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...

8.8CVSS7.5AI score0.16825EPSS
Exploits1
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•10 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system...

9.1CVSS6.9AI score0.0112EPSS
Exploits6
NCSC
NCSC
•added 2021/12/29 12:0 a.m.•10 views

Vulnerability fixed in Apache Log4j

A vulnerability has been fixed in Apache Log4j. The vulnerability with reference CVE-2021-44832 allows a malicious person to execute execute arbitrary code. To exploit the vulnerability an attacker must have the ability to modify a configuration file modify a configuration file that the vulnerabl...

10CVSS9.4AI score0.99999EPSS
Exploits353
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•10 views

Vulnerabilities fixed in Grafana

Grafana Labs has fixed two vulnerabilities in Grafana. The vulnerabilities allow an authenticated malicious person to to gain access to sensitive data. This data is limited to arbitrary .md and .csv files. Obtaining unauthorized access to csv files requires it is necessary that the resource...

7.5CVSS8.5AI score0.88849EPSS
Exploits44
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•10 views

Vulnerability fixed in Apache Log4j2

A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...

10CVSS7.5AI score0.99999EPSS
Exploits351
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•10 views

Vulnerability fixed in FortiWeb

FortiNet has released new versions that fix a vulnerability fix in FortiWeb. The vulnerability allows a remote malicious remote user to execute arbitrary code under permissions of the application. FortiNet has released updates to fix the vulnerability. More information can be found on the page...

9CVSS7.6AI score0.7727EPSS
Exploits2
NCSC
NCSC
•added 2021/08/09 12:0 a.m.•10 views

Vulnerabilities fixed in IBM Workload Scheduler

IBM has fixed vulnerabilities in Workload Scheduler. The vulnerabilities allow an unauthenticated malicious person to opportunity to cause a denial-of-service and to bypass a security measure. IBM categorizes these vulnerabilities using the CVSSv3 method with a highest score of 7.5. IBM has...

7.5CVSS9.2AI score0.62906EPSS
Exploits6
NCSC
NCSC
•added 2021/07/22 12:0 a.m.•10 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit the vulnerabilities to cause the following types of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data All of the vulnerabilities describe...

9.8CVSS8.5AI score0.03653EPSS
Exploits2
NCSC
NCSC
•added 2021/07/16 12:0 a.m.•10 views

Vulnerabilities fixed in Icinga Web

Vulnerabilities have been fixed in Icinga Web. A malicious person could exploit the vulnerabilities to gain access to sensitive data, including login credentials to underlying systems such as Databases. Also, a malicious party could potentially cause a Denial-of-Service cause. Icinga has released...

8.8CVSS6.7AI score0.06975EPSS
Exploits5
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote cod...

9.8CVSS6.8AI score0.86132EPSS
Exploits72
NCSC
NCSC
•added 2021/06/01 12:0 a.m.•10 views

Vulnerabilities fixed in Red Hat Openshift Container Platform

Red Hat has released updates to a large number of packages for its OpenShift Container Platform. The packages include several applications for which security advisories have previously been written, but for which Red Hat is now releasing a bundle for OpenShift 4.7.13 Malicious parties can exploit...

9.8CVSS7AI score0.3783EPSS
Exploits29
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•10 views

Vulnerability fixed in Tomcat

Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...

7.5CVSS6.7AI score0.18114EPSS
Exploits15
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Windows

Vulnerabilities have been fixed in Windows. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Impersonating another user Access to sensitive...

9.8CVSS7.5AI score0.61648EPSS
Exploits4
NCSC
NCSC
•added 2021/02/25 12:0 a.m.•10 views

Vulnerabilities fixed in the Ubuntu kernel

Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...

8.8CVSS7.7AI score0.06563EPSS
Exploits19
NCSC
NCSC
•added 2021/01/21 12:0 a.m.•10 views

Vulnerability fixed in Oracle Siebel

Oracle has fixed several vulnerabilities in Siebel. The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service Manipulation of data...

7.6CVSS7.8AI score0.99019EPSS
Exploits22
NCSC
NCSC
•added 2020/11/24 12:0 a.m.•10 views

Vulnerability fixed in IBM Spectrum Protect Operations Center

IBM has fixed a vulnerability in Spectrum Protect Operations Center. A malicious person with network access to the system could potentially exploit the vulnerability potentially exploit it to obtain information about the system. IBM has released updates to fix the vulnerability in Spectrum Protec...

5.3CVSS6.6AI score0.01546EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•10 views

Vulnerability fixed in Adobe Dreamweaver

Adobe has fixed a vulnerability in Dreamweaver. The vulnerability allows a malicious party to obtain elevated rights to obtain. Adobe has released updates to fix the vulnerability. More information can be found on the page below: https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.htm...

7.8CVSS6.6AI score0.00668EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•10 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Enterprise Monitor The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks that result in the following...

9.3CVSS9.2AI score0.87553EPSS
Exploits4
NCSC
NCSC
•added 2020/10/16 12:0 a.m.•10 views

Vulnerabilities fixed in Blackberry Android

Blackberry has fixed multiple vulnerabilities in Blackberry Powered by Android. The vulnerabilities allow a malicious person, either remote or otherwise, to launch attacks that can lead to the following types of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system dat...

10CVSS6.3AI score0.12651EPSS
Exploits1
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•10 views

Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel

Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. A malicious party could potentially exploit them to cause a denial-of-service or to obtain elevated privileges on the vulnerable system. -= Oracle =- Oracle has made updates available for Oracle Linux 6. You can instal...

8CVSS8AI score0.01455EPSS
Exploits1
NCSC
NCSC
•added 2020/07/15 12:0 a.m.•10 views

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in Oracle Java SE. A malicious party could exploit the vulnerabilities to execute arbitrary code or for causing a denial-of-service. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

8.3CVSS7.2AI score0.05166EPSS
Exploits0
NCSC
NCSC
•added 2020/07/14 12:0 a.m.•10 views

Large number of linux vulnerabilities in SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

Siemens has published a large number of vulnerabilities in the Linux subsystem of the SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP. Malicious parties can exploit the vulnerabilities to cause various types of damage, the most important of which are: Execution of arbitrary code with privileges of the...

10CVSS7.2AI score0.98745EPSS
Exploits95
NCSC
NCSC
•added 2020/05/22 12:0 a.m.•10 views

Vulnerability fixed in Apache Tomcat

The developers of Apache Tomcat have fixed a vulnerability fixed that could potentially allow a remote malicious person to execute arbitrary code under the application's permissions. This is possible if: the malicious party has control of a file on the server; PersistenceManager is used in...

7CVSS9.3AI score0.56636EPSS
Exploits15
NCSC
NCSC
•added 2020/03/10 12:0 a.m.•10 views

Fixed several vulnerabilities in SAP products.

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data SAP reports a...

10CVSS7.1AI score0.98376EPSS
Exploits7
NCSC
NCSC
•added 2026/07/01 8:52 a.m.•9 views

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unlimited uploading of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting XSS, and Server-Side...

10CVSS6AI score0.01396EPSS
Exploits3References1
NCSC
NCSC
•added 2026/06/19 6:52 a.m.•9 views

Vulnerabilities in Cisco Identity Services Engine

Cisco has addressed several vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC. These vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative privileges can send special...

9.1CVSS6.2AI score0.00748EPSS
Exploits0References1
NCSC
NCSC
•added 2026/06/17 9:25 a.m.•9 views

Vulnerabilities in Oracle JD Edwards EnterpriseOne

Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...

9.9CVSS5.5AI score0.00483EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/08 1:8 p.m.•9 views

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

8.8CVSS6.2AI score0.00712EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/01 6:13 a.m.•9 views

Vulnerability avoidance in the Linux kernel cryptographic subsystem

The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...

7.8CVSS6.8AI score0.96267EPSS
Exploits228References1
NCSC
NCSC
•added 2026/04/23 11:21 a.m.•9 views

Vulnerabilities handled in GitLab EE and CE

GitLab Inc. has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, particularly in versions ranging from 9.2 to 18.11.1, including various 18.x releases. These vulnerabilities affect various components of GitLab, such as the discussions endpoint, GraphQL AP...

8.1CVSS5.8AI score0.00407EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/25 2:2 p.m.•9 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include several issues such as improper path management, memory management, and insufficient input validation, which could lead to unauthorized access to sensitive data, unexpected application terminations, and other...

9.8CVSS5.8AI score0.00865EPSS
Exploits5References2
NCSC
NCSC
•added 2026/03/12 7:12 a.m.•9 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerability is in the way input in form fields is sanitized. This allows attackers to insert malicious JavaScript code. When other users open the affected content, the injected scripts are executed in...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/12 6:49 a.m.•9 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce up to version 2.4.9-alpha3. The vulnerabilities include improper input validation that can cause a denial-of-service without user interaction, and multiple improper authorization issues that allow attackers to bypass security mechanisms and gain...

8.7CVSS5.8AI score0.00636EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/10 12:39 p.m.•9 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Heliox, Ruggedcom, SICAM, SIDIS and SIMATIC. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

9.8CVSS7.4AI score0.85844EPSS
Exploits12References5
NCSC
NCSC
•added 2026/03/04 2:3 p.m.•9 views

Vulnerability fixed in n8n Automation Platform

N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...

9.4CVSS6.4AI score0.00765EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/20 10:13 a.m.•9 views

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in GitHub Enterprise Server Specifically for versions before 3.20, 3.19.2, 3.18.5 and 3.17.11. The first vulnerability concerns an authorization issue that allowed attackers to merge unauthorized pull-requests into repositories that provide fork support. The secon...

7.1CVSS5.6AI score0.0039EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/19 8:29 a.m.•9 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...

8.8CVSS6.5AI score0.2202EPSS
Exploits12References2
NCSC
NCSC
•added 2026/02/11 11:34 a.m.•9 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...

8.1CVSS5.8AI score0.01365EPSS
Exploits2References4
NCSC
NCSC
•added 2026/02/10 7:5 p.m.•9 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...

8.8CVSS6.4AI score0.00902EPSS
Exploits0
NCSC
NCSC
•added 2026/02/09 10:41 a.m.•9 views

Vulnerability fixed in PEAR

PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...

9.8CVSS5.9AI score0.00395EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/06 9:22 a.m.•9 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...

8.8CVSS5.7AI score0.00384EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/22 9:49 a.m.•9 views

Vulnerabilities fixed in Cisco Unified Communications products

Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...

9.8CVSS5.8AI score0.04307EPSS
Exploits1References4
NCSC
NCSC
•added 2026/01/21 2:15 p.m.•9 views

Vulnerability fixed in GNU Inetutils telnetd

Security researchers have found a a vulnerability in Inetutils telnetd version 2.7. This vulnerability has been present since version 1.9.3 that came out in 2015, according to the researchers. The vulnerability is in the way the telnetd service handles the USER environment variable. By setting th...

9.8CVSS5.7AI score0.98871EPSS
Exploits61References4
NCSC
NCSC
•added 2026/01/21 10:10 a.m.•9 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in several subcomponents of Hyperon products. The vulnerabilities allow unauthenticated attackers to compromise systems, perform denial-of-service attacks, and modify or steal sensitive data. Oracle has released updates to fix the vulnerabilities. See attached...

9.1CVSS6.6AI score0.26049EPSS
Exploits2References1
NCSC
NCSC
•added 2026/01/21 9:19 a.m.•9 views

Vulnerabilities fixed in Oracle Database Server products

Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...

10CVSS6.9AI score0.38701EPSS
Exploits12References1
NCSC
NCSC
•added 2026/01/13 7:19 p.m.•9 views

Vulnerability fixed in Microsoft Developer Tools

Microsoft has fixed a vulnerability in Inbox COM Objects. A malicious party could exploit the vulnerability to execute arbitrary code in the context of the vulnerable application without prior authentication. Inbox Component Object Model COM objects is an architecture for developers to develop...

7CVSS7.5AI score0.0034EPSS
Exploits0
NCSC
NCSC
•added 2026/01/08 12:34 p.m.•9 views

Vulnerability fixed in n8n

N8n has fixed a vulnerability in versions below 1.121.0. The vulnerability in allows unauthorized external malicious parties to access files on the underlying server via specific, form-based workflows. This could expose sensitive information stored on the system and, depending on the configuratio...

10CVSS6.6AI score0.71647EPSS
Exploits18References2
NCSC
NCSC
•added 2025/12/31 2:29 p.m.•9 views

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...

7.2CVSS6.5AI score0.19769EPSS
Exploits1References1
Total number of security vulnerabilities4190