Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2025/10/23 1:35 p.m.•9 views

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed vulnerabilities in Oracle Financial Services components. The vulnerabilities allow unauthenticated attackers to gain unauthorized access to sensitive data over HTTP. This can lead to unauthorized access and modification of critical data, with a CVSS score of 9.8 highlighting the...

9.8CVSS7.2AI score0.73495EPSS
Exploits9References1
NCSC
NCSC
•added 2025/10/14 6:38 p.m.•9 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges, or gain access to sensitive data in the victim's context. Successful exploitation requires the...

8.8CVSS7.3AI score0.02245EPSS
Exploits0
NCSC
NCSC
•added 2025/09/19 12:0 a.m.•9 views

Vulnerability fixed in Fortra's GoAnywhere MFT

Fortra has fixed a vulnerability in GoAnywhere MFT License Servlet Specifically. The vulnerability is in the deserialization of a controlled object within the License Servlet. An attacker could use a forged license response signature to perform command injection, which could lead to unauthorized...

10CVSS7.1AI score0.99614EPSS
Exploits2
NCSC
NCSC
•added 2025/09/16 12:21 p.m.•9 views

Vulnerabilities fixed in Ivanti products

Ivanti has fixed vulnerabilities in several products such as Connect Secure and Policy Secure. The vulnerabilities are in several Ivanti products and allow remote authenticated attackers with read-only admin rights to change authentication settings, configure restricted settings, hijack existing...

8.9CVSS6.9AI score0.00855EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/10 11:1 a.m.•9 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Adobe Acrobat Reader Specifically for versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier. The vulnerability involves a Use After Free vulnerability that can lead to arbitrary code execution when a user opens a specially crafted malicious file. In...

7.8CVSS7.1AI score0.00331EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/10 10:46 a.m.•9 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23.0 and earlier. The vulnerabilities are in the way Adobe Experience Manager handles security measures. Attackers with limited privileges, can exploit these vulnerabilities to perform unauthorized reads and writes, which ca...

7.7CVSS6.2AI score0.05247EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/10 10:38 a.m.•9 views

Vulnerability fixed in Adobe Dreamweaver

Adobe has fixed a vulnerability in Dreamweaver Desktop Specifically for versions 21.5 and earlier. The vulnerability is in the way Dreamweaver handles CSRF attacks. A malicious party can exploit this vulnerability by allowing a user to interact with a malicious link, which can lead to the executi...

8.6CVSS6.7AI score0.00166EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/26 5:34 p.m.•9 views

Vulnerabilities fixed in Citrix NetScaler ADC and Gateway

Citrix has fixed vulnerabilities in the NetScaler ADC and Gateway The vulnerabilities are related to memory overflow and improper access control configurations. Malicious parties can exploit the vulnerabilities to cause a Denial-of-Service and potentially execute arbitrary code on the vulnerable...

9.8CVSS9.3AI score0.18973EPSS
Exploits6References5
NCSC
NCSC
•added 2025/08/20 12:15 p.m.•9 views

Vulnerabilities fixed in Commvault

Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...

8.8CVSS8.5AI score0.20719EPSS
Exploits4References3
NCSC
NCSC
•added 2025/08/15 8:52 a.m.•9 views

Vulnerabilities fixed in Cisco Secure Firewall Software

Cisco has fixed multiple vulnerabilities in Cisco Secure Firewall Software including ASA and FTD. The vulnerabilities are in the way Cisco Secure Firewall handles key exchange IKEv2, with this it is possible for an unauthenticated attacker to perform a denial-of-service attack. The vulnerability...

10CVSS7.9AI score0.14468EPSS
Exploits1References1
NCSC
NCSC
•added 2025/08/11 7:36 a.m.•9 views

Vulnerability fixed in WinRAR

Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...

8.8CVSS7.7AI score0.85778EPSS
Exploits35References1
NCSC
NCSC
•added 2025/07/30 1:2 p.m.•9 views

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...

9.8CVSS7AI score0.09185EPSS
Exploits3References7
NCSC
NCSC
•added 2025/07/19 11:40 a.m.•9 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openi...

8.8CVSS8.6AI score0.99907EPSS
Exploits9References1
NCSC
NCSC
•added 2025/06/12 11:12 a.m.•9 views

Vulnerabilities fixed in Trend Micro Apex One and Apex Central

Trend Micro has fixed vulnerabilities in Apex One and Apex Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Trend Micro has released updates to fix the vulnerabilities. See attached...

9.8CVSS7.9AI score0.01944EPSS
Exploits0References2
NCSC
NCSC
•added 2025/06/11 6:58 a.m.•9 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scripts into form fields,...

8.4CVSS6.1AI score0.007EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/23 8:40 a.m.•9 views

Vulnerabilities fixed in ABB ASPECT product line

ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...

9.5CVSS8.1AI score0.00582EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 8:16 a.m.•9 views

Vulnerability fixed in Ivanti Neurons for ITSM

Ivanti has fixed a vulnerability in Ivanti Neurons On-prem for ITSM Versions for 2023.4, 2024.2, and 2024.3 The vulnerability involves a critical authentication bypass that allows remote, unauthenticated attackers to gain administrative access. This could lead to unauthorized actions within the...

9.8CVSS9.4AI score0.01871EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/13 6:35 p.m.•9 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...

10CVSS8.4AI score0.01533EPSS
Exploits0References9
NCSC
NCSC
•added 2025/04/17 7:14 a.m.•9 views

Vulnerabilities fixed in Siemens TeleControl Server

Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...

9.8CVSS8.2AI score0.00912EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/09 2:41 p.m.•9 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specifically for versions prior to 2024 SU1 and 2022 SU7. An attacker can exploit multiple vulnerabilities in Ivanti Endpoint Manager to elevate privileges, conduct cross-site scripting attacks, execute arbitrary code, manipulate data an...

9.6CVSS7AI score0.01311EPSS
Exploits1References1
NCSC
NCSC
•added 2025/04/09 8:8 a.m.•9 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerabilities are in the way ColdFusion handles input validation, authentication, access and deserialization of untrusted data. Malicious parties can exploit these vulnerabilities t...

9.1CVSS7.6AI score0.19687EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/17 6:36 p.m.•9 views

Vulnerability fixed in Apache Tomcat

Apache has fixed a vulnerability in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. The vulnerability is in the way the server handles HTTP PUT requests. By sending a malicious PUT request, an attacker can upload arbitrary files and...

9.8CVSS8.7AI score0.99945EPSS
Exploits46References1
NCSC
NCSC
•added 2025/03/11 6:44 p.m.•9 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...

7.8CVSS7.3AI score0.00916EPSS
Exploits0
NCSC
NCSC
•added 2025/03/11 6:44 p.m.•9 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it cannot be ruled out that...

7.7CVSS7.7AI score0.00911EPSS
Exploits1
NCSC
NCSC
•added 2025/02/21 8:40 a.m.•9 views

Vulnerabilities fixed in IBM Cognos Controller

IBM has fixed vulnerabilities in IBM Cognos Controller Versions 11.0.0 to 11.0.1 FP3 and 11.1.0. The vulnerabilities allow a malicious person to perform attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site-Scripting XSS. - Circumvention of a security...

10CVSS7.5AI score0.08235EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/11 7:17 p.m.•9 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with developer privileges. Successful exploitation requires the malicious party to trick the victim into opening...

9.8CVSS7.7AI score0.0143EPSS
Exploits0
NCSC
NCSC
•added 2024/12/11 8:46 a.m.•9 views

Vulnerabilities fixed in Adobe Connect

Adobe has fixed vulnerabilities in Adobe Connect Versions 12.6, 11.4.7 and earlier. The vulnerabilities include both stored and reflected Cross-Site Scripting XSS that allow attackers to insert and execute malicious scripts in users' browsers. This can lead to unauthorized actions in the context ...

9.3CVSS6.1AI score0.00893EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/09 1:37 p.m.•9 views

Vulnerabilities fixed in Mitel MiCollab

Mitel has fixed vulnerabilities in Mitel MiCollab Specifically the Unified Messaging and Conferencing components. The vulnerabilities are in the way Mitel MiCollab components handle user input. An attacker can exploit these vulnerabilities to gain unauthorized access to user data and system...

9.4CVSS8.3AI score0.98067EPSS
Exploits3References5
NCSC
NCSC
•added 2024/12/06 1:5 p.m.•9 views

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products such as Jira, Bamboo and Confluence. The vulnerabilities are in several third-party components from developers such as Oracle, RedHat and the Apache consortium. These vulnerabilities can lead to memory exhaustion and denial-of-service DoS du...

9.2CVSS7.4AI score0.24928EPSS
Exploits4References1
NCSC
NCSC
•added 2024/12/06 11:48 a.m.•9 views

Vulnerabilities fixed in SonicWall SMA100 SSLVPN

SonicWall has fixed vulnerabilities in the SMA100 SSLVPN Specifically for firmware versions 10.2.1.13-72sv and earlier. The vulnerabilities in the SonicWall SMA100 SSLVPN include a heap-based buffer overflow, a stack-based buffer overflow, and a problem with the certificate requirement during...

9.1CVSS8.9AI score0.99957EPSS
Exploits1References1
NCSC
NCSC
•added 2024/10/30 11:26 a.m.•9 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measure Apple...

9.8CVSS8.1AI score0.41611EPSS
Exploits0References3
NCSC
NCSC
•added 2024/10/17 1:20 p.m.•9 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in MySQL. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to access and potentially manipulate sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

9.8CVSS7.4AI score0.8496EPSS
Exploits4References1
NCSC
NCSC
•added 2024/10/17 1:19 p.m.•9 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Analytics products. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service - Manipulation of data - Execution of arbitrary code User Rights - Execution of arbitrary code...

10CVSS7.7AI score0.78483EPSS
Exploits7References1
NCSC
NCSC
•added 2024/10/09 1:38 p.m.•9 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Remote code executi...

9.8CVSS7.7AI score0.0108EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/11 9:31 a.m.•9 views

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: - Denial-of-Service DoS - Remote code execution User rights - Access to system data Adobe has released updates to fix the...

9.8CVSS7.8AI score0.30326EPSS
Exploits0References6
NCSC
NCSC
•added 2024/08/12 10:34 a.m.•9 views

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or potentially execute arbitrary code with application privileges. To execute arbitrary code, the malicious party needs prior elevated...

9.9CVSS8AI score0.01603EPSS
Exploits0References4
NCSC
NCSC
•added 2024/08/06 9:29 a.m.•9 views

Vulnerabilities fixed in Siemens Omnivise

Siemens Energy has fixed vulnerabilities in Omnivise T3000. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges on the vulnerable system and thus execute arbitrary code, possibly with system privileges. For successful abuse, the malicious party must be...

9.8CVSS7.4AI score0.11452EPSS
Exploits3References1
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•9 views

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remo...

9.8CVSS7.7AI score0.54026EPSS
Exploits12References23
NCSC
NCSC
•added 2024/06/11 12:37 p.m.•9 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...

8.1CVSS6.4AI score0.00541EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 11:33 a.m.•9 views

Vulnerabilities fixed in Schneider Electric Sage RTU systems

Schneider Electric has fixed vulnerabilities in Sage RTU devices. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Bypassing authentication - Circumvention of security...

9.8CVSS7.9AI score0.01025EPSS
Exploits0References2
NCSC
NCSC
•added 2024/05/27 7:50 a.m.•9 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google says it has received reports of limited and targeted abuse o...

9.6CVSS7.4AI score0.1002EPSS
Exploits3References1
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•9 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Excel and Sharepoint. A malicious party can exploit the vulnerabilities to execute arbitrary code execute with the victim's privileges, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a...

7.8CVSS7.2AI score0.8399EPSS
Exploits1
NCSC
NCSC
•added 2024/05/14 12:0 a.m.•9 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products including. Parasolid, Ruggedcom, SIMATIC, SICAM and Tecnomatix. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS...

10CVSS7.3AI score0.78483EPSS
Exploits12
NCSC
NCSC
•added 2024/04/26 12:0 a.m.•9 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to sensitive data or, under specific circumstances, to take over an account ta...

8.8CVSS7.1AI score0.25965EPSS
Exploits3
NCSC
NCSC
•added 2024/04/25 12:0 a.m.•9 views

Vulnerability fixed in MongoDB Compass

MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...

7.1CVSS7.8AI score0.00231EPSS
Exploits0
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•9 views

Vulnerabilities Fixed in Lexmark Multifunctionals

Lexmark has fixed vulnerabilities in the firmware of several types of multifunction devices. A malicious person could exploit them to bypass a security measure and thus provide the vulnerable system with outdated, or potentially rogue, firmware, or to execute arbitrary code on the system. Lexmark...

8.8CVSS7.9AI score0.00609EPSS
Exploits0
NCSC
NCSC
•added 2024/02/28 12:0 a.m.•9 views

Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager

Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. A malicious party could exploit the vulnerabilities to execute digital attacks that can result in the following categories of damage: Remote code execution User rights; Remote code execution Administrator/Root rights; Cross-Sit...

9.8CVSS7AI score0.80819EPSS
Exploits15
NCSC
NCSC
•added 2024/02/05 12:0 a.m.•9 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to bypass security measures, grant himself elevated privileges granted and execute code with administrator privileges and gain access to sensitive data on the vulnerable system. Successful misuse...

9.8CVSS7.4AI score0.01405EPSS
Exploits0
NCSC
NCSC
•added 2024/01/25 12:0 a.m.•9 views

Vulnerabilities fixed in Jenkins

Several vulnerabilities have been fixed in Jenkins core and modules. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Circumvention of security...

9.8CVSS8AI score0.99999EPSS
Exploits47
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system da...

9.8CVSS8.2AI score0.9077EPSS
Exploits14
Total number of security vulnerabilities4190