Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
added 2026/03/10 8:35 p.m.8 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...

7.8CVSS6AI score0.02818EPSS
Exploits0
NCSC
NCSC
added 2026/03/05 9:5 a.m.8 views

Vulnerabilities fixed in Cisco Secure Firewall systems

Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...

8.6CVSS5.9AI score0.00705EPSS
Exploits0References26
NCSC
NCSC
added 2026/02/11 11:34 a.m.8 views

Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient

Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...

9.6CVSS6AI score0.07454EPSS
Exploits0References3
NCSC
NCSC
added 2026/02/09 10:39 a.m.8 views

Vulnerabilities fixed in n8n

n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...

9.9CVSS6.9AI score0.01713EPSS
Exploits0References10
NCSC
NCSC
added 2026/01/21 9:29 a.m.8 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite. The vulnerabilities are in several components of Oracle E-Business Suite, including Scripting, Workflow, Applications DBA and Configurator. These vulnerabilities can be exploited by unauthenticated or highly privileged attackers, leadin...

9.3CVSS7.6AI score0.01548EPSS
Exploits1References1
NCSC
NCSC
added 2026/01/15 12:16 p.m.8 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 29.8.3, 30.0 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability involves an Unreliable Search Path issue that can lead to arbitrary code execution...

8.6CVSS8AI score0.00221EPSS
Exploits0References1
NCSC
NCSC
added 2025/12/17 7:47 p.m.8 views

Vulnerability in Cisco AsyncOS

Cisco has a vulnerability in Cisco AsyncOS. The vulnerability is in devices using Cisco AsyncOS software in conjunction with Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Exploitation requires the service to be accessible from the Internet and the Spam Quarantine feature to b...

10CVSS6.6AI score0.2906EPSS
Exploits2References1
NCSC
NCSC
added 2025/12/15 9:6 a.m.8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3 and macOS Tahoe 26.2. The vulnerabilities covered a wide range of issues, including memory corruption, logging problems, and unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicio...

9.8CVSS6.8AI score0.32EPSS
Exploits16References3
NCSC
NCSC
added 2025/12/12 9:2 a.m.8 views

Vulnerability fixed in GeoServer

OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...

9.8CVSS6.5AI score0.66753EPSS
Exploits4References1
NCSC
NCSC
added 2025/12/09 6:42 p.m.8 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...

7.5CVSS6.6AI score0.00983EPSS
Exploits0
NCSC
NCSC
added 2025/12/09 6:40 p.m.8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive data. Successful exploitation requires the malicious...

9CVSS7.3AI score0.00992EPSS
Exploits0
NCSC
NCSC
added 2025/11/18 7:4 a.m.8 views

Vulnerabilities fixed in Cisco Unified Contact Center Express

Cisco has fixed vulnerabilities in Cisco Unified Contact Center Express CCX. The vulnerabilities are in the Java RMI process and the Contact Center Express Editor of Cisco Unified CCX. Unauthenticated attackers can exploit these vulnerabilities to upload files, execute commands with root privileg...

9.8CVSS8.4AI score0.00931EPSS
Exploits0References1
NCSC
NCSC
added 2025/11/11 6:34 p.m.8 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...

8.8CVSS5.8AI score0.01114EPSS
Exploits0
NCSC
NCSC
added 2025/10/31 9:34 a.m.8 views

Vulnerabilities fixed in Rockwell Automation COMMS

Rockwell Automation has fixed vulnerabilities in COMMS NATR systems. The vulnerabilities include multiple broken authentication issues that pose serious risks, including denial-of-service attacks, possible takeovers of admin accounts and improper changes to NAT rules. In addition, there is a Stor...

9.9CVSS6.2AI score0.00526EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/27 8:24 a.m.8 views

Vulnerabilities fixed in BIND 9

ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...

8.6CVSS7.1AI score0.1096EPSS
Exploits1References3
NCSC
NCSC
added 2025/10/23 1:51 p.m.8 views

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Oracle Java SE and Oracle GraalVM Specifically for versions 21.0.8 and 25 of Oracle Java SE, and version 21.3.15 of Oracle GraalVM Enterprise Edition. The vulnerabilities allow unauthenticated attackers with network access to compromise systems, which can lead ...

7.5CVSS6.8AI score0.01028EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/23 7:20 a.m.8 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...

8.7CVSS7.5AI score0.64718EPSS
Exploits2References1
NCSC
NCSC
added 2025/10/13 8:31 a.m.8 views

Vulnerabilities fixed in Juniper Networks Junos Space

Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...

9.4CVSS7.1AI score0.00572EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/13 7:52 a.m.8 views

Vulnerability fixed in Oracle E-Business Suite

Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...

7.5CVSS7.1AI score0.97582EPSS
Exploits6References1
NCSC
NCSC
added 2025/10/13 7:25 a.m.8 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2. The vulnerabilities included an issue where specially constructed GraphQL queries could make large repository blobs unresponsive, and a flaw that allowed authenticated users with read-on...

7.7CVSS6.5AI score0.00496EPSS
Exploits1References1
NCSC
NCSC
added 2025/09/12 2:49 p.m.8 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

8.8CVSS6.6AI score0.00645EPSS
Exploits0References1
NCSC
NCSC
added 2025/09/09 11:6 a.m.8 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Apogee, Industial Edge, RUGGEDCOM, SIMATIC, SIMOTION and SINAMICS. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulati...

9.8CVSS8.2AI score0.64718EPSS
Exploits1References7
NCSC
NCSC
added 2025/08/28 7:59 a.m.8 views

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...

9.8CVSS7.2AI score0.92034EPSS
Exploits7References1
NCSC
NCSC
added 2025/08/13 9:59 a.m.8 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.8, 29.6.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...

7.8CVSS7.6AI score0.00303EPSS
Exploits0References1
NCSC
NCSC
added 2025/07/11 1:20 p.m.8 views

Vulnerability fixed in FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands by sending specially crafted HTTP requests. This could compromise the integrity and confidentiality of data managed by FortiWeb. For successful misuse, the...

9.8CVSS9.8AI score0.9671EPSS
Exploits18References1
NCSC
NCSC
added 2025/07/09 8:38 a.m.8 views

Vulnerabilities fixed in Schneider Electric EcoStruxture IT Datacenter Expert

Schneider Electric has fixed vulnerabilities in EcoStruxture IT Datacenter Expert. The vulnerabilities include insufficient control over special elements in OS commands, which can result in unauthenticated external code execution. In addition, there is an issue with insufficient entropy in passwo...

9.5CVSS8.5AI score0.15311EPSS
Exploits6References1
NCSC
NCSC
added 2025/06/30 12:59 p.m.8 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...

8.4CVSS6.9AI score0.007EPSS
Exploits0References1
NCSC
NCSC
added 2025/06/12 11:8 a.m.8 views

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

8.8CVSS7.4AI score0.00352EPSS
Exploits0References1
NCSC
NCSC
added 2025/06/10 6:46 p.m.8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to execute arbitrary code with victim privileges. Since it cannot be ruled out that developers work with elevated privileges, it is plausible that execution of arbitrary code could...

7.8CVSS7.6AI score0.05806EPSS
Exploits1
NCSC
NCSC
added 2025/06/10 6:45 p.m.8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code in the victim's context, potentially gaining access to sensitive data in the victim's context. Successful exploitation...

8.8CVSS7.3AI score0.12606EPSS
Exploits13
NCSC
NCSC
added 2025/06/02 9:0 a.m.8 views

Vulnerability fixed in IBM Tivoli Monitoring

IBM has fixed a vulnerability in IBM Tivoli Monitoring version 6.3.0.7 through Service Pack 19. The vulnerability is in the improper validation of an index within a dynamically allocated array. This issue could allow a malicious person to execute arbitrary code on affected systems. IBM has releas...

9.8CVSS7.6AI score0.00824EPSS
Exploits0References1
NCSC
NCSC
added 2025/05/23 8:55 a.m.8 views

Vulnerabilities fixed in Infoblox NETMRI

Infoblox has fixed vulnerabilities in NETMRI Specific for versions prior to 7.6.1. The vulnerabilities include a critical vulnerability that allows remote authenticated users to access arbitrary files with root privileges, an unauthenticated remote command injection vulnerability that allows...

9.8CVSS8.7AI score0.43042EPSS
Exploits0References4
NCSC
NCSC
added 2025/04/16 3:13 p.m.8 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools versions 8.60, 8.61 and 8.62, Talent Acquisition Manager version 9.2 and Enterprise CC Common Application Objects version 9.2. The vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools, Talent Acquisition Manag...

8.7CVSS7.1AI score0.00814EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/16 3:10 p.m.8 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...

9.8CVSS7.6AI score0.05582EPSS
Exploits2References1
NCSC
NCSC
added 2025/04/16 3:2 p.m.8 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Oracle Analytics. The vulnerabilities allow unauthenticated malicious actors to gain access to sensitive data, attack denial-of-service, and even gain complete control of systems. Specific vulnerabilities in Oracle Business Intelligence Enterprise Edition can...

10CVSS8.1AI score0.46836EPSS
Exploits6References1
NCSC
NCSC
added 2025/04/16 3:1 p.m.8 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed multiple vulnerabilities in several products, including the Utilities Application Framework, WebLogic Server, and Fusion Middleware. The vulnerabilities allow unauthenticated malicious actors to gain access to critical data, cause denial-of-service DoS, and in some cases even gai...

10CVSS7.8AI score0.41611EPSS
Exploits17References1
NCSC
NCSC
added 2025/04/16 3:0 p.m.8 views

Vulnerabilities fixed in Oracle Financial Services

Oracle fixed vulnerabilities in several Financial Services products The vulnerabilities allow unauthenticated malicious parties to access critical data via HTTP, which can lead to unauthorized data access and other security risks. Malicious parties can also exploit misconfigurations and...

9.8CVSS7.8AI score0.54862EPSS
Exploits23References1
NCSC
NCSC
added 2025/04/16 2:58 p.m.8 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of the Oracle E-Business Suite, including the Enterprise Command Center Framework, CRM Technical Foundation, iSupplier Portal, iStore, User...

9.8CVSS8.1AI score0.00729EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/10 11:53 a.m.8 views

Vulnerability fixed in Gladinet CentreStack

Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...

9.8CVSS7.6AI score0.93842EPSS
Exploits6References3
NCSC
NCSC
added 2025/04/09 6:49 a.m.8 views

Vulnerability fixed in FortiSwitch

Fortinet has fixed a vulnerability in the FortiSwitch GUI. The vulnerability with reference CVE-2024-48887, is located in the FortiSwitch GUI, which allows a remote, unauthenticated malicious person to change admin passwords via specially crafted requests. This security issue can lead to...

9.8CVSS6.8AI score0.11374EPSS
Exploits1References1
NCSC
NCSC
added 2025/04/07 2:3 p.m.8 views

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability allows a malicious party to gain unauthenticated remote access via HTTP requests, which can lead to unauthorized access. Systems using CrushFTP's DMZ Proxy instance are not vulnerable...

9.8CVSS6.8AI score0.99947EPSS
Exploits22References2
NCSC
NCSC
added 2025/03/27 2:41 p.m.8 views

Vulnerabilities fixed in Kubernetes Ingress NGINX Controller

Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...

9.8CVSS9.7AI score0.99098EPSS
Exploits21References6
NCSC
NCSC
added 2025/03/25 8:38 a.m.8 views

Vulnerability fixed in Next.js

Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...

9.1CVSS8.7AI score0.99621EPSS
Exploits58References1
NCSC
NCSC
added 2025/03/20 2:10 p.m.8 views

Vulnerability fixed in Veeam Backup & Replication

Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...

9.9CVSS7.8AI score0.18335EPSS
Exploits1References1
NCSC
NCSC
added 2025/03/14 9:14 a.m.8 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

9.8CVSS9.8AI score0.63792EPSS
Exploits6References1
NCSC
NCSC
added 2025/03/12 10:46 a.m.8 views

Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.

Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...

8.6CVSS6.8AI score0.00679EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/24 12:4 p.m.8 views

Vulnerabilities fixed in Mattermost

Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...

9.9CVSS8AI score0.2251EPSS
Exploits1References1
NCSC
NCSC
added 2025/02/21 12:33 p.m.8 views

Vulnerability fixed in XWiki

XWiki has fixed a vulnerability in the system. The vulnerability is in the way XWiki handles the SolrSearch request. This allows a guest to execute arbitrary external code, compromising the confidentiality, integrity and availability of the system. The documentation provides specific steps for...

9.8CVSS7AI score0.99898EPSS
Exploits50References1
NCSC
NCSC
added 2025/02/21 8:8 a.m.8 views

Vulnerabilities fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...

9.1CVSS8.7AI score0.98338EPSS
Exploits8References4
NCSC
NCSC
added 2025/02/13 9:29 a.m.8 views

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...

8.1CVSS7.9AI score0.00938EPSS
Exploits0References1
Total number of security vulnerabilities4190