Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2026/06/23 9:52 a.m.•7 views

Vulnerabilities in MongoDB Server

MongoDB has identified several vulnerabilities in the MongoDB Server. These vulnerabilities concern various components of the MongoDB Server. One vulnerability in the logging mechanism can cause entire authentication data, including sensitive credentials, to be recorded in server logs without...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References14
NCSC
NCSC
•added 2026/04/30 8:0 a.m.•7 views

Vulnerability handling functions in cPanel and WHM

cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...

9.8CVSS6AI score0.981EPSS
Exploits64References1
NCSC
NCSC
•added 2026/04/22 12:46 p.m.•7 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified vulnerabilities in Enterprise Manager Base Platform 13.5, 24.1. These vulnerabilities enable unauthorized attackers to gain unauthorized access, or they can lead to a denial-of-service attack via HTTP. Oracle has released updates for Enterprise Manager Base Platform to addre...

9.1CVSS6.8AI score0.00743EPSS
Exploits1References1
NCSC
NCSC
•added 2026/04/14 12:55 p.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

9.9CVSS5.9AI score0.00501EPSS
Exploits2References1
NCSC
NCSC
•added 2026/04/10 12:11 p.m.•7 views

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/03 8:20 a.m.•7 views

Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights

Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...

6.5CVSS6.4AI score0.00489EPSS
Exploits0References3
NCSC
NCSC
•added 2026/03/12 7:46 a.m.•7 views

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

8.1CVSS6.2AI score0.01667EPSS
Exploits0References6
NCSC
NCSC
•added 2026/03/10 8:35 p.m.•7 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...

7.8CVSS6AI score0.02818EPSS
Exploits0
NCSC
NCSC
•added 2026/03/10 2:20 p.m.•7 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...

8.6CVSS6.3AI score0.81089EPSS
Exploits0References2
NCSC
NCSC
•added 2026/01/23 8:54 a.m.•7 views

Vulnerability fixed in BIND 9

ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...

7.5CVSS5.6AI score0.08219EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/14 1:45 p.m.•7 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions 21.0, 19.5.5 and earlier. The vulnerabilities include an improperly initialized pointer that leads to arbitrary code execution, a heap-based buffer overflow that also enables arbitrary code execution without further use...

7.8CVSS8.1AI score0.00238EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/09 11:14 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Trend Micro Apex Central. The vulnerabilities are in the way Trend Micro Apex Central handles certain input. An attacker can cause a denial-of-service DoS without authentication by using an unverified NULL return value. In addition, malicious actors can ga...

9.8CVSS8AI score0.0322EPSS
Exploits3References1
NCSC
NCSC
•added 2026/01/09 11:11 a.m.•7 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...

9.6CVSS6.5AI score0.0062EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/12 9:2 a.m.•7 views

Vulnerability fixed in GeoServer

OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...

9.8CVSS6.5AI score0.66753EPSS
Exploits4References1
NCSC
NCSC
•added 2025/12/11 1:53 p.m.•7 views

Vulnerability fixed in Barracuda Service Center

Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...

10CVSS7.2AI score0.22007EPSS
Exploits1References2
NCSC
NCSC
•added 2025/12/11 1:51 p.m.•7 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU4 SR1. The vulnerabilities are located in several components of Ivanti Endpoint Manager. The first vulnerability involves a stored XSS vulnerability that allows unauthenticated attackers to execute...

9.6CVSS6.5AI score0.29494EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/11 9:22 a.m.•7 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...

8.7CVSS6.8AI score0.0076EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/09 6:42 p.m.•7 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...

7.5CVSS6.6AI score0.00983EPSS
Exploits0
NCSC
NCSC
•added 2025/11/21 4:6 p.m.•7 views

Vulnerabilities fixed in SonicWall Email Security appliances

SonicWall has fixed vulnerabilities in SonicWall Email Security appliances. The vulnerabilities are in the way SonicWall Email Security appliances handle untrusted root filesystem images and directory traversal. An attacker can exploit these vulnerabilities to execute uncontrolled code or gain...

9.8CVSS7.7AI score0.00292EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/21 4:6 p.m.•7 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions before 2024.1.8 and from 2025.0.0 to before 2025.0.4. The vulnerability involves a server-side request forgery SSRF. This vulnerability allows attackers to send unauthorized requests from the server, which can lead to...

6.9CVSS6.8AI score0.00233EPSS
Exploits0References3
NCSC
NCSC
•added 2025/11/18 7:3 a.m.•7 views

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...

10CVSS7.3AI score0.00632EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/18 7:2 a.m.•7 views

Vulnerabilities fixed in Zoom Workplace and Zoom Clients

Zoom has fixed vulnerabilities in Zoom Workplace and Zoom Clients Specifically for versions prior to 6.5.10. The vulnerabilities include improper validation of certificates, cross-site scripting, and improper handling of sensitive information, which can lead to unauthorized access and information...

9.8CVSS6.5AI score0.00416EPSS
Exploits0References9
NCSC
NCSC
•added 2025/11/11 6:34 p.m.•7 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...

8.8CVSS5.8AI score0.01114EPSS
Exploits0
NCSC
NCSC
•added 2025/11/11 6:29 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...

9.8CVSS8.6AI score0.061EPSS
Exploits9
NCSC
NCSC
•added 2025/11/11 6:14 p.m.•7 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...

9.3CVSS8.6AI score0.0118EPSS
Exploits0References6
NCSC
NCSC
•added 2025/11/04 10:27 a.m.•7 views

Vulnerability fixed in CFMOTO Ride vehicle data management systems

CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...

8.5CVSS6.7AI score0.00154EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/20 1:3 p.m.•7 views

Vulnerabilities fixed in Moxa's network security devices

Moxa has fixed vulnerabilities in their network security devices. The vulnerabilities in Moxa's network security devices include improper authorization that allows unauthorized access to protected API endpoints, as well as an issue with access control mechanisms that can lead to privilege...

9.9CVSS7.3AI score0.00658EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/17 8:4 a.m.•7 views

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in several SAP products. The vulnerabilities include a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary OS commands, and a CSRF vulnerability that allows authenticated attackers to bypass critical authorization controls. In...

10CVSS7.8AI score0.02882EPSS
Exploits1
NCSC
NCSC
•added 2025/10/14 6:38 p.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges, or gain access to sensitive data in the victim's context. Successful exploitation requires the...

8.8CVSS7.3AI score0.02245EPSS
Exploits0
NCSC
NCSC
•added 2025/10/13 8:31 a.m.•7 views

Vulnerabilities fixed in Juniper Networks Junos Space

Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...

9.4CVSS7.1AI score0.00572EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/13 7:52 a.m.•7 views

Vulnerability fixed in Oracle E-Business Suite

Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...

7.5CVSS7.1AI score0.97582EPSS
Exploits6References1
NCSC
NCSC
•added 2025/09/30 8:29 a.m.•7 views

Vulnerabilities fixed in VMware NSX

VMware fixed vulnerabilities in VMware NSX The vulnerabilities in VMware NSX include a weak password recovery mechanism that allows unauthenticated attackers to enumerate valid usernames, which can result in potential brute-force attacks on login credentials. Additionally, there is a username...

8.5CVSS7AI score0.01022EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/16 1:38 p.m.•7 views

Vulnerabilities fixed in Spring Framework

VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/12 3:23 p.m.•7 views

Vulnerabilities fixed in Omnissa Workspace ONE UEM

Omnissa has fixed vulnerabilities in Omnissa Workspace ONE UEM. The vulnerabilities are located in the API endpoints of Omnissa Workspace ONE UEM. The first vulnerability allows malicious parties to gain unauthorized access to sensitive information using the Path Traversal technique. This can lea...

7.5CVSS6.6AI score0.19076EPSS
Exploits1References1
NCSC
NCSC
•added 2025/09/10 10:24 a.m.•7 views

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in the ColdFusion platform, including versions 2025.3, 2023.15, 2021.21 and earlier. The vulnerability is in the way the ColdFusion platform allows path traversal. The vulnerability can be exploited by attackers to execute arbitrary code on affected systems. This c...

10CVSS7.6AI score0.19934EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/09 6:25 p.m.•7 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. The most serious vulnerability is in the High-Performance Compute Pack HPC and allows an unauthenticated malicious pers...

9.8CVSS7.9AI score0.01923EPSS
Exploits0
NCSC
NCSC
•added 2025/08/14 12:38 p.m.•7 views

Vulnerabilities fixed in N-able N-Central

N-able has fixed vulnerabilities in N-Central. The vulnerabilities include insecure deserialization that poses the risk of command execution, and command injection that stems from improper sanitization of user input. An attacker could exploit these vulnerabilities to execute unauthorized commands...

9.4CVSS8.1AI score0.03171EPSS
Exploits1References1
NCSC
NCSC
•added 2025/08/13 7:25 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...

9.8CVSS7.9AI score0.36074EPSS
Exploits12References1
NCSC
NCSC
•added 2025/08/13 7:19 a.m.•7 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are related to improper access management and SQL injection, which allows authorized attackers to escalate privileges within a network. This can lead to unauthorized access and manipulation of sensitive data. The vulnerabiliti...

8.8CVSS7.4AI score0.01516EPSS
Exploits2References1
NCSC
NCSC
•added 2025/07/31 11:12 a.m.•7 views

Vulnerability fixed in SonicWall SonicOS

SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSL VPN interface handles externally controlled formatting strings. This can be exploited by external, unauthenticated attackers, leading to service disruptions. Attackers can exploit this vulnerability to affect...

9.8CVSS6.9AI score0.00875EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/28 7:52 a.m.•7 views

Vulnerabilities fixed in Salesforce Tableau Server

Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...

8.5CVSS7.2AI score0.00416EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/18 9:51 a.m.•7 views

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerability with reference CVE-2025-5777 involves an Out-of-Bounds Read. This vulnerability arises from insufficient input validation in systems configured as Gateway services. These include VPN virtual servers, ICA...

9.8CVSS8.9AI score0.99897EPSS
Exploits21References5
NCSC
NCSC
•added 2025/07/09 8:57 a.m.•7 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.6, 29.5.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...

7.8CVSS7.6AI score0.00251EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/08 6:26 p.m.•7 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...

8.8CVSS7.4AI score0.02775EPSS
Exploits9
NCSC
NCSC
•added 2025/06/19 8:42 a.m.•7 views

Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z

Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...

8.6CVSS6.9AI score0.00481EPSS
Exploits0References2
NCSC
NCSC
•added 2025/06/05 10:37 a.m.•7 views

Vulnerabilities fixed in HPE StoreOnce Software

HPE has fixed vulnerabilities in HPE StoreOnce Software. The vulnerabilities include command injection and remote code execution, which can lead to unauthorized access and control of affected systems. In addition, there are vulnerabilities for authentication bypass, directory traversal and...

9.8CVSS8.4AI score0.01291EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/23 8:28 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...

9.8CVSS7.7AI score0.01605EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/16 12:41 p.m.•7 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...

9.6CVSS7.1AI score0.05329EPSS
Exploits3References1
NCSC
NCSC
•added 2025/05/14 1:50 p.m.•7 views

Vulnerability fixed in FortiVoice

Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...

9.8CVSS9.9AI score0.31419EPSS
Exploits3References1
NCSC
NCSC
•added 2025/05/14 8:25 a.m.•7 views

Vulnerability fixed in Adobe Illustrator

Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...

7.8CVSS7.2AI score0.0046EPSS
Exploits0References1
Total number of security vulnerabilities4190