Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2025/05/23 8:28 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...

9.8CVSS7.7AI score0.01605EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/16 12:41 p.m.•7 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...

9.6CVSS7.1AI score0.05329EPSS
Exploits3References1
NCSC
NCSC
•added 2025/05/14 1:50 p.m.•7 views

Vulnerability fixed in FortiVoice

Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...

9.8CVSS9.9AI score0.31419EPSS
Exploits3References1
NCSC
NCSC
•added 2025/05/14 8:25 a.m.•7 views

Vulnerability fixed in Adobe Illustrator

Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...

7.8CVSS7.2AI score0.0046EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 8:18 a.m.•7 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Versions 2025.1, 2023.13, 2021.19 and earlier. The vulnerabilities are in the way ColdFusion handles input validation and authorization. Highly privileged attackers can execute arbitrary code without user interaction, which can lead to unauthorized...

9.1CVSS7.6AI score0.3768EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 7:13 a.m.•7 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...

10CVSS8.4AI score0.14859EPSS
Exploits2References14
NCSC
NCSC
•added 2025/05/13 7:14 p.m.•7 views

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender for Endpoint and Defender for Identity. A malicious party could exploit the vulnerabilities to impersonate another user and assign themselves elevated privileges, enabling execution of arbitrary code with SYSTEM privileges. For successful...

6.7CVSS9.3AI score0.00626EPSS
Exploits0
NCSC
NCSC
•added 2025/04/17 7:11 a.m.•7 views

Vulnerability fixed in Cisco Webex App

Cisco has fixed a vulnerability in the Cisco Webex App. The vulnerability is in the way the Cisco Webex App handles its custom URL parser. Unauthenticated remote malicious actors can exploit this vulnerability to trick users into downloading arbitrary files, which can lead to unauthorized command...

8.8CVSS7AI score0.00908EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/16 3:10 p.m.•7 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...

9.8CVSS7.6AI score0.05582EPSS
Exploits2References1
NCSC
NCSC
•added 2025/04/09 8:14 a.m.•7 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Stack-based Buffer Overflow, Integer Underflow, NULL Pointer Dereference and an out-of-bounds read. These vulnerabilities can lead to...

7.8CVSS6.9AI score0.00268EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/09 8:12 a.m.•7 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Animate versions 24.0.7, 23.0.10 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, a Use After Free and two out-of-bounds read vulnerabilities. These vulnerabilities can lead to arbitrary code execution in the context of the user and...

7.8CVSS7.9AI score0.00367EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/08 6:57 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

8.8CVSS9.2AI score0.1806EPSS
Exploits7
NCSC
NCSC
•added 2025/04/08 6:53 p.m.•7 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...

7.8CVSS7.1AI score0.01153EPSS
Exploits0
NCSC
NCSC
•added 2025/04/08 6:52 p.m.•7 views

Vulnerability fixed in Microsoft System Center

Microsoft has fixed a vulnerability in System Center. The vulnerability allows a malicious person through an untrusted path within System Center, to elevate local permissions. For successful exploitation, the malicious party must have access to the device to reach the System Center Windows...

7.8CVSS6.2AI score0.00751EPSS
Exploits0
NCSC
NCSC
•added 2025/03/26 12:45 p.m.•7 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability by convincing a victim to open a rogue link. In this way, the sandbox security of the Chrome browser can be bypassed. Combined with a currently unknown vulnerability, this could lead to the execution of...

8.3CVSS8.5AI score0.08404EPSS
Exploits6References1
NCSC
NCSC
•added 2025/03/25 8:38 a.m.•7 views

Vulnerability fixed in Next.js

Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...

9.1CVSS8.7AI score0.99621EPSS
Exploits58References1
NCSC
NCSC
•added 2025/03/20 1:13 p.m.•7 views

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX Specifically for versions 7.2 and 7.3. The vulnerabilities are in the NIM master service and the nimsh service's SSL/TLS protection mechanisms in IBM AIX versions 7.2 and 7.3. These vulnerabilities can be exploited by remote malicious actors to execute...

10CVSS7.6AI score0.01058EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/19 3:3 p.m.•7 views

Vulnerability fixed in Synology DiskStation Manager

Synology has fixed a vulnerability in Synology DiskStation Manager DSM. The vulnerability is located in the LDAP functionality of Synology DiskStation Manager. This vulnerability can be exploited by man-in-the-middle attackers, allowing unauthorized interception of administrator authentication...

7.5CVSS6.8AI score0.00237EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/07 1:51 p.m.•7 views

Vulnerability fixed in Elastic Kibana

Elastic has fixed a vulnerability in Kibana. The vulnerability with reference CVE-2025-25015 allows an authenticated remote malicious person to execute arbitrary code via a specially prepared file upload and specially prepared HTTP requests. The exploitability of this vulnerability depends on the...

9.9CVSS7.7AI score0.01218EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/04 2:14 p.m.•7 views

Vulnerabilities fixed in IBM Storage products

IBM has fixed vulnerabilities in IBM FlashSystem, SAN Volume Controller, Storwize and Storage Virtualize. The vulnerabilities are in the RPCAdapter service of specific versions of IBM FlashSystem. Attackers can bypass RPCAdapter authentication through specially crafted HTTP requests, which can le...

9.8CVSS7.5AI score0.00796EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/03 2:11 p.m.•7 views

Vulnerability fixed in Zohocorp ManageEngine ADSelfService Plus

Zohocorp has fixed a vulnerability in ManageEngine ADSelfService Plus Specifically for versions 6510 and earlier. The vulnerability is in the way sessions are managed in ManageEngine ADSelfService Plus. This issue allows valid account holders to abuse the system, which can lead to possible accoun...

8.1CVSS6.9AI score0.01426EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/25 7:42 a.m.•7 views

Vulnerability fixed in MITRE Caldera

MITRE has fixed a vulnerability in Caldera Specifically for versions 4.2.0 and 5.0.0. The vulnerability is in how the Caldera server processes Web requests. Malicious attackers can send specially crafted Web requests to the Caldera server API, allowing them to execute arbitrary code on the server...

10CVSS7.8AI score0.23813EPSS
Exploits2References1
NCSC
NCSC
•added 2025/02/18 8:9 a.m.•7 views

Vulnerabilities fixed in SonicWall SonicOS

Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...

9.8CVSS8.1AI score0.95132EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 9:29 a.m.•7 views

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...

8.1CVSS7.9AI score0.00938EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/11 7:16 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS. - Obtaining elevated privileges - Circumvention of security measure - Spoofing - Execution of...

8.8CVSS8.7AI score0.21638EPSS
Exploits2
NCSC
NCSC
•added 2025/02/07 7:50 a.m.•7 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Cisco Identity Services Engine ISE. The vulnerabilities are in the API of Cisco ISE, which allows an authenticated remote malicious person to execute arbitrary commands as the root user through insecure deserialization of Java byte streams. All of these...

9.9CVSS7.8AI score0.17218EPSS
Exploits5References2
NCSC
NCSC
•added 2025/02/07 7:41 a.m.•7 views

Vulnerabilities fixed in Cisco AsyncOS Software

Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...

7.2CVSS8.2AI score0.00846EPSS
Exploits0References4
NCSC
NCSC
•added 2025/01/28 11:31 a.m.•7 views

Vulnerabilities fixed in Apple iPadOS and iOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include problems with memory management, input validation, and Web content processing that could lead to unauthorized access, execution of arbitrary code, and denial-of-service attacks. Apple indicates that CVE-2025-24085, whi...

9.8CVSS8.6AI score0.18668EPSS
Exploits7References2
NCSC
NCSC
•added 2025/01/23 1:53 p.m.•7 views

Vulnerability fixed in Cisco BroadWorks

Cisco has fixed a vulnerability in Cisco BroadWorks. The vulnerability is in how the Cisco BroadWorks SIP processing system handles specific SIP requests. Unauthenticated remote attackers can exploit this vulnerability to perform a denial-of-service DoS attack, which can lead to memory exhaustion...

7.5CVSS6.9AI score0.00828EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/22 1:31 p.m.•7 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed several vulnerabilities in Oracle PeopleSoft, specifically in versions 8.60, 8.61 and 9.2. The vulnerabilities in Oracle PeopleSoft allow authenticated malicious parties to gain unauthorized access to specific data via HTTP network access, which can lead to unauthorized data...

10CVSS7.1AI score0.9378EPSS
Exploits13References1
NCSC
NCSC
•added 2025/01/16 11:46 a.m.•7 views

Vulnerabilities fixed in Schneider Electric Modicon

Schneider Electric has fixed vulnerabilities in Modicon M340, M580 and various communication modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service or gain access to system data and possibly affect the operation of the controllers. For successful abuse, the...

8.8CVSS7.3AI score0.00605EPSS
Exploits0References2
NCSC
NCSC
•added 2025/01/10 12:14 p.m.•7 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunS Specifically JunOS and JunOS Evolved. The vulnerabilities are in the way Juniper's JunOS and JunOS Evolved handle BGP packets and IPv6 packets. The first vulnerability can be exploited by unauthenticated attackers sending distorted BGP packets, which can...

8.7CVSS7.2AI score0.00702EPSS
Exploits0References2
NCSC
NCSC
•added 2024/12/22 6:38 p.m.•7 views

Vulnerability fixed in Apache Struts

Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...

9.8CVSS9.9AI score0.78198EPSS
Exploits15References2
NCSC
NCSC
•added 2024/12/13 9:58 a.m.•7 views

Vulnerability fixed in Schneider Electric Modicon

Schneider Electric has fixed a vulnerability in devices that use the Modbus protocol. The vulnerability is in how devices using the Modbus protocol validate input. When an unauthenticated and customized Modbus packet is sent to the device, it can result in a denial-of-service, compromising both t...

9.8CVSS7AI score0.00641EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/12 10:31 a.m.•7 views

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The vulnerabilities include a use-after-free vulnerability that could lead to unexpected application termination or arbitrary code execution, and logic issues that allowed applications to modify protected...

9.8CVSS8AI score0.14492EPSS
Exploits3References3
NCSC
NCSC
•added 2024/12/11 8:12 a.m.•7 views

Vulnerability fixed in Adobe Premiere Pro

Adobe has fixed a vulnerability in Premiere Pro Specifically for versions 25.0, 24.6.3 and earlier. The vulnerability is in the way Premiere Pro handles files, leading to a heap-based buffer overflow. This can allow a malicious party to execute arbitrary code when a user opens a maliciously craft...

7.8CVSS7.9AI score0.00498EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/20 9:4 a.m.•7 views

Vulnerability fixed in Trend Micro Deep Security

Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...

8.8CVSS7.3AI score0.04032EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/19 9:56 a.m.•7 views

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...

9.8CVSS8.1AI score0.54143EPSS
Exploits0References3
NCSC
NCSC
•added 2024/11/18 11:14 a.m.•7 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign desktop applications Specifically for versions ID18.5.3, ID19.5 and earlier. The vulnerabilities are in the way the InDesign desktop applications handle specially crafted files. This can lead to a heap-based buffer overflow, which allows an attacker to...

7.8CVSS7.7AI score0.00461EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/13 3:10 p.m.•7 views

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Cirtix has fixed a number of vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Increased user privileges Citrix has released updates to...

8.4CVSS7.1AI score0.00562EPSS
Exploits0References1
NCSC
NCSC
•added 2024/10/17 6:9 a.m.•7 views

Vulnerabilities fixed in Solarwinds Platform

Solarwinds has fixed vulnerabilities in Solarwinds Platform. An authenticated malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack or locally increase permissions. Solarwinds has released updates to fix the vulnerabilities in Solarwinds Platform 2024.4. See...

7.8CVSS6.3AI score0.00329EPSS
Exploits0References2
NCSC
NCSC
•added 2024/10/17 6:8 a.m.•7 views

Vulnerability fixed in Solarwinds Web Helpdesk

Solarwinds has fixed a vulnerability in Web Helpdesk. An unauthenticated malicious person could exploit the vulnerability to execute deserialization code on the system without authentication using Java. Solarwinds developers have released a hotfix to fix the vulnerability. See attached references...

9.8CVSS7.5AI score0.36619EPSS
Exploits0References1
NCSC
NCSC
•added 2024/10/11 9:18 a.m.•7 views

Fixed vulnerabilities in several Veeam products.

Veeam has fixed vulnerabilities in several products, including Backup & Replication, ONE, Service Provider Console and Agent. UPDATE: POC code is now available online and CVE-2024-40711 has recently been actively abused to roll out ransomware. A malicious party can exploit the vulnerabilities to...

9.9CVSS8AI score0.88193EPSS
Exploits3References3
NCSC
NCSC
•added 2024/10/08 7:58 p.m.•7 views

Vulnerabilities fixed in Microsoft SQL Server Power BI Report Server

Microsoft fixed vulnerabilities in SQL Server Power BI Report Server A malicious party could exploit the vulnerabilities to impersonate another user and execute arbitrary code under their context, possibly with administrator privileges. Successful exploitation requires the malicious party to have...

8.8CVSS8.3AI score0.01855EPSS
Exploits0
NCSC
NCSC
•added 2024/10/04 9:52 a.m.•7 views

Vulnerabilities fixed in Draytek Vigor routers

Draytek has fixed vulnerabilities in several types of Vigor series routers. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack, potentially gaining access to sensitive data or executing arbitrary code in the context of the...

9.8CVSS7.6AI score0.01407EPSS
Exploits1References2
NCSC
NCSC
•added 2024/09/26 8:52 a.m.•7 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS - Denial-of-Service DoS. - Manipulation of data - Circumvention of security measure - Access to...

9.1CVSS7.4AI score0.07939EPSS
Exploits2References2
NCSC
NCSC
•added 2024/09/19 11:37 a.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP, Business Warehouse, NetWeaver, HANA, Business Objects and Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Bypassing...

6.5CVSS7.1AI score0.06049EPSS
Exploits2References1
NCSC
NCSC
•added 2024/09/10 6:21 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. The most serious vulnerability h...

9.8CVSS7.5AI score0.51883EPSS
Exploits3References1
NCSC
NCSC
•added 2024/09/10 12:34 p.m.•7 views

Vulnerability fixed in Sonicwall SonicOS

Sonicwall has fixed a vulnerability in SonicOS for Gen5, Gen6 and Gen7 firewalls. The vulnerability is located in the management interface and SSLVPN and allows a malicious party to cause a Denial-of-Service and potentially access and modify system data. The NCSC is receiving signals from trusted...

9.8CVSS7.2AI score0.15593EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/10 10:56 a.m.•7 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary OS commands. For successful abuse, the malicious party must already have prior authentication. QNAP has...

8.8CVSS7.6AI score0.01073EPSS
Exploits0References3
Total number of security vulnerabilities4190