Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
added 2025/06/22 8:19 a.m.6 views

Vulnerabilities fixed in IBM InfoSphere Information Server

IBM has fixed vulnerabilities in IBM InfoSphere Information Server Versions 11.7.0.0 to 11.7.1.6. The first vulnerability involves a Denial-of-Service vulnerability that stems from insufficient validation of incoming request sources. This can be exploited to disrupt service availability. The seco...

8.7CVSS6.5AI score0.00376EPSS
Exploits0References2
NCSC
NCSC
added 2025/06/18 10:17 a.m.6 views

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

9.9CVSS7.4AI score0.50825EPSS
Exploits1References3
NCSC
NCSC
added 2025/06/10 10:15 a.m.6 views

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in various SAP products such as HANA, Business Objects and Netweaver. The vulnerabilities include a lack of authorization controls, allowing attackers to execute functions without restrictions. This can lead to unauthorized actions within the application, which can...

9.6CVSS6.5AI score0.00594EPSS
Exploits0References1
NCSC
NCSC
added 2025/06/10 7:19 a.m.6 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in the Android operating system. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities are in how the GPU Kernel Drivers handle system calls from non-privileged users. This can lead to unauthorized access to memory,...

8.7CVSS7AI score0.00264EPSS
Exploits1References2
NCSC
NCSC
added 2025/06/05 2:19 p.m.6 views

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...

9.9CVSS7.9AI score0.89462EPSS
Exploits29References1
NCSC
NCSC
added 2025/05/23 8:38 a.m.6 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in both the Community and Enterprise Editions of GitLab. The vulnerabilities include falsely displaying full e-mail addresses to unauthorized users, insufficient input validation that can lead to Denial-of-Service, and the ability for attackers to expose masked CI...

7.5CVSS8.9AI score0.00484EPSS
Exploits1References1
NCSC
NCSC
added 2025/05/22 8:14 a.m.6 views

Vulnerabilities fixed in Cisco Unified Intelligence Center

Cisco has fixed vulnerabilities in Cisco Unified Intelligence Center. The vulnerabilities are in how Cisco Unified Intelligence Center's API validates user parameters. This can lead to privilege escalation, where authenticated attackers can gain unauthorized access to other users' sensitive data...

7.1CVSS6.6AI score0.00357EPSS
Exploits0References1
NCSC
NCSC
added 2025/05/22 8:14 a.m.6 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine ISE. The vulnerability is in the way Cisco ISE handles RADIUS messages. Unauthenticated remote attackers can exploit this vulnerability, which can lead to a denial-of-service DoS situation on affected devices, compromising their...

8.6CVSS8.5AI score0.00667EPSS
Exploits0References1
NCSC
NCSC
added 2025/05/14 8:41 a.m.6 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager and FortiWeb. The vulnerabilities include an OS Command Injection that allows local attackers to execute unauthorized code by manipulating CLI command...

9.8CVSS8.1AI score0.99506EPSS
Exploits77References9
NCSC
NCSC
added 2025/05/14 8:24 a.m.6 views

Vulnerabilities fixed in Adobe Photoshop

Adobe has fixed vulnerabilities in Adobe Photoshop Versions 26.5, 25.12.2 and earlier. The vulnerabilities are in how Adobe Photoshop handles specially crafted files. When a user opens a malicious file, it can lead to the execution of unauthorized code execution on the system. Adobe has released...

7.8CVSS7.4AI score0.00233EPSS
Exploits0References1
NCSC
NCSC
added 2025/05/13 7:17 p.m.6 views

Vulnerabilities fixed in Microsoft Edge

Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious person could exploit the vulnerabilities to impersonate the victim and gain access to sensitive data or execute arbitrary code in the victim's context. This update also incorporates the Chrome/Chromium vulnerabilities marked...

9.8CVSS8.4AI score0.00662EPSS
Exploits0
NCSC
NCSC
added 2025/05/13 6:58 p.m.6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to trick the victim into openi...

8.4CVSS9.8AI score0.03467EPSS
Exploits0
NCSC
NCSC
added 2025/05/13 6:44 p.m.6 views

Vulnerabilities fixed in Microsoft Dynamics Dataverse

Microsoft has fixed vulnerabilities in Dynamics Dataverse. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. For the vulnerability with reference CVE-2025-47732, Microsoft has released updates in th...

9.8CVSS8.8AI score0.02919EPSS
Exploits0References3
NCSC
NCSC
added 2025/05/06 7:12 a.m.6 views

Vulnerabilities fixed in Keycloak

Red Hat has fixed vulnerabilities in Keycloak. The vulnerabilities include an issue where JWT tokens with long expiration times can cause infinite growth in the cache, resulting in an OutOfMemoryError and a Denial-of-Service for legitimate users. In addition, verification of trust store...

8.2CVSS5.9AI score0.00654EPSS
Exploits0References4
NCSC
NCSC
added 2025/04/18 5:33 a.m.6 views

Vulnerability fixed in Erlang/OTP SSH server

Erlang/OTP developers have fixed a vulnerability in Erlang OTP. The vulnerability is located in the SSH functionality of affected versions of Erlang/OTP. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code in context of the SSH deamon by sending prepared...

10CVSS8.6AI score0.97673EPSS
Exploits36References1
NCSC
NCSC
added 2025/04/16 3:1 p.m.6 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed multiple vulnerabilities in several products, including the Utilities Application Framework, WebLogic Server, and Fusion Middleware. The vulnerabilities allow unauthenticated malicious actors to gain access to critical data, cause denial-of-service DoS, and in some cases even gai...

10CVSS7.8AI score0.41611EPSS
Exploits16References1
NCSC
NCSC
added 2025/04/16 2:59 p.m.6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Oracle Enterprise Manager The vulnerabilities allow unauthenticated attackers to compromise systems via HTTP or SSH, which can lead to denial-of-service DoS or confidential information disclosure. Specifically in Apache MINA's ObjectSerializationDecoder, there is a...

10CVSS7.7AI score0.23932EPSS
Exploits2References1
NCSC
NCSC
added 2025/04/09 8:9 a.m.6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Specifically for versions 25.12.1, 26.4.1 and earlier. The vulnerability is in the way Photoshop Desktop handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by the user, can lead to...

7.8CVSS7.5AI score0.00367EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/08 6:54 p.m.6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it...

7.5CVSS7.5AI score0.01383EPSS
Exploits0
NCSC
NCSC
added 2025/03/27 2:49 p.m.6 views

Vulnerabilities fixed in GitLab EE/CE

GitLab has fixed vulnerabilities in GitLab EE/CE Specifically for versions from 13.5.0 to 17.10.1. The vulnerabilities include an input validation error that allows users to inject malicious code into CLI commands, a cross-site scripting vulnerability that allows malicious actors to execute...

8.8CVSS6.9AI score0.00352EPSS
Exploits4References1
NCSC
NCSC
added 2025/03/25 8:41 a.m.6 views

Vulnerability fixed in NetApp SnapCenter

NetApp has fixed a vulnerability in SnapCenter Specifically for versions earlier than 6.0.1P1 and 6.1P1. The vulnerability is in the way SnapCenter handles authenticated users. This allows authenticated users to gain administrative access on remote systems equipped with the SnapCenter plug-in. Th...

9.9CVSS7AI score0.00645EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/20 1:17 p.m.6 views

Vulnerability fixed in IBM InfoSphere Information Server

IBM has fixed a vulnerability in IBM InfoSphere Information Server 11.7. The vulnerability is in the way permissions are managed within IBM InfoSphere Information Server. Local users can execute privileged commands due to this flaw, which can lead to unauthorized actions within the system. This c...

8.5CVSS6.7AI score0.00131EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/19 3:2 p.m.6 views

Vulnerability fixed in Synology Replication Service and Synology Unified Controller

Synology has fixed a vulnerability in Synology Replication Service and Synology Unified Controller. The vulnerability is located in an off-by-one flaw in the Synology Replication Service and Synology Unified Controller, which allows remote attackers to execute arbitrary code. This can lead to...

10CVSS7.5AI score0.01337EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/12 10:56 a.m.6 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Adobe Acrobat Reader. The vulnerabilities allow an attacker to execute arbitrary code on affected systems.The vulnerabilities include an out-of-bounds read and a Use After Free, both of which require the user to interact by opening a malicious file. This can lea...

7.8CVSS7.8AI score0.00437EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/12 10:51 a.m.6 views

Vulnerabilities fixed in Fortinet FortiSandbox

Fortinet has fixed vulnerabilities in FortiSandbox. The vulnerability with reference CVE-2024-45328 includes improper authorization that allows low-privileged administrators to execute elevated CLI commands through the GUI console. In addition, there is an SQL injection vulnerability with attribu...

8.8CVSS8.1AI score0.09242EPSS
Exploits0References5
NCSC
NCSC
added 2025/02/21 12:32 p.m.6 views

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Specific to version 2024R1.2.2. The vulnerability is in the way Nagios XI handles user information, allowing unauthenticated users to access usernames and e-mail addresses of all current users. This can lead to unauthorized access and exploitation of...

6.5CVSS9.6AI score0.01523EPSS
Exploits0References2
NCSC
NCSC
added 2025/02/18 2:25 p.m.6 views

Vulnerability fixed in Juniper Session Smart Router

Juniper has fixed a vulnerability in the Session Smart Router. The vulnerability allows a malicious person to access and thus take over the vulnerable system without prior authentication. Juniper has released updates to fix the vulnerability. See attached references for more information...

8.6AI score0.01434EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/13 9:48 a.m.6 views

Vulnerability fixed in Veeam

Veeam has fixed a vulnerability in the Veeam Updater component. The vulnerability is in how the Veeam Updater component validates TLS certificates. Insufficient validation can allow Man-in-the-Middle attackers to execute arbitrary code on affected servers. This can lead to unauthorized access and...

9CVSS7.6AI score0.00626EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/13 9:7 a.m.6 views

Vulnerabilities fixed in Schneider Electric ASCO

Schneider Electric fixed vulnerabilities in ASCO Annunciator The vulnerabilities include a critical vulnerability that allows malicious firmware to be downloaded without integrity checks, which can lead to device inoperability. In addition, a vulnerability stems from allocating resources without...

8.7CVSS6.7AI score0.00439EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/13 8:22 a.m.6 views

Vulnerability fixed in CrowdStrike Falcon sensor

CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...

8.1CVSS6.7AI score0.00269EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/11 9:54 a.m.6 views

Vulnerability fixed in Apple iOS and iPadOS

Apple has fixed a vulnerability in iOS and iPadOS. A malicious person with physical access to the vulnerable device can exploit the vulnerability to bypass USB restrictions, even when the system is locked. This allows the malicious party to install arbitrary software on the device. Successful abu...

6.1CVSS8AI score0.04906EPSS
Exploits0References2
NCSC
NCSC
added 2025/01/29 10:35 a.m.6 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Site. The vulnerabilities are related to improper permissions settings on the remote debugger port, allowing unauthenticated users to access system configurations. This can lead to unauthorized changes. In addition, there is a loca...

7CVSS7.8AI score0.00247EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/29 10:32 a.m.6 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the vulnerable system elevated privileges. For successful exploitation, the malicious party must ha...

9.3CVSS8AI score0.00715EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/28 10:43 a.m.6 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...

8.1CVSS9.1AI score0.00539EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/22 1:31 p.m.6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

10CVSS7.4AI score0.54862EPSS
Exploits10References1
NCSC
NCSC
added 2025/01/15 11:47 a.m.6 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 134 and 128.6. The vulnerabilities include client-side path traversal, privilege escalation and use-after-free conditions. These vulnerabilities can be exploited by malicious parties to gain unauthorized...

9.8CVSS10AI score0.1307EPSS
Exploits0References6
NCSC
NCSC
added 2025/01/14 7:20 p.m.6 views

Vulnerability fixed in Microsoft Dynamics Power Automate

Microsoft has fixed a vulnerability in Power Automate for Desktops. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...

7.8CVSS7.2AI score0.00732EPSS
Exploits0
NCSC
NCSC
added 2025/01/14 7:18 p.m.6 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious person with prior authentication could exploit the vulnerabilities to gain access to sensitive data in the victim's context. Successful misuse requires the victim to log in, where the malicious person manages to win a race...

8.8CVSS6.6AI score0.0145EPSS
Exploits0
NCSC
NCSC
added 2025/01/08 11:0 a.m.6 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...

9.1CVSS8.1AI score0.01847EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/06 7:30 a.m.6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...

9.8CVSS9.7AI score0.83642EPSS
Exploits12
NCSC
NCSC
added 2024/12/27 1:26 p.m.6 views

Vulnerability fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...

8.7CVSS8.9AI score0.26636EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/19 2:54 p.m.6 views

Vulnerabilities fixed in Rockwell Automation Power Monitor 1000

Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...

9.3CVSS7.8AI score0.00862EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/19 2:53 p.m.6 views

Vulnerability fixed in Fortinet FortiWLM

Fortinet has fixed a vulnerability in FortiWLM Specifically for versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4. The vulnerability is located in FortiWLM's relative path-traversal functionality, which allows remote, unauthenticated attackers to execute unauthorized code via specially crafted Web...

9.8CVSS7.3AI score0.24901EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/13 10:3 a.m.6 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...

8.7CVSS7.2AI score0.0075EPSS
Exploits8References1
NCSC
NCSC
added 2024/12/11 8:34 a.m.6 views

Vulnerability fixed in Adobe After Effects

Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...

7.8CVSS7.5AI score0.00459EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/11 8:20 a.m.6 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...

7.8CVSS8.1AI score0.00391EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/02 10:55 a.m.6 views

Vulnerabilities fixed in IBM Security Verify Access Appliance

IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...

9.8CVSS7.7AI score0.0077EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/25 9:4 a.m.6 views

Vulnerabilities discovered in Veritas Enterprise Vault

Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...

9.8CVSS7.5AI score0.00907EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/19 9:41 a.m.6 views

Vulnerability fixed in Oracle Agile PLM Framework

Oracle has fixed a vulnerability in version 9.3.6 of the Agile PLM Framework. The vulnerability allows unauthenticated attackers with network access to gain access to sensitive data. Oracle has released an out-of-band update to fix the vulnerability. See attached references for more information...

7.5CVSS9.3AI score0.01496EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/15 12:29 p.m.6 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

8.8CVSS6.7AI score0.00543EPSS
Exploits0References1
Total number of security vulnerabilities4190