Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2020/08/24 12:0 a.m.•6 views

Vulnerability fixed in Apache SOLR

SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...

8.8CVSS7AI score0.03805EPSS
Exploits0
NCSC
NCSC
•added 2020/08/11 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft browsers

Microsoft has fixed several vulnerabilities in Internet Explorer and Edge. All of the vulnerabilities allow a malicious person to able to execute arbitrary code in the context of the user when he manages to trick the user into opening a malicious Web site or document to open. Below is an overview...

9.3CVSS6.8AI score0.24188EPSS
Exploits0
NCSC
NCSC
•added 2020/08/11 12:0 a.m.•6 views

Vulnerability fixed in TeamViewer

A vulnerability has been fixed in TeamViewer. The vulnerability allows an unauthenticated remote malicious party to opportunity to cause TeamViewer to send out an NTLM request. The malicious party to do this must induce the victim to visit a rogue website. The NTLM request can be captured by the...

8.8CVSS6.9AI score0.25895EPSS
Exploits2
NCSC
NCSC
•added 2020/07/16 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data -= Apple =- Apple has made...

10CVSS7.4AI score0.08036EPSS
Exploits3
NCSC
NCSC
•added 2020/07/16 12:0 a.m.•6 views

Vulnerabilities fixed in Jenkins

Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...

8.8CVSS6.5AI score0.01433EPSS
Exploits0
NCSC
NCSC
•added 2020/07/07 12:0 a.m.•6 views

Vulnerabilities fixed in MobileIron

MobileIron has fixed multiple vulnerabilities in MobileIron Core and Sentry. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Bypassing authentication Remote code execution Accessing sensitive data MobileIron has made little...

9.8CVSS7AI score0.99737EPSS
Exploits4
NCSC
NCSC
•added 2020/06/18 12:0 a.m.•6 views

Vulnerability fixed in Pulse Secure Client for Windows

A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...

7CVSS6.5AI score0.00793EPSS
Exploits3
NCSC
NCSC
•added 2020/06/17 12:0 a.m.•6 views

Vulnerabilities fixed in libexif

Several vulnerabilities have been fixed in libexif. A local malicious party could potentially exploit the vulnerabilities to gain access to sensitive information or obtain of elevated privileges on the vulnerable system. In addition, a remote malicious party could potentially exploit the...

9.1CVSS6.8AI score0.04262EPSS
Exploits0
NCSC
NCSC
•added 2020/05/09 12:0 a.m.•6 views

Vulnerabilities fixed in VMware vRealize Operations Manager

There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...

9.8CVSS9.9AI score0.96405EPSS
Exploits25
NCSC
NCSC
•added 2020/03/11 12:0 a.m.•6 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious party to perform Cross-Site Scripting and cause a Denial-of-Service. To exploit the vulnerabilities, the malicious party must have access to the production network. It is good practice the production networ...

7.8CVSS6.7AI score0.01448EPSS
Exploits1
NCSC
NCSC
•added 2019/11/14 12:0 a.m.•6 views

Vulnerability discovered in F5 BIG-IP and BIG-IQ

F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...

9.1CVSS7.2AI score0.05006EPSS
Exploits2
NCSC
NCSC
•added 2019/11/13 12:0 a.m.•6 views

Vulnerability fixed in TNEF

A new patch of TNEF has been released, in which a vulnerability has been fixed. The vulnerability allows a malicious person able to execute arbitrary code under the privileges of the user. TNEF has made available a patch that fixes the vulnerability. fix. More information can be found on the...

5.5CVSS7.5AI score0.01203EPSS
Exploits1
NCSC
NCSC
•added 2019/06/11 12:0 a.m.•6 views

Vulnerability fixed in glib

A vulnerability has been fixed for Glib in Ubuntu. The vulnerabilities allow a malicious person to perform attacks that lead to the following categoriesn of damage: - Denial-of-Service DoS; - Manipulation of data; - Circumvention of security measure; - Access to sensitive data; - Access to system...

9.8CVSS6.5AI score0.02602EPSS
Exploits0
NCSC
NCSC
•added 2026/06/30 11:47 a.m.•5 views

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in macOS Tahoe. These vulnerabilities included out-of-bounds access, use-after-free errors, memory handling issues, type confusion, double-free operations, stack overflows, insufficient input validation, and race conditions. These vulnerabilities could...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NCSC
NCSC
•added 2026/06/16 1:30 p.m.•5 views

Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager

Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...

6.5CVSS6AI score0.07683EPSS
Exploits2References1
NCSC
NCSC
•added 2026/04/22 12:56 p.m.•5 views

vulnerabilities present in Oracle E-Business Suite

Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...

9.8CVSS6.7AI score0.01916EPSS
Exploits4References1
NCSC
NCSC
•added 2026/03/26 9:50 a.m.•5 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References11
NCSC
NCSC
•added 2026/03/23 1:43 p.m.•5 views

Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway

Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...

9.8CVSS5.8AI score0.83996EPSS
Exploits7References1
NCSC
NCSC
•added 2026/03/12 7:24 a.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Quotation Management Insurance and SAP NetWeaver. Some of the fixed vulnerabilities are in third-party products - such as Oracle - that are incorporated into SAP products. The vulnerabilities include a code injection flaw, missing...

9.8CVSS5.9AI score0.6906EPSS
Exploits3References1
NCSC
NCSC
•added 2025/12/24 9:14 a.m.•5 views

Vulnerabilities fixed in Foxit PDF Reader

Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...

8.8CVSS7.8AI score0.00255EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/27 1:35 p.m.•5 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...

7.7CVSS7AI score0.00443EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/12 12:17 p.m.•5 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...

7.8CVSS7.6AI score0.0029EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/11 6:33 p.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...

8.7CVSS5.5AI score0.00865EPSS
Exploits0
NCSC
NCSC
•added 2025/10/31 9:31 a.m.•5 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...

9.8CVSS7.7AI score0.00308EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/20 12:59 p.m.•5 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 144. The vulnerabilities include several problems, including a use-after-free issue, memory security flaws and the ability for a malicious person to access sensitive data or execute arbitrary code. These...

9.8CVSS7.5AI score0.00465EPSS
Exploits0References5
NCSC
NCSC
•added 2025/10/14 6:27 p.m.•5 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...

8.4CVSS7.3AI score0.00622EPSS
Exploits0
NCSC
NCSC
•added 2025/08/29 8:37 a.m.•5 views

Vulnerability fixed in FreePBX

FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...

10CVSS7.9AI score0.93286EPSS
Exploits20References2
NCSC
NCSC
•added 2025/08/27 1:10 p.m.•5 views

Vulnerabilities fixed in IBM Cognos Command Center

IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...

9.3CVSS7.1AI score0.00336EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/14 7:0 a.m.•5 views

Vulnerabilities fixed in Xerox FreeFlow Core

Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...

9.8CVSS7.9AI score0.14723EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:0 a.m.•5 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00227EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/06 7:55 a.m.•5 views

Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...

8.7CVSS7.5AI score0.00261EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/11 9:58 a.m.•5 views

Vulnerabilities fixed in Zoom Clients

Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...

9.1CVSS6.8AI score0.00569EPSS
Exploits0References6
NCSC
NCSC
•added 2025/07/11 9:57 a.m.•5 views

Vulnerability fixed in Juniper SRX300 Series

Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...

8.7CVSS6.8AI score0.00457EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/08 6:24 p.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...

7.5CVSS7.1AI score0.00839EPSS
Exploits0
NCSC
NCSC
•added 2025/07/03 7:43 a.m.•5 views

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

10CVSS7.8AI score0.01061EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/20 11:4 a.m.•5 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...

9.1CVSS7AI score0.0047EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/05 10:25 a.m.•5 views

Vulnerability fixed in Cisco Identity Services Engine for cloud platforms

Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...

9.9CVSS7AI score0.01046EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/27 11:42 a.m.•5 views

Vulnerability fixed in Siemens SiPass Integrated

Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...

8.7CVSS6.9AI score0.00577EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/22 8:13 a.m.•5 views

Vulnerabilities fixed in Cisco Webex

Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...

6.1CVSS6.5AI score0.00257EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/21 9:12 a.m.•5 views

Vulnerabilities fixed in VMware Cloud Foundation

Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...

8.2CVSS8.7AI score0.00642EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/12 1:22 p.m.•5 views

Vulnerabilities fixed in ASUS DriverHub

ASUS fixed vulnerabilities in ASUS DriverHub The vulnerabilities are in the way ASUS DriverHub processes HTTP requests. DriverHub is a tool from ASUS which runs in the background and ensures that system drivers are kept up to date. Untrusted sources can use specially crafted HTTP requests to...

9.4CVSS9.7AI score0.00815EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/06 8:1 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 138 and 128.10. The vulnerabilities include privilege escalation through code injection, insecure processing of WebGL shader attributes, improper isolation of processes, and local code execution through...

9.1CVSS7.9AI score0.00538EPSS
Exploits0References10
NCSC
NCSC
•added 2025/04/25 9:35 a.m.•5 views

Vulnerability fixed in SonicWall SonicOS

SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSLVPN Virtual Office interface functions. An unauthenticated malicious person could exploit this vulnerability, which could result in a firewall crash. This could result in a Denial-of-Service DoS situation,...

8.7CVSS8.1AI score0.00786EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/09 8:5 a.m.•5 views

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in Adobe After Effects Specifically for versions 25.1, 24.6.4, and earlier. The vulnerabilities include vulnerabilities for arbitrary code execution, out-of-bounds read, and a NULL Pointer Dereference. Attackers can exploit these vulnerabilities by opening a...

7.8CVSS8AI score0.00286EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/08 6:50 p.m.•5 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. The vulnerability with reference CVE-2025-29794 in Microsoft SharePoint allows a...

8.8CVSS7.1AI score0.16014EPSS
Exploits4
NCSC
NCSC
•added 2025/04/03 2:19 p.m.•5 views

Vulnerability fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways

Ivanti has fixed a vulnerability in Connect Secure, Policy Secure and ZTA Gateways. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system without prior authentication. Ivanti reports having information that the vulnerability has been exploited on...

9.8CVSS7.5AI score0.99979EPSS
Exploits7References2
NCSC
NCSC
•added 2025/04/03 8:4 a.m.•5 views

Vulnerability fixed in Cisco Enterprise Chat and Email

Cisco has fixed a vulnerability in Cisco Enterprise Chat and Email ECE. The vulnerability is in how Cisco Enterprise Chat and Email ECE validates incorrect input in its chat functionality. This can lead to a denial-of-service DoS situation, which may require manual intervention to restore normal...

7.5CVSS6.9AI score0.00638EPSS
Exploits0References2
NCSC
NCSC
•added 2025/03/14 10:10 a.m.•5 views

Vulnerabilities fixed in Autodesk AutoCAD

Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities in AutoCAD are related to the processing of several file types, including CATPRODUCT, CATPART, MODEL, SLDPRT and 3DM. These vulnerabilities can lead to application crashes, exposure of sensitive information and execution of...

7.8CVSS7.1AI score0.00378EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/12 11:0 a.m.•5 views

Vulnerability fixed in Ivanti Secure Access Client

Ivanti has fixed a vulnerability in Ivanti Secure Access Client. The vulnerability is located in insufficiently restrictive access privileges of the Ivanti Secure Access Client, allowing local, authenticated attackers to escalate their privileges. This could lead to unauthorized access and contro...

8.5CVSS7AI score0.00287EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/19 9:11 a.m.•5 views

Vulnerability fixed in PostgreSQL

A vulnerability has been fixed in PostgreSQL. The vulnerability is located in the libpq functions of PostgreSQL and involves an SQL injection error. Improper processing of quotes and incorrectly formed UTF-8 sequences can lead to arbitrary code execution. This vulnerability is being actively...

9.2CVSS8.5AI score0.89472EPSS
Exploits10References1
Total number of security vulnerabilities4190