Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2019/10/23 12:0 a.m.•5 views

Vulnerabilities fixed in Python

SUSE has fixed vulnerabilities in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication -= SUSE =- SUSE has made updates available to fix the vulnerabilities ...

7.5CVSS6.3AI score0.05406EPSS
Exploits2
NCSC
NCSC
•added 2019/08/07 12:0 a.m.•5 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service Manipulation of data Circumvention of security measure Access to sensitive data Accessing system data -= Re...

9.1CVSS6.4AI score0.20743EPSS
Exploits4
NCSC
NCSC
•added 2019/04/16 12:0 a.m.•5 views

Vulnerability fixed in Libxslt

There is a vulnerability in libxslt. Libxslt is a C library for implementing XSLT 1.0. It is a widely used library for transforming files from XML to any other arbitrary format. A remote malicious person could potentially exploit the vulnerability to obtain sensitive information. The vulnerabilit...

9.8CVSS6.8AI score0.05089EPSS
Exploits0
NCSC
NCSC
•added 2019/01/24 12:0 a.m.•5 views

Vulnerabilities fixed in Apache HTTP Server

Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...

7.5CVSS7.8AI score0.59942EPSS
Exploits0
NCSC
NCSC
•added 2026/04/13 9:38 a.m.•4 views

Vulnerability fixed in Adobe Acrobat

Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...

8.6CVSS6.4AI score0.07086EPSS
Exploits4References2
NCSC
NCSC
•added 2026/03/12 6:55 a.m.•4 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator versions 29.8.4, 30.1 and earlier. The vulnerabilities are in how Adobe Illustrator processes specially crafted files. This includes an Untrusted Search Path vulnerability, an out-of-bounds write vulnerability, a stack-based buffer overflow...

8.6CVSS6.5AI score0.00178EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/15 9:8 a.m.•4 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS and iPadOS versions 18.7.3 and 26.2 The vulnerabilities include a use-after-free issue, a memory corruption, and a logging issue that allowed unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicious parties via specially...

9.8CVSS6.7AI score0.32EPSS
Exploits16References2
NCSC
NCSC
•added 2025/11/03 8:26 a.m.•4 views

Vulnerabilities fixed in Arista Networks products

Arista Networks has fixed vulnerabilities in DANZ. The vulnerabilities include several ways for authenticated users with limited privileges to gain access to sensitive systems and data. These include escaping the CLI sandbox, exploiting SSH port forwarding, and making operating system operations...

7.8CVSS7AI score0.00221EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/25 12:16 p.m.•4 views

Vulnerability fixed in Apple macOS, iOS and iPadOS

Apple has fixed a vulnerability in several Apple operating systems. The vulnerability is in how the systems handle processing malicious image files, which can lead to memory corruption. This problem has been addressed by improved memory limit controls. Apple says it has information that this...

8.8CVSS6.5AI score0.19972EPSS
Exploits9References5
NCSC
NCSC
•added 2025/08/13 7:29 a.m.•4 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities in Microsoft Exchange Server result from improper input validation and the improper handling of special elements, which allow unauthorized attackers to manipulate data and forge communications. This can lead to...

8CVSS6.4AI score0.07448EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/07 9:15 a.m.•4 views

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Microsoft Exchange Server hybrid deployments. The vulnerability allows a user with administrative privileges on an on-premises Microsoft Exchange server to elevate privileges to the cloud. Microsoft has released a Hot Fix to fix the vulnerability. See attach...

8CVSS6.8AI score0.07448EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/11 9:55 a.m.•4 views

Vulnerability fixed in Juniper Networks Security Director

Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...

9.6CVSS6.9AI score0.00373EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/08 12:3 p.m.•4 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities in Splunk Enterprise and Splunk Cloud Platform allow both low-privileged and high-privileged users to perform unauthorized actions, such as suppressing alerts, executing remote commands, and causi...

7.3CVSS7.2AI score0.0043EPSS
Exploits0References8
NCSC
NCSC
•added 2025/06/18 12:18 p.m.•5 views

Vulnerabilities fixed in Veeam Backup

Veeam has fixed vulnerabilities in Veeam Backup & Replication 12.3.2.3617 and Veeam Agent for Microsoft Windows 6.3.2.1205. The vulnerabilities can be exploited after access to compromise backup servers. The highest rated vulnerability, CVE-2025-23121, allows an attacker with domain user privileg...

9.9CVSS9.2AI score0.11609EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/10 6:44 p.m.•4 views

Vulnerabilities fixed in Google Chrome and Microsoft Edge

Google has fixed vulnerabilities in Google Chrome versions before 137.0.7151.68. The vulnerabilities are in Google Chrome's V8 engine and Blink. The first vulnerability involves out of bounds read and write problems that can lead to heap corruption. This can be exploited by a malicious party by...

8.8CVSS6.8AI score0.06463EPSS
Exploits3References3
NCSC
NCSC
•added 2025/05/06 6:55 a.m.•4 views

Vulnerability fixed in Commvault Command Center

Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...

10CVSS9.9AI score0.97157EPSS
Exploits5References3
NCSC
NCSC
•added 2025/04/30 8:45 a.m.•4 views

Vulnerabilities fixed in Apple AirPlay as used by macOS, iOS and iPadOS

Apple has fixed vulnerabilities in AirPlay, as used in various Apple products including macOS, iOS and iPadOS. The vulnerabilities are exploited to cause a denial-of-service, bypass authentication and execute arbitrary code. To do this, the malicious party needs to send malicious content to a...

9.8CVSS9.8AI score0.0133EPSS
Exploits2References8
NCSC
NCSC
•added 2025/04/08 6:56 p.m.•4 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Dynamics. A vulnerability marked CVE-2025-29821, from incorrect input validation in Dynamics Business Central, allowed a malicious party to gain access to sensitive data. If successfully exploited, the malicious party can recover passwords in unencrypted tex...

5.5CVSS6.5AI score0.00569EPSS
Exploits0
NCSC
NCSC
•added 2025/03/04 2:11 p.m.•4 views

Vulnerabilities fixed in VMware products

Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion. The vulnerabilities include a TOCTOU vulnerability that allows a malicious person with local administrative privileges to execute code as the VMX process on the host via an out-of-bounds write. In addition, there ...

9.3CVSS9.2AI score0.01676EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/21 12:54 p.m.•4 views

Vulnerability fixed in Exim

Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...

7.5CVSS9.5AI score0.75782EPSS
Exploits6References3
NCSC
NCSC
•added 2025/02/11 7:17 p.m.•4 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Network Watcher and the HPC Linux Node Agent. A malicious person could grant themselves elevated privileges by exploiting the vulnerability with attribute CVE-2025-21188 in the Network Watcher, or to execute arbitrary code by exploiting the vulnerabili...

9CVSS7.7AI score0.00872EPSS
Exploits0
NCSC
NCSC
•added 2025/02/07 7:33 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 135 and 128.7. The vulnerabilities include a double-free vulnerability, use-after-free conditions, and race conditions that can lead to memory damage, unauthorized access, and privacy risks. Malicious...

9.8CVSS9.5AI score0.01331EPSS
Exploits0References10
NCSC
NCSC
•added 2025/01/17 8:54 a.m.•4 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The first vulnerability CVE-2025-0282 can be exploited by malicious parties to execute arbitrary code remotely without authentication. The second vulnerability CVE-2025-0283 can be exploited by a locally authenticated malicious...

9CVSS9.8AI score0.99971EPSS
Exploits13References2
NCSC
NCSC
•added 2025/01/06 7:49 a.m.•4 views

Vulnerabilities fixed in Moxa's cellular routers and network security devices

Moxa has fixed vulnerabilities in Moxa's cellular routers and network security devices Specifically, CVE-2024-9138 and CVE-2024-9140. Vulnerability CVE-2024-9138 involves hard-coded credentials that allow authenticated users to escalate their privileges, ultimately leading to root access. This...

9.8CVSS8.3AI score0.01777EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:6 a.m.•4 views

Vulnerability fixed in Adobe Framemaker

Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...

7.8CVSS7.4AI score0.00484EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/10 7:35 p.m.•4 views

Vulnerabilities fixed in Drupal Core

Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...

9.8CVSS9.7AI score0.00956EPSS
Exploits0References6
NCSC
NCSC
•added 2024/12/09 1:38 p.m.•4 views

Vulnerabilities fixed in Qlik Sense Enterprise for Windows

Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...

8.8CVSS8.2AI score0.00477EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/28 2:24 p.m.•4 views

Vulnerability fixed in Zabbix

A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...

9.9CVSS7.2AI score0.78831EPSS
Exploits13References2
NCSC
NCSC
•added 2024/11/14 12:38 p.m.•4 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. A malicious party can exploit the vulnerabilities to bypass security measures to route traffic to and through the system that is not initially authorized, or cause a denial-of-service. Palo Alto has released updates to address the...

8.7CVSS7.2AI score0.0051EPSS
Exploits0References8
NCSC
NCSC
•added 2024/11/13 8:51 a.m.•4 views

Vulnerabilities fixed in Citrix Session Recording

Citrix fixed vulnerabilities in Citrix Session Recording A malicious person with limited privileges could exploit the vulnerabilities to gain access to service accounts and execute arbitrary code on the server. Researchers have published Proof-of-Concept code demonstrating the vulnerability with...

8CVSS8AI score0.14736EPSS
Exploits2References3
NCSC
NCSC
•added 2024/10/17 1:20 p.m.•4 views

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Java SE and GraalVM. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution of arbitrary code User Rights - Access to sensitive data...

8.8CVSS7.4AI score0.01364EPSS
Exploits4References1
NCSC
NCSC
•added 2024/10/10 7:20 a.m.•4 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox. A malicious party could exploit the vulnerability to execute arbitrary code. According to Mozilla, there have been signs of active misuse. Mozilla has released updates to fix the vulnerabilities in Firefox 131.0, Firefox ESR 115.16 and 128.3. For more...

9.8CVSS7.4AI score0.32568EPSS
Exploits1
NCSC
NCSC
•added 2024/10/09 11:21 a.m.•4 views

Vulnerability fixed in Ivanti Endpoint Manager Mobile

Ivanti has fixed a vulnerability in Endpoint Manager Mobile. A locally authenticated malicious party could exploit the vulnerability to obtain read and write permissions to sensitive configuration files. Ivanti has released updates to fix the vulnerability in Endpoint Manager Mobile. See the...

8.8CVSS6.6AI score0.00241EPSS
Exploits0References1
NCSC
NCSC
•added 2024/10/02 8:45 a.m.•4 views

Vulnerabilities discovered in CUPS

Recently, a researcher discovered a number of vulnerabilities in CUPS that could lead to Remote Code Execution. These have been disclosed as "9.9 RCE affecting all GNU/Unix systems." Through a concatenation of the four vulnerabilities, a malicious person can execute arbitrary code within the...

8.6CVSS8.7AI score0.76959EPSS
Exploits17References4
NCSC
NCSC
•added 2024/09/13 8:46 a.m.•4 views

Vulnerability fixed in Rockwell Automation ThinManager

Rockwell Automation has fixed a vulnerability in ThinManager. A malicious party could exploit the vulnerability to install software on the vulnerable system to execute arbitrary code. Rockwell Automation has released updates to fix the vulnerability. See attached references for more information...

8.8CVSS7.3AI score0.11228EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/13 8:30 a.m.•4 views

Vulnerabilities fixed in Solarwinds Access Rights Manager

Solarwinds has fixed vulnerabilities in Access Rights Manager. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. Solarwinds has released updates to fix the vulnerabilities. See attached references f...

9CVSS7.9AI score0.03085EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/03 9:51 a.m.•4 views

Vulnerabilities fixed in Zyxel Flex and USG Firewalls

Zyxel has fixed vulnerabilities in the firmware of ATP and USG Flex firewalls. A malicious party can exploit the vulnerabilities to cause a denial-of-service, possibly unpatched execute a limited set of commands on the vulnerable system, or execute arbitrary code in the victim's browser through a...

8.1CVSS8AI score0.01339EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/12 10:31 a.m.•4 views

Vulnerability fixed in Asterisk

A vulnerability has been fixed in Asterisk. A malicious person could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code with application privileges. For successful abuse, the malicious party must have prior authentication. The researcher who discovered th...

8.8CVSS7.7AI score0.04703EPSS
Exploits4References1
NCSC
NCSC
•added 2024/07/17 1:52 p.m.•4 views

Vulnerabilities fixed in Oracle Essbase

Vulnerabilities have been fixed in Oracle Essbase. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Oracle has made updates available to fix the vulnerabilities. See the...

8.8CVSS7.2AI score0.01381EPSS
Exploits0References4
NCSC
NCSC
•added 2024/07/17 1:51 p.m.•4 views

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. A malicious party can exploit the vulnerabilities to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Manipulation of data Circumvention of security measure Oracle ha...

7.5CVSS7.7AI score0.01466EPSS
Exploits1References9
NCSC
NCSC
•added 2024/07/09 6:40 p.m.•4 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...

9.8CVSS9AI score0.84345EPSS
Exploits7
NCSC
NCSC
•added 2024/06/28 9:55 a.m.•4 views

Vulnerability fixed in Juniper Session Smart Router

Juniper has fixed a vulnerability in Session Smart Router SSR. SSR is a software router application for SD-WAN systems. An unauthenticated malicious person with access to the infrastructure can exploit the vulnerability to access and take over the system. The limiting condition, however, is that...

10CVSS7AI score0.01088EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/22 5:33 a.m.•4 views

Vulnerability fixed in QlikSense Enterprise

A vulnerability has been fixed in QlikSense Enterprise. A malicious person can exploit the vulnerability to grant themselves elevated privileges, potentially executing arbitrary code on the system on which QlikSense is installed. For successful misuse, the malicious party must have prior...

8.8CVSS7.6AI score0.00551EPSS
Exploits0References2
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•4 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to cause a buffer overflow and thereby potentially execute arbitrary code with privileges of the victim, or possibly gain access to sensitive data in the context of the browser. Google states that it is...

9.6CVSS7.7AI score0.11007EPSS
Exploits2
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•4 views

Vulnerability fixed in Microsoft Azure

Microsoft has fixed a vulnerability in Azure Migrate. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of...

6.5CVSS6.7AI score0.00953EPSS
Exploits0
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•4 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. The vulnerability is located in the Visuals component, and a malicious party can exploit the exploit the vulnerability to execute arbitrary code in the context of the browser, or to cause a Denial-of-Service DoS cause. Google reports being aware that...

9.6CVSS7.8AI score0.08348EPSS
Exploits0
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...

9.8CVSS9.3AI score0.00847EPSS
Exploits2
NCSC
NCSC
•added 2024/04/11 12:0 a.m.•4 views

Vulnerability fixed in node.js

A vulnerability has been fixed in node.js. A malicious party can exploit the vulnerability to use a command-injection to execute arbitrary code on the system with permissions of the application running in the vulnerable node.js. The developers of node.js have released updates to fix the...

8.1CVSS8.5AI score0.01387EPSS
Exploits0
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•4 views

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. The vulnerability is located in the underlying jose4j library and allows an unauthenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability in Websphere Application Server. For...

6.5CVSS7AI score0.00879EPSS
Exploits1
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•4 views

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. A malicious party can exploit the vulnerability to execute arbitrary code on the underlying system. For successful abuse, the malicious party must have prior authentication on the vulnerable pgAdmin installation. The developers of pgAdmin have released...

9.8CVSS7.8AI score0.64846EPSS
Exploits5
Total number of security vulnerabilities4190