Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/06/05 2:19 p.m.•7 views

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...

9.9CVSS7.9AI score0.94741EPSS
Exploits29References1
NCSC
NCSC
•added 2025/06/05 10:37 a.m.•7 views

Vulnerabilities fixed in HPE StoreOnce Software

HPE has fixed vulnerabilities in HPE StoreOnce Software. The vulnerabilities include command injection and remote code execution, which can lead to unauthorized access and control of affected systems. In addition, there are vulnerabilities for authentication bypass, directory traversal and...

9.8CVSS8.4AI score0.01337EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/05 10:25 a.m.•5 views

Vulnerability fixed in Cisco Identity Services Engine for cloud platforms

Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...

9.9CVSS7AI score0.01083EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/02 9:0 a.m.•8 views

Vulnerability fixed in IBM Tivoli Monitoring

IBM has fixed a vulnerability in IBM Tivoli Monitoring version 6.3.0.7 through Service Pack 19. The vulnerability is in the improper validation of an index within a dynamically allocated array. This issue could allow a malicious person to execute arbitrary code on affected systems. IBM has releas...

9.8CVSS7.6AI score0.00854EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/27 11:42 a.m.•5 views

Vulnerability fixed in Siemens SiPass Integrated

Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...

8.7CVSS6.9AI score0.00577EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/23 8:55 a.m.•8 views

Vulnerabilities fixed in Infoblox NETMRI

Infoblox has fixed vulnerabilities in NETMRI Specific for versions prior to 7.6.1. The vulnerabilities include a critical vulnerability that allows remote authenticated users to access arbitrary files with root privileges, an unauthenticated remote command injection vulnerability that allows...

9.8CVSS8.7AI score0.43042EPSS
Exploits0References4
NCSC
NCSC
•added 2025/05/23 8:40 a.m.•10 views

Vulnerabilities fixed in ABB ASPECT product line

ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...

9.5CVSS8.1AI score0.00582EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/23 8:38 a.m.•9 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in both the Community and Enterprise Editions of GitLab. The vulnerabilities include falsely displaying full e-mail addresses to unauthorized users, insufficient input validation that can lead to Denial-of-Service, and the ability for attackers to expose masked CI...

7.5CVSS8.9AI score0.00484EPSS
Exploits1References1
NCSC
NCSC
•added 2025/05/23 8:28 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...

9.8CVSS7.7AI score0.01643EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/22 8:14 a.m.•6 views

Vulnerabilities fixed in Cisco Unified Intelligence Center

Cisco has fixed vulnerabilities in Cisco Unified Intelligence Center. The vulnerabilities are in how Cisco Unified Intelligence Center's API validates user parameters. This can lead to privilege escalation, where authenticated attackers can gain unauthorized access to other users' sensitive data...

7.1CVSS6.6AI score0.00357EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/22 8:14 a.m.•6 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine ISE. The vulnerability is in the way Cisco ISE handles RADIUS messages. Unauthenticated remote attackers can exploit this vulnerability, which can lead to a denial-of-service DoS situation on affected devices, compromising their...

8.6CVSS8.5AI score0.00667EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/22 8:13 a.m.•42 views

Vulnerabilities fixed in Cisco Webex

Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...

6.1CVSS6.5AI score0.00257EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/21 1:8 p.m.•11 views

Vulnerabilities fixed in VMware products

Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion and vCenter Server. The vulnerabilities include a command-execution vulnerability in vCenter Server that allows authenticated attackers to execute arbitrary code on the server. There is also a denial-of-service...

8.8CVSS6.8AI score0.00785EPSS
Exploits2References1
NCSC
NCSC
•added 2025/05/21 9:12 a.m.•7 views

Vulnerabilities fixed in VMware Cloud Foundation

Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...

8.2CVSS8.7AI score0.00642EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/16 12:41 p.m.•8 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...

9.6CVSS7.1AI score0.05329EPSS
Exploits3References1
NCSC
NCSC
•added 2025/05/16 9:42 a.m.•10 views

Vulnerabilities fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron)

Ivanti has fixed vulnerabilities in the Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron. Only the On-prem versions of the EPMM are vulnerable. The vulnerabilities involve an authentication bypass and remote code execution that can be jointly abused to remotely execute code on Ivanti...

8.8CVSS9.9AI score0.99899EPSS
Exploits10References5
NCSC
NCSC
•added 2025/05/14 1:50 p.m.•8 views

Vulnerability fixed in FortiVoice

Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...

9.8CVSS9.9AI score0.31974EPSS
Exploits3References1
NCSC
NCSC
•added 2025/05/14 1:19 p.m.•36 views

Vulnerabilities fixed in Zoho ManageEngine

Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...

8.1CVSS7.5AI score0.27766EPSS
Exploits0References2
NCSC
NCSC
•added 2025/05/14 8:41 a.m.•7 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager and FortiWeb. The vulnerabilities include an OS Command Injection that allows local attackers to execute unauthorized code by manipulating CLI command...

9.8CVSS8.1AI score0.99506EPSS
Exploits77References9
NCSC
NCSC
•added 2025/05/14 8:25 a.m.•7 views

Vulnerability fixed in Adobe Illustrator

Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...

7.8CVSS7.2AI score0.0046EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 8:24 a.m.•7 views

Vulnerabilities fixed in Adobe Photoshop

Adobe has fixed vulnerabilities in Adobe Photoshop Versions 26.5, 25.12.2 and earlier. The vulnerabilities are in how Adobe Photoshop handles specially crafted files. When a user opens a malicious file, it can lead to the execution of unauthorized code execution on the system. Adobe has released...

7.8CVSS7.4AI score0.00233EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 8:21 a.m.•16 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Animate versions 24.0.8, 23.0.11 and earlier. The vulnerabilities include a critical vulnerability that allows arbitrary code execution via an out-of-bounds write, a NULL Pointer Dereference that can lead to application crashes, and several integer-related...

7.8CVSS8.2AI score0.00235EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 8:18 a.m.•8 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Versions 2025.1, 2023.13, 2021.19 and earlier. The vulnerabilities are in the way ColdFusion handles input validation and authorization. Highly privileged attackers can execute arbitrary code without user interaction, which can lead to unauthorized...

9.1CVSS7.6AI score0.40174EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 8:16 a.m.•9 views

Vulnerability fixed in Ivanti Neurons for ITSM

Ivanti has fixed a vulnerability in Ivanti Neurons On-prem for ITSM Versions for 2023.4, 2024.2, and 2024.3 The vulnerability involves a critical authentication bypass that allows remote, unauthenticated attackers to gain administrative access. This could lead to unauthorized actions within the...

9.8CVSS9.4AI score0.01871EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/14 7:13 a.m.•8 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...

10CVSS8.4AI score0.14859EPSS
Exploits2References14
NCSC
NCSC
•added 2025/05/13 7:47 p.m.•12 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...

8.8CVSS9.8AI score0.58338EPSS
Exploits10
NCSC
NCSC
•added 2025/05/13 7:17 p.m.•6 views

Vulnerabilities fixed in Microsoft Edge

Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious person could exploit the vulnerabilities to impersonate the victim and gain access to sensitive data or execute arbitrary code in the victim's context. This update also incorporates the Chrome/Chromium vulnerabilities marked...

9.8CVSS8.4AI score0.00662EPSS
Exploits0
NCSC
NCSC
•added 2025/05/13 7:14 p.m.•7 views

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender for Endpoint and Defender for Identity. A malicious party could exploit the vulnerabilities to impersonate another user and assign themselves elevated privileges, enabling execution of arbitrary code with SYSTEM privileges. For successful...

6.7CVSS9.3AI score0.00626EPSS
Exploits0
NCSC
NCSC
•added 2025/05/13 7:10 p.m.•19 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, assign themselves elevated privileges and gain access to sensitive data. Microsoft has since released updates to fix the vulnerabilities marked...

9.9CVSS8.5AI score0.02621EPSS
Exploits2
NCSC
NCSC
•added 2025/05/13 6:58 p.m.•6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to trick the victim into openi...

8.4CVSS9.8AI score0.03538EPSS
Exploits0
NCSC
NCSC
•added 2025/05/13 6:44 p.m.•6 views

Vulnerabilities fixed in Microsoft Dynamics Dataverse

Microsoft has fixed vulnerabilities in Dynamics Dataverse. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. For the vulnerability with reference CVE-2025-47732, Microsoft has released updates in th...

9.8CVSS8.8AI score0.02919EPSS
Exploits0References3
NCSC
NCSC
•added 2025/05/13 6:35 p.m.•9 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...

10CVSS8.4AI score0.01533EPSS
Exploits0References9
NCSC
NCSC
•added 2025/05/13 9:19 a.m.•46 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Specifically for Ventura 13.7.6, Sequoia 15.5 and Sonoma 14.7.6. The vulnerabilities include several issues, such as memory damage from processing maliciously created Web content, unauthorized access to sensitive user data, and unexpected system...

9.2CVSS7.6AI score0.38474EPSS
Exploits5References3
NCSC
NCSC
•added 2025/05/13 9:14 a.m.•11 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include a range of problems, such as memory corruption, unauthorized access to sensitive data, and denial-of-service attacks. These vulnerabilities can be exploited by malicious actors through various vectors, including...

9.8CVSS7.6AI score0.01569EPSS
Exploits0References2
NCSC
NCSC
•added 2025/05/13 9:5 a.m.•13 views

Vulnerabilities fixed in SAP products

SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...

10CVSS9.4AI score0.99359EPSS
Exploits19References1
NCSC
NCSC
•added 2025/05/12 1:22 p.m.•5 views

Vulnerabilities fixed in ASUS DriverHub

ASUS fixed vulnerabilities in ASUS DriverHub The vulnerabilities are in the way ASUS DriverHub processes HTTP requests. DriverHub is a tool from ASUS which runs in the background and ensures that system drivers are kept up to date. Untrusted sources can use specially crafted HTTP requests to...

9.4CVSS9.7AI score0.00815EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/09 8:7 a.m.•51 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in its BIG-IP systems. The vulnerabilities are in several configurations of the BIG-IP systems, including the Traffic Management Microkernel TMM that can be terminated by unpublished requests. This can lead to performance and stability issues, especially for software...

9.2CVSS8.3AI score0.27985EPSS
Exploits1References11
NCSC
NCSC
•added 2025/05/08 8:43 a.m.•54 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software. The vulnerabilities in Cisco IOS XE Software include several issues, including insufficient input validation and improper memory management. These vulnerabilities can be exploited by unauthenticated attackers to cause denial-of-service DoS...

10CVSS7.9AI score0.17894EPSS
Exploits1References10
NCSC
NCSC
•added 2025/05/08 8:40 a.m.•12 views

Vulnerabilities fixed in SonicWall SMA100

SonicWall has fixed vulnerabilities in the SMA100 series. The vulnerabilities are in the way the SMA100 series handles authenticated SSLVPN users. CVE-2025-32819 allows these users to bypass path-traversal controls and delete arbitrary files, which can lead to a reset of the device to factory...

8.8CVSS9.4AI score0.31537EPSS
Exploits1References1
NCSC
NCSC
•added 2025/05/08 6:56 a.m.•14 views

Vulnerabilities fixed in SysAid On-Prem

SysAid has fixed vulnerabilities in SysAid On-Prem Versions up to 23.3.40 The vulnerability is in the unauthenticated XML External Entity XXE present in SysAid On-Prem versions up to 23.3.40. This vulnerability allows attackers to exploit the system without authentication. This can lead to...

9.8CVSS8.9AI score0.79475EPSS
Exploits4References1
NCSC
NCSC
•added 2025/05/07 11:19 a.m.•61 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. The vulnerabilities are in the Keymaster trustlet, SmartManagerCN and FreeType, among others. The vulnerabilities allow a local attacker to run code on the device and execute code with SmartManagerCN privileges. Google reports receiving information tha...

9.1CVSS7.8AI score0.26049EPSS
Exploits1References3
NCSC
NCSC
•added 2025/05/06 8:1 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 138 and 128.10. The vulnerabilities include privilege escalation through code injection, insecure processing of WebGL shader attributes, improper isolation of processes, and local code execution through...

9.1CVSS7.9AI score0.00534EPSS
Exploits0References10
NCSC
NCSC
•added 2025/05/06 7:12 a.m.•6 views

Vulnerabilities fixed in Keycloak

Red Hat has fixed vulnerabilities in Keycloak. The vulnerabilities include an issue where JWT tokens with long expiration times can cause infinite growth in the cache, resulting in an OutOfMemoryError and a Denial-of-Service for legitimate users. In addition, verification of trust store...

8.2CVSS5.9AI score0.00654EPSS
Exploits0References4
NCSC
NCSC
•added 2025/05/06 6:55 a.m.•4 views

Vulnerability fixed in Commvault Command Center

Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...

10CVSS9.9AI score0.97292EPSS
Exploits5References3
NCSC
NCSC
•added 2025/04/30 1:12 p.m.•11 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...

10CVSS9.2AI score0.99359EPSS
Exploits31References4
NCSC
NCSC
•added 2025/04/30 8:45 a.m.•5 views

Vulnerabilities fixed in Apple AirPlay as used by macOS, iOS and iPadOS

Apple has fixed vulnerabilities in AirPlay, as used in various Apple products including macOS, iOS and iPadOS. The vulnerabilities are exploited to cause a denial-of-service, bypass authentication and execute arbitrary code. To do this, the malicious party needs to send malicious content to a...

9.8CVSS9.8AI score0.01319EPSS
Exploits2References8
NCSC
NCSC
•added 2025/04/25 9:35 a.m.•5 views

Vulnerability fixed in SonicWall SonicOS

SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSLVPN Virtual Office interface functions. An unauthenticated malicious person could exploit this vulnerability, which could result in a firewall crash. This could result in a Denial-of-Service DoS situation,...

8.7CVSS8.1AI score0.00786EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/18 5:33 a.m.•7 views

Vulnerability fixed in Erlang/OTP SSH server

Erlang/OTP developers have fixed a vulnerability in Erlang OTP. The vulnerability is located in the SSH functionality of affected versions of Erlang/OTP. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code in context of the SSH deamon by sending prepared...

10CVSS8.6AI score0.97859EPSS
Exploits36References1
NCSC
NCSC
•added 2025/04/17 7:19 a.m.•3 views

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. A malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges, potentially gaining access to sensitive data. Apple reports having information that the vulnerabilities have been limited and highly target...

7.5CVSS8.7AI score0.21922EPSS
Exploits6References2
NCSC
NCSC
•added 2025/04/17 7:14 a.m.•12 views

Vulnerabilities fixed in Siemens TeleControl Server

Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...

9.8CVSS8.2AI score0.0092EPSS
Exploits0References1
Total number of security vulnerabilities4197