Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/03/12 10:51 a.m.•7 views

Vulnerabilities fixed in Fortinet FortiSandbox

Fortinet has fixed vulnerabilities in FortiSandbox. The vulnerability with reference CVE-2024-45328 includes improper authorization that allows low-privileged administrators to execute elevated CLI commands through the GUI console. In addition, there is an SQL injection vulnerability with attribu...

8.8CVSS8.1AI score0.09242EPSS
Exploits0References5
NCSC
NCSC
•added 2025/03/12 10:46 a.m.•11 views

Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.

Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...

8.6CVSS6.8AI score0.00673EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/11 6:45 p.m.•39 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or execute arbitrary code with the privileges of the vulnerable application. Azure PromptFlow:...

8.4CVSS7.4AI score0.00813EPSS
Exploits0
NCSC
NCSC
•added 2025/03/11 6:44 p.m.•9 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...

7.8CVSS7.3AI score0.00916EPSS
Exploits0
NCSC
NCSC
•added 2025/03/11 6:44 p.m.•11 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it cannot be ruled out that...

7.7CVSS7.7AI score0.00911EPSS
Exploits1
NCSC
NCSC
•added 2025/03/11 6:43 p.m.•10 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

8.8CVSS9.1AI score0.58974EPSS
Exploits48
NCSC
NCSC
•added 2025/03/11 12:30 p.m.•15 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

9.8CVSS7.8AI score0.15379EPSS
Exploits0References11
NCSC
NCSC
•added 2025/03/11 12:20 p.m.•10 views

Vulnerabilities fixed in SAP software

SAP has fixed several vulnerabilities in its software components, including SAP Commerce, SAP NetWeaver, and SAP BusinessObjects. The vulnerabilities include Cross-Site Scripting XSS and missing authorization controls, which allow attackers to gain unauthorized access, manipulate data, and reveal...

8.8CVSS7.3AI score0.54862EPSS
Exploits6References1
NCSC
NCSC
•added 2025/03/07 1:51 p.m.•7 views

Vulnerability fixed in Elastic Kibana

Elastic has fixed a vulnerability in Kibana. The vulnerability with reference CVE-2025-25015 allows an authenticated remote malicious person to execute arbitrary code via a specially prepared file upload and specially prepared HTTP requests. The exploitability of this vulnerability depends on the...

9.9CVSS7.7AI score0.01248EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/04 2:14 p.m.•7 views

Vulnerabilities fixed in IBM Storage products

IBM has fixed vulnerabilities in IBM FlashSystem, SAN Volume Controller, Storwize and Storage Virtualize. The vulnerabilities are in the RPCAdapter service of specific versions of IBM FlashSystem. Attackers can bypass RPCAdapter authentication through specially crafted HTTP requests, which can le...

9.8CVSS7.5AI score0.00796EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/04 2:11 p.m.•4 views

Vulnerabilities fixed in VMware products

Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion. The vulnerabilities include a TOCTOU vulnerability that allows a malicious person with local administrative privileges to execute code as the VMX process on the host via an out-of-bounds write. In addition, there ...

9.3CVSS9.2AI score0.01676EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/04 10:15 a.m.•17 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...

9.8CVSS8AI score0.00809EPSS
Exploits1References2
NCSC
NCSC
•added 2025/03/03 2:11 p.m.•7 views

Vulnerability fixed in Zohocorp ManageEngine ADSelfService Plus

Zohocorp has fixed a vulnerability in ManageEngine ADSelfService Plus Specifically for versions 6510 and earlier. The vulnerability is in the way sessions are managed in ManageEngine ADSelfService Plus. This issue allows valid account holders to abuse the system, which can lead to possible accoun...

8.1CVSS6.9AI score0.01426EPSS
Exploits0References1
NCSC
NCSC
•added 2025/03/03 2:10 p.m.•25 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 17.7.6, 17.8.4 and 17.9.1. The vulnerability is in the ability for HTML injection in searches of child items. This vulnerability can be exploited by malicious parties to perform cross-site scripting XSS attacks. The potential for...

8.7CVSS6.3AI score0.00475EPSS
Exploits1References1
NCSC
NCSC
•added 2025/02/25 7:42 a.m.•8 views

Vulnerability fixed in MITRE Caldera

MITRE has fixed a vulnerability in Caldera Specifically for versions 4.2.0 and 5.0.0. The vulnerability is in how the Caldera server processes Web requests. Malicious attackers can send specially crafted Web requests to the Caldera server API, allowing them to execute arbitrary code on the server...

10CVSS7.8AI score0.23813EPSS
Exploits2References1
NCSC
NCSC
•added 2025/02/24 12:4 p.m.•8 views

Vulnerabilities fixed in Mattermost

Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...

9.9CVSS8AI score0.2251EPSS
Exploits1References1
NCSC
NCSC
•added 2025/02/21 12:54 p.m.•4 views

Vulnerability fixed in Exim

Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...

7.5CVSS9.5AI score0.75782EPSS
Exploits6References3
NCSC
NCSC
•added 2025/02/21 12:33 p.m.•8 views

Vulnerability fixed in XWiki

XWiki has fixed a vulnerability in the system. The vulnerability is in the way XWiki handles the SolrSearch request. This allows a guest to execute arbitrary external code, compromising the confidentiality, integrity and availability of the system. The documentation provides specific steps for...

9.8CVSS7AI score0.99898EPSS
Exploits51References1
NCSC
NCSC
•added 2025/02/21 12:32 p.m.•7 views

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Specific to version 2024R1.2.2. The vulnerability is in the way Nagios XI handles user information, allowing unauthenticated users to access usernames and e-mail addresses of all current users. This can lead to unauthorized access and exploitation of...

6.5CVSS9.6AI score0.01523EPSS
Exploits0References2
NCSC
NCSC
•added 2025/02/21 8:40 a.m.•9 views

Vulnerabilities fixed in IBM Cognos Controller

IBM has fixed vulnerabilities in IBM Cognos Controller Versions 11.0.0 to 11.0.1 FP3 and 11.1.0. The vulnerabilities allow a malicious person to perform attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site-Scripting XSS. - Circumvention of a security...

10CVSS7.5AI score0.08235EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/21 8:8 a.m.•10 views

Vulnerabilities fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...

9.1CVSS8.7AI score0.98417EPSS
Exploits8References4
NCSC
NCSC
•added 2025/02/19 9:11 a.m.•5 views

Vulnerability fixed in PostgreSQL

A vulnerability has been fixed in PostgreSQL. The vulnerability is located in the libpq functions of PostgreSQL and involves an SQL injection error. Improper processing of quotes and incorrectly formed UTF-8 sequences can lead to arbitrary code execution. This vulnerability is being actively...

9.2CVSS8.5AI score0.89914EPSS
Exploits10References1
NCSC
NCSC
•added 2025/02/18 2:25 p.m.•7 views

Vulnerability fixed in Juniper Session Smart Router

Juniper has fixed a vulnerability in the Session Smart Router. The vulnerability allows a malicious person to access and thus take over the vulnerable system without prior authentication. Juniper has released updates to fix the vulnerability. See attached references for more information...

8.6AI score0.01434EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/18 8:9 a.m.•47 views

Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in several products, including FortiOS, FortiProxy, FortiPAM, FortiSwitchManager, FortiSandbox, FortiManager and FortiAnalyzer. The vulnerabilities include the ability for privileged attackers to execute arbitrary code or commands by sending specially crafted...

9.8CVSS8.2AI score0.98259EPSS
Exploits9References10
NCSC
NCSC
•added 2025/02/18 8:9 a.m.•8 views

Vulnerabilities fixed in SonicWall SonicOS

Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...

9.8CVSS8.1AI score0.95132EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/14 8:46 a.m.•16 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as APOGEE, Opcenter, RUGGEDCOM, SCALANCE, SIMATIC, SIPROTEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS -...

10CVSS7.5AI score0.99654EPSS
Exploits64References14
NCSC
NCSC
•added 2025/02/13 9:48 a.m.•6 views

Vulnerability fixed in Veeam

Veeam has fixed a vulnerability in the Veeam Updater component. The vulnerability is in how the Veeam Updater component validates TLS certificates. Insufficient validation can allow Man-in-the-Middle attackers to execute arbitrary code on affected servers. This can lead to unauthorized access and...

9CVSS7.6AI score0.00626EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 9:29 a.m.•10 views

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...

8.1CVSS7.9AI score0.01006EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 9:9 a.m.•8 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 14.1 to 17.8.2. The vulnerabilities include a denial-of-service vulnerability, an external service interaction vulnerability, a critical XSS vulnerability, improper authorization vulnerabilities, an insecure direct object...

8.8CVSS6.2AI score0.00489EPSS
Exploits4References1
NCSC
NCSC
•added 2025/02/13 9:7 a.m.•8 views

Vulnerabilities fixed in Schneider Electric ASCO

Schneider Electric fixed vulnerabilities in ASCO Annunciator The vulnerabilities include a critical vulnerability that allows malicious firmware to be downloaded without integrity checks, which can lead to device inoperability. In addition, a vulnerability stems from allocating resources without...

8.7CVSS6.7AI score0.00458EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 8:22 a.m.•8 views

Vulnerability fixed in CrowdStrike Falcon sensor

CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...

8.1CVSS6.7AI score0.00251EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 6:46 a.m.•10 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento. The vulnerabilities include a Path Traversal, unauthorized actions, information exposition, improper authorization, and several stored XSS vulnerabilities. These vulnerabilities allow attackers to gain unauthorized access, reveal...

9.1CVSS6.4AI score0.16505EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/12 9:35 a.m.•11 views

Vulnerabilities fixed in Ivanti Connect Secure and Ivanti Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The most pressing vulnerabilities include buffer overflow, command injection and code injection. These vulnerabilities allow remote authenticated attackers to remotely execute code, gain unauthorized access to sensitive...

9.9CVSS8AI score0.03831EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/11 7:40 p.m.•36 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as APOGEE, Opcenter, RUGGEDCOM, SCALANCE, SIMATIC, SIPROTEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS -...

10CVSS7.5AI score0.99654EPSS
Exploits64References14
NCSC
NCSC
•added 2025/02/11 7:19 p.m.•5 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to trick t...

8CVSS7.5AI score0.30987EPSS
Exploits0
NCSC
NCSC
•added 2025/02/11 7:17 p.m.•9 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with developer privileges. Successful exploitation requires the malicious party to trick the victim into opening...

9.8CVSS7.7AI score0.0143EPSS
Exploits0
NCSC
NCSC
•added 2025/02/11 7:17 p.m.•4 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Network Watcher and the HPC Linux Node Agent. A malicious person could grant themselves elevated privileges by exploiting the vulnerability with attribute CVE-2025-21188 in the Network Watcher, or to execute arbitrary code by exploiting the vulnerabili...

9CVSS7.7AI score0.00913EPSS
Exploits0
NCSC
NCSC
•added 2025/02/11 7:16 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS. - Obtaining elevated privileges - Circumvention of security measure - Spoofing - Execution of...

8.8CVSS8.7AI score0.23168EPSS
Exploits2
NCSC
NCSC
•added 2025/02/11 9:54 a.m.•6 views

Vulnerability fixed in Apple iOS and iPadOS

Apple has fixed a vulnerability in iOS and iPadOS. A malicious person with physical access to the vulnerable device can exploit the vulnerability to bypass USB restrictions, even when the system is locked. This allows the malicious party to install arbitrary software on the device. Successful abu...

6.1CVSS8AI score0.04371EPSS
Exploits0References2
NCSC
NCSC
•added 2025/02/11 9:8 a.m.•15 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP NetWeaver, BusinessObjects Business Intelligence platform, Enterprise Project Connection and Commerce, among others. The vulnerabilities in SAP NetWeaver include a lack of access control, which allows unauthenticated attackers to gain access to sensitive serve...

9.8CVSS7.7AI score0.90709EPSS
Exploits9References1
NCSC
NCSC
•added 2025/02/11 6:53 a.m.•25 views

Vulnerabilities fixed in Cisco IOS, IOS XE and IOS XR Software

Cisco has fixed several vulnerabilities in IOS, IOS XE and IOS XR Software. The vulnerabilities are in how the SNMP subsystem on the vulnerable devices handles traffic. Authenticated malicious actors can send specially crafted SNMP requests, which can lead to denial-of-service DoS conditions on t...

7.7CVSS7.1AI score0.00755EPSS
Exploits0References2
NCSC
NCSC
•added 2025/02/11 6:51 a.m.•14 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS. - Circumvention of a security measure - Execution of arbitrary code Root/admin - Execution of arbitrary cod...

9.8CVSS8.4AI score0.21443EPSS
Exploits19References11
NCSC
NCSC
•added 2025/02/07 7:50 a.m.•7 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Cisco Identity Services Engine ISE. The vulnerabilities are in the API of Cisco ISE, which allows an authenticated remote malicious person to execute arbitrary commands as the root user through insecure deserialization of Java byte streams. All of these...

9.9CVSS7.8AI score0.17218EPSS
Exploits5References2
NCSC
NCSC
•added 2025/02/07 7:41 a.m.•8 views

Vulnerabilities fixed in Cisco AsyncOS Software

Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...

7.2CVSS8.2AI score0.00846EPSS
Exploits0References4
NCSC
NCSC
•added 2025/02/07 7:33 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 135 and 128.7. The vulnerabilities include a double-free vulnerability, use-after-free conditions, and race conditions that can lead to memory damage, unauthorized access, and privacy risks. Malicious...

9.8CVSS9.5AI score0.01331EPSS
Exploits0References10
NCSC
NCSC
•added 2025/02/04 9:13 a.m.•14 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. The vulnerabilities include...

9.8CVSS7.1AI score0.03301EPSS
Exploits3References2
NCSC
NCSC
•added 2025/02/04 9:10 a.m.•35 views

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed several vulnerabilities in Zimbra Collaboration. The vulnerabilities included an SQL injection in the ZimbraSyncService SOAP endpoint and an SSRF vulnerability in the RSS feed parser that allowed unauthorized access and manipulation of the database, as well as unauthorized...

8.8CVSS7.9AI score0.36726EPSS
Exploits0References4
NCSC
NCSC
•added 2025/01/31 12:25 p.m.•5 views

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include an information leak that allows malicious users with View Only Admin privileges to potentially read the login credentials of integrated VMware products. In addition, there is a stored cross-site scripting...

9CVSS6.2AI score0.0065EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/29 10:35 a.m.•6 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Site. The vulnerabilities are related to improper permissions settings on the remote debugger port, allowing unauthenticated users to access system configurations. This can lead to unauthorized changes. In addition, there is a loca...

7CVSS7.8AI score0.00247EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/29 10:32 a.m.•7 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the vulnerable system elevated privileges. For successful exploitation, the malicious party must ha...

9.3CVSS8AI score0.00715EPSS
Exploits0References1
Total number of security vulnerabilities4197