Lucene search
K

4197 matches found

NCSC
NCSC
added 2026/06/08 8:31 a.m.24 views

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

9.8CVSS6.1AI score0.0058EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/08 8:23 a.m.18 views

Vulnerabilities in IBM WebSphere Application Server and WebSphere Liberty

IBM has identified vulnerabilities in WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. These vulnerabilities reside in the Web Server Plug-ins, which are part of the request handling processes of these products. The first vulnerability relates to HTTP request smuggling,...

9.8CVSS6.3AI score0.00847EPSS
Exploits0References5
NCSC
NCSC
added 2026/06/05 9:38 a.m.13 views

Kwetsbaarheid verholpen in Cisco SD-WAN Manager

Cisco has identified a vulnerability in SD-WAN Manager, previously known as SD-WAN vManage. A malicious individual could exploit this vulnerability by uploading a specially crafted file to the affected system and thereby elevating their privileges to root user status. Cisco indicates that active...

7.8CVSS5.5AI score0.25323EPSS
Exploits2References1
NCSC
NCSC
added 2026/06/05 8:34 a.m.17 views

The vulnerability was exploited in SolarWinds Serv-U.

SolarWinds has identified a vulnerability in Serv-U. A malicious individual could exploit this vulnerability to cause a Denial-of-Service attack by sending a specially crafted POST message. SolarWinds has released a hotfix and published mitigation measures to address this vulnerability and preven...

7.5CVSS5.5AI score0.10659EPSS
Exploits2References2
NCSC
NCSC
added 2026/06/04 11:34 a.m.14 views

Lack of transparency in Cisco Unified Communications Manager

Cisco has identified a vulnerability in Unified Communications Manager CM and Unified Communications Manager Session Management Edition CM SME. A malicious individual could exploit this vulnerability to carry out a Server-Side Request Forgery SSRF attack. Successful exploitation could result in t...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
NCSC
NCSC
added 2026/06/02 11:33 a.m.18 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

9.8CVSS7.3AI score0.72253EPSS
Exploits40
NCSC
NCSC
added 2026/06/02 8:0 a.m.87 views

Vulnerabilities found in Google Android and Samsung Mobile devices

Google has hidden vulnerabilities in Android. Samsung has also hidden vulnerabilities related to Samsung mobile devices in Samsung Mobile. A malicious actor could exploit these vulnerabilities to cause a denial-of-service attack, gain elevated privileges, access sensitive data, or execute arbitra...

8.8CVSS6.6AI score0.01714EPSS
Exploits6References2
NCSC
NCSC
added 2026/05/30 10:52 a.m.50 views

Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access

Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...

9.1CVSS6.1AI score0.86678EPSS
Exploits11References2
NCSC
NCSC
added 2026/05/29 7:8 p.m.20 views

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References2
NCSC
NCSC
added 2026/05/29 12:26 p.m.16 views

Vulnerabilities in Oracle E-Business Suite components

Oracle has discovered vulnerabilities in various components of the Oracle E-Business Suite, including Oracle Payments, Oracle Internet Procurement Connector, Oracle Financials Common Modules, Oracle iAssets, Oracle Public Sector Financials International, Oracle Universal Work Queue, Oracle Payrol...

9.9CVSS5.8AI score0.00677EPSS
Exploits2References1
NCSC
NCSC
added 2026/05/29 12:20 p.m.18 views

Vulnerabilities in Oracle Database Server

Oracle has identified vulnerabilities in Oracle REST Data Services versions 24.2.0 to 26.1.0 and Oracle Database Server versions 23.4.0 to 23.26.2. The vulnerabilities in Oracle REST Data Services allow attackers with low privileges and network access via HTTPS to perform various actions without...

10CVSS5.9AI score0.01127EPSS
Exploits2References1
NCSC
NCSC
added 2026/05/28 6:49 a.m.24 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...

8.2CVSS5.7AI score0.00471EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/26 7:50 a.m.42 views

Kwetsbaarheid verholpen in Cisco Secure Workload

Cisco has identified a vulnerability in Cisco Secure Workload. This vulnerability resides within the internal REST APIs of Cisco Secure Workload. Unauthorized malicious actors with access to the internal infrastructure can obtain Site Admin privileges through inadequate validation and...

10CVSS5.9AI score0.00835EPSS
Exploits1References1
NCSC
NCSC
added 2026/05/21 7:55 a.m.15 views

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

9.8CVSS6.2AI score0.84631EPSS
Exploits14References1
NCSC
NCSC
added 2026/05/20 6:21 a.m.42 views

Vulnerabilities found in Microsoft Windows

Microsoft has published measures to address a vulnerability in Windows operating systems that could allow malicious individuals to access data encrypted via BitLocker. The vulnerability involves bypassing a security feature in Windows, known as “YellowKey”. A proof of concept is available that...

6.8CVSS6AI score0.01249EPSS
Exploits2References1
NCSC
NCSC
added 2026/05/18 8:6 a.m.38 views

Kwetsbaarheid verholpen in NGINX ngx_http_rewrite_module

NGINX has identified a vulnerability in the ngxhttprewritemodule, which is part of both the NGINX Plus and open-source versions of the software. The vulnerability involves a heap buffer overflow in the ngxhttprewritemodule, which is responsible for URL rewriting functionality. An attacker can...

9.2CVSS6.5AI score0.61469EPSS
Exploits40References6
NCSC
NCSC
added 2026/05/15 12:8 p.m.16 views

The vulnerability was exploited in Exim.

The developers of Exim introduced a vulnerability in the Exim Mail Transfer Agent versions prior to 4.99.3. This vulnerability involves a use-after-free in the BDAT body parsing process, specifically when certain GnuTLS backend configurations are used. An unauthorized attacker can exploit this...

9.8CVSS6.4AI score0.01225EPSS
Exploits2References4
NCSC
NCSC
added 2026/05/15 12:7 p.m.22 views

Vulnerabilities found in F5 BIG-IP and BIG-IQ products

F5 has identified several vulnerabilities in the BIG-IP and BIG-IQ products, including components such as iControl REST, iControl SOAP, TMOS Shell, Traffic Management Microkernel TMM, Configuration Utility, Advanced WAF, ASM, PEM, DNS, Access Policy Manager APM, and SSL Orchestrator. The...

9.1CVSS6.1AI score0.00886EPSS
Exploits0References41
NCSC
NCSC
added 2026/05/15 9:27 a.m.69 views

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

8.7CVSS5.8AI score0.00355EPSS
Exploits1References1
NCSC
NCSC
added 2026/05/15 8:43 a.m.19 views

Vulnerabilities managed in Ivanti Endpoint Manager

Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...

8.8CVSS6.3AI score0.00883EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/15 8:41 a.m.23 views

Lack of vulnerability awareness in Microsoft Exchange Server

Microsoft has identified a vulnerability in Microsoft Exchange Server. This vulnerability involves a cross-site scripting XSS issue that arises due to improper handling of user input during the generation of web pages. An unauthorized attacker can inject malicious scripts and perform spoofing...

8.1CVSS5.9AI score0.0564EPSS
Exploits1References1
NCSC
NCSC
added 2026/05/15 8:19 a.m.19 views

Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

10CVSS6AI score0.88496EPSS
Exploits4References2
NCSC
NCSC
added 2026/05/15 6:49 a.m.57 views

The vulnerability was exploited in AMD processors

AMD has addressed a vulnerability in certain processor models through a mitigation measure included in the Windows update of May 2026. This vulnerability affects certain AMD processors. A local malicious actor could exploit this vulnerability to execute arbitrary code on the system. The mitigatio...

7.3CVSS6.2AI score0.00258EPSS
Exploits0References6
NCSC
NCSC
added 2026/05/13 11:39 a.m.15 views

Vulnerability concealment in Fortinet FortiAuthenticator

Fortinet has identified a vulnerability in FortiAuthenticator. This vulnerability relates to incorrect access control in FortiAuthenticator, allowing attackers to execute unauthorized code or commands. This occurs due to insufficient restrictions in the access control mechanism within the softwar...

9.8CVSS6.3AI score0.00551EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 11:39 a.m.10 views

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox and FortiSandbox PaaS versions. The vulnerability involves an absence of authorization checks, allowing unauthorized attackers to execute unauthorized code or commands through specially crafted HTTP requests. This issue arises due to...

9.8CVSS6.4AI score0.00733EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 9:33 a.m.13 views

vulnerabilities handled in Adobe Premiere Pro

Adobe has identified vulnerabilities in Adobe Premiere Pro versions 26.0.2, 25.6.4, and earlier versions. These vulnerabilities reside in the way Adobe Premiere Pro processes specially crafted files. One vulnerability involves an out-of-bounds write operation, which can lead to memory corruption...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 9:31 a.m.34 views

vulnerabilities handled in Adobe After Effects

Adobe has identified several vulnerabilities in Adobe After Effects, particularly in versions 26.0, 25.6.4, and earlier versions. These vulnerabilities reside in the way Adobe After Effects processes certain files. There are issues with stack-based buffer overflows, heap-based buffer overflows,...

7.8CVSS6.4AI score0.00299EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 9:27 a.m.27 views

Vulnerabilities in Adobe Commerce

Adobe has identified several vulnerabilities in Adobe Commerce. These vulnerabilities exist in various versions of Adobe Commerce, including 2.4.9-beta1 and earlier versions. One vulnerability, an Incorrect Authorization vulnerability, allows attackers to bypass authorization checks and obtain...

7.5CVSS5.8AI score0.2255EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 9:23 a.m.13 views

Vulnerabilities that can be addressed in Adobe Connect

Adobe has identified vulnerabilities in Adobe Connect versions 2025.9.15, 2025.8.157, and earlier versions. These vulnerabilities allow attackers to execute arbitrary code on the affected system. This can occur when users interact with malicious URLs or compromised web pages. The first...

9.6CVSS6.3AI score0.00635EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 9:18 a.m.12 views

vulnerabilities handled in Adobe Illustrator

Adobe has identified several vulnerabilities in Adobe Illustrator versions 29.8.6, 30.3, and earlier. These vulnerabilities lie in the way Adobe Illustrator processes specially crafted files. There are issues with out-of-bounds write operations, NULL pointer dereferences, out-of-bounds reads, and...

7.8CVSS6AI score0.00174EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 9:17 a.m.14 views

Kwetsbaarheid verholpen in Cisco Crosswork Network Controller

Cisco has identified a vulnerability in the Cisco Crosswork Network Controller. This vulnerability involves a denial-of-service attack that can be exploited by unauthorized external attackers. The attack involves overwhelming the system with a large number of connection requests, causing services...

5.8AI score0.0031EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/13 7:14 a.m.28 views

Vulnerabilities in Microsoft Edge (Chromium)

Microsoft has identified a number of vulnerabilities in the Edge browser Chromium. These vulnerabilities are located in the code base of Chrome and were previously disclosed by Google. Microsoft incorporates these vulnerabilities into the Edge browser and distributes the updates automatically...

9.6CVSS6AI score0.01135EPSS
Exploits0
NCSC
NCSC
added 2026/05/13 6:33 a.m.33 views

Vulnerabilities present in Siemens products

Siemens has identified vulnerabilities in various OT-products. These include products from the Siemens RUGGEDCOM, SCALANCE, SIMATIC, SIMIT, SINAMICS, SIPROTEC, SENTRON, and Solid Edge product families. The vulnerabilities enable malicious actors to carry out attacks that can cause the following...

9.8CVSS7.2AI score0.72648EPSS
Exploits40References17
NCSC
NCSC
added 2026/05/12 5:53 p.m.12 views

The vulnerability was exploited in Microsoft SQL Server

Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...

8.8CVSS6.2AI score0.00555EPSS
Exploits0
NCSC
NCSC
added 2026/05/12 5:53 p.m.11 views

Vulnerabilities in Microsoft Dynamics

Microsoft has addressed vulnerabilities in various components of Dynamics. A malicious individual with access can exploit these vulnerabilities to gain elevated privileges, execute arbitrary code, and/or access sensitive data. The vulnerability with ID CVE-2026-33821 has been addressed by...

9.9CVSS6.1AI score0.01194EPSS
Exploits0
NCSC
NCSC
added 2026/05/12 5:53 p.m.15 views

vulnerabilities present in Microsoft Office

Microsoft has identified vulnerabilities in various Office products. A malicious individual can exploit these vulnerabilities to impersonate another user or execute arbitrary code with the victim’s privileges, potentially accessing sensitive data within the context of the victim’s account. For...

9.6CVSS6.2AI score0.04421EPSS
Exploits0
NCSC
NCSC
added 2026/05/12 5:53 p.m.13 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...

10CVSS6.2AI score0.0243EPSS
Exploits0
NCSC
NCSC
added 2026/05/12 5:53 p.m.11 views

Vulnerabilities in Microsoft Azure

Microsoft has identified vulnerabilities in various Azure components. A malicious individual could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, and potentially access sensitive data. The vulnerabilities with IDs CVE-2026-40379,...

10CVSS6.3AI score0.05378EPSS
Exploits0
NCSC
NCSC
added 2026/05/12 12:21 p.m.21 views

Vulnerabilities found in various SAP products

SAP has identified vulnerabilities in the following SAP products: SAP S/4HANA, SAP Commerce Cloud, SAP Forecasting & Replenishment, SAP NetWeaver Application Server for ABAP, SAP Business Server Pages, SAP BusinessObjects Business Intelligence Platform, SAP Strategic Enterprise Management Scoreca...

9.6CVSS6.9AI score0.01398EPSS
Exploits1References1
NCSC
NCSC
added 2026/05/12 12:19 p.m.13 views

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in various versions of macOS including Sequoia, Sonoma, and Tahoe versions. These vulnerabilities involve memory management issues such as buffer overflows, use-after-free errors, out-of-bounds reads and writes, and integer overflows. These...

8.8CVSS6.8AI score0.07112EPSS
Exploits5References3
NCSC
NCSC
added 2026/05/12 12:18 p.m.18 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has addressed several vulnerabilities in various versions of iOS and iPadOS. These vulnerabilities involve incorrect memory management mechanisms, such as use-after-free, buffer overflows, out-of-bounds reads and writes, race conditions, type confusion, null pointer dereferences, and...

8.8CVSS7.2AI score0.07112EPSS
Exploits5References5
NCSC
NCSC
added 2026/05/11 6:38 a.m.28 views

vulnerabilities handled in LiteLLM by BerriAI

BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...

9.8CVSS6.4AI score0.86607EPSS
Exploits9References2
NCSC
NCSC
added 2026/05/08 1:8 p.m.11 views

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

8.8CVSS6.2AI score0.00712EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/07 4:17 p.m.11 views

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...

9.8CVSS6.3AI score0.34454EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/06 11:33 a.m.10 views

Vulnerabilities in Apache HTTP Server

The Apache Software Foundation has addressed several vulnerabilities in Apache HTTP Server. These vulnerabilities concern various modules and functions within Apache HTTP Server. The most serious vulnerability relates to a double-free in the HTTP/2 implementation, which allows an attacker to...

9.8CVSS7.9AI score0.4581EPSS
Exploits18References1
NCSC
NCSC
added 2026/05/06 9:18 a.m.10 views

Vulnerabilities are being addressed in the Progress MOVEit Automation system.

Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...

9.8CVSS6AI score0.05633EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/06 8:42 a.m.10 views

Vulnerability handling in Palo Alto Networks PAN-OS

Palo Alto Networks has identified a vulnerability in PAN-OS, specifically in the User-ID Authentication Portal component of the PA-Series and VM-Series firewalls. The vulnerability involves a buffer overflow in the User-ID Authentication Portal, allowing unauthenticated attackers to execute...

9.8CVSS6.7AI score0.32074EPSS
Exploits6References1
NCSC
NCSC
added 2026/05/01 6:13 a.m.11 views

Vulnerability avoidance in the Linux kernel cryptographic subsystem

The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...

7.8CVSS6.8AI score0.96267EPSS
Exploits230References1
NCSC
NCSC
added 2026/04/30 8:0 a.m.7 views

Vulnerability handling functions in cPanel and WHM

cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...

9.8CVSS6AI score0.981EPSS
Exploits64References1
NCSC
NCSC
added 2026/04/29 8:12 a.m.14 views

Vulnerabilities handled in Apache Camel

The Apache Software Foundation has identified vulnerabilities in Apache Camel. These vulnerabilities exist in various components of Apache Camel. The issues include insecure deserialization, insufficient filtering of email headers, incorrect authentication path matching, and improper processing o...

9.9CVSS6.1AI score0.00926EPSS
Exploits10References9
Total number of security vulnerabilities4197