Lucene search
K

4207 matches found

NCSC
NCSC
•added 2026/05/12 12:18 p.m.•18 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has addressed several vulnerabilities in various versions of iOS and iPadOS. These vulnerabilities involve incorrect memory management mechanisms, such as use-after-free, buffer overflows, out-of-bounds reads and writes, race conditions, type confusion, null pointer dereferences, and...

8.8CVSS7.2AI score0.07112EPSS
Exploits5References5
NCSC
NCSC
•added 2026/05/11 6:38 a.m.•28 views

vulnerabilities handled in LiteLLM by BerriAI

BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...

9.8CVSS6.4AI score0.86607EPSS
Exploits9References2
NCSC
NCSC
•added 2026/05/08 1:8 p.m.•11 views

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

8.8CVSS6.2AI score0.00712EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/07 4:17 p.m.•13 views

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...

9.8CVSS6.3AI score0.34454EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/06 11:33 a.m.•12 views

Vulnerabilities in Apache HTTP Server

The Apache Software Foundation has addressed several vulnerabilities in Apache HTTP Server. These vulnerabilities concern various modules and functions within Apache HTTP Server. The most serious vulnerability relates to a double-free in the HTTP/2 implementation, which allows an attacker to...

9.8CVSS7.9AI score0.4581EPSS
Exploits18References1
NCSC
NCSC
•added 2026/05/06 9:18 a.m.•12 views

Vulnerabilities are being addressed in the Progress MOVEit Automation system.

Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...

9.8CVSS6AI score0.05633EPSS
Exploits0References1
NCSC
NCSC
•added 2026/05/06 8:42 a.m.•10 views

Vulnerability handling in Palo Alto Networks PAN-OS

Palo Alto Networks has identified a vulnerability in PAN-OS, specifically in the User-ID Authentication Portal component of the PA-Series and VM-Series firewalls. The vulnerability involves a buffer overflow in the User-ID Authentication Portal, allowing unauthenticated attackers to execute...

9.8CVSS6.7AI score0.32074EPSS
Exploits6References1
NCSC
NCSC
•added 2026/05/01 6:13 a.m.•11 views

Vulnerability avoidance in the Linux kernel cryptographic subsystem

The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...

7.8CVSS6.8AI score0.96267EPSS
Exploits230References1
NCSC
NCSC
•added 2026/04/30 8:0 a.m.•7 views

Vulnerability handling functions in cPanel and WHM

cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...

9.8CVSS6AI score0.981EPSS
Exploits64References1
NCSC
NCSC
•added 2026/04/29 8:12 a.m.•14 views

Vulnerabilities handled in Apache Camel

The Apache Software Foundation has identified vulnerabilities in Apache Camel. These vulnerabilities exist in various components of Apache Camel. The issues include insecure deserialization, insufficient filtering of email headers, incorrect authentication path matching, and improper processing o...

9.9CVSS6.1AI score0.00926EPSS
Exploits10References9
NCSC
NCSC
•added 2026/04/23 11:21 a.m.•11 views

Vulnerabilities handled in GitLab EE and CE

GitLab Inc. has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, particularly in versions ranging from 9.2 to 18.11.1, including various 18.x releases. These vulnerabilities affect various components of GitLab, such as the discussions endpoint, GraphQL AP...

8.1CVSS5.8AI score0.00407EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/22 2:10 p.m.•11 views

vulnerabilities in Oracle PeopleSoft

Oracle has identified vulnerabilities in Oracle PeopleSoft. These vulnerabilities enable unauthorized attackers to gain access to sensitive data and modify it. In some cases, these vulnerabilities can even lead to a denial-of-service attack on the affected products. Oracle has released updates to...

9.8CVSS7AI score0.47621EPSS
Exploits10References1
NCSC
NCSC
•added 2026/04/22 12:56 p.m.•7 views

vulnerabilities present in Oracle E-Business Suite

Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...

9.8CVSS6.7AI score0.01916EPSS
Exploits4References1
NCSC
NCSC
•added 2026/04/22 12:46 p.m.•7 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified vulnerabilities in Enterprise Manager Base Platform 13.5, 24.1. These vulnerabilities enable unauthorized attackers to gain unauthorized access, or they can lead to a denial-of-service attack via HTTP. Oracle has released updates for Enterprise Manager Base Platform to addre...

9.1CVSS6.8AI score0.00743EPSS
Exploits1References1
NCSC
NCSC
•added 2026/04/22 11:33 a.m.•6 views

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

9.1CVSS7.1AI score0.00413EPSS
Exploits0References2
NCSC
NCSC
•added 2026/04/22 9:40 a.m.•9 views

The vulnerability exploited in Microsoft’s ASP.NET Core framework

Microsoft has identified a vulnerability in ASP.NET Core. This vulnerability arises due to incorrect verification of cryptographic signatures within ASP.NET Core. As a result, an unauthorized attacker can elevate their privileges by circumventing security checks and gaining unauthorized access wi...

9.1CVSS6AI score0.11205EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/17 8:37 a.m.•6 views

Lack of vulnerability awareness in Cisco WebEx Services

Cisco has identified a vulnerability in Cisco Webex Services, specifically in the SSO integration with Control Hub. The vulnerability lies in the incorrect validation of certificates during the SSO integration of Cisco Webex Services through Control Hub. An unauthenticated external attacker can...

9.8CVSS6AI score0.0052EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/15 12:23 p.m.•10 views

vulnerabilities in Fortinet FortiSandbox

Fortinet has identified several vulnerabilities in FortiSandbox, including those in on-premises versions and FortiSandbox Cloud. Two of these vulnerabilities are classified as critical by Fortinet. Malicious actors can exploit these vulnerabilities through CVE-2026-39813 and CVE-2026-39808. In...

9.8CVSS6AI score0.48668EPSS
Exploits7References5
NCSC
NCSC
•added 2026/04/15 12:20 p.m.•18 views

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

8.1CVSS6.2AI score0.00901EPSS
Exploits0References3
NCSC
NCSC
•added 2026/04/15 8:54 a.m.•15 views

Microsoft Defender’s inability to address vulnerabilities

Microsoft has identified a vulnerability in System Center. A malicious individual could exploit this vulnerability by allowing Windows Defender to apply insufficient access control, thereby enabling an authorized attacker to escalate their privileges locally. UPDATE If Microsoft Defender...

7.8CVSS6.4AI score0.06749EPSS
Exploits3
NCSC
NCSC
•added 2026/04/15 8:53 a.m.•12 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

9.8CVSS7.2AI score0.64095EPSS
Exploits15
NCSC
NCSC
•added 2026/04/14 7:24 p.m.•7 views

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

8.8CVSS6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 7:23 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

8.8CVSS5.8AI score0.01928EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 7:20 p.m.•10 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass security measures, impersonate another user and thus gain elevated privileges and access to sensitive data. For successful abuse, the malicious party must trick the victim...

8.4CVSS6.2AI score0.25082EPSS
Exploits1
NCSC
NCSC
•added 2026/04/14 7:18 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

7.8CVSS5.7AI score0.02279EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 12:55 p.m.•8 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

9.9CVSS5.9AI score0.00501EPSS
Exploits2References1
NCSC
NCSC
•added 2026/04/14 11:37 a.m.•13 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Analytics Toolkit, Ruggedcom, Industrial Edge Management Pro, SIDIS and TPM. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

9.8CVSS7.3AI score0.73495EPSS
Exploits7References8
NCSC
NCSC
•added 2026/04/13 9:38 a.m.•6 views

Vulnerability fixed in Adobe Acrobat

Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...

8.6CVSS6.4AI score0.07086EPSS
Exploits4References2
NCSC
NCSC
•added 2026/04/10 2:28 p.m.•14 views

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco Smart Software Manager On-Prem. A malicious party could exploit this vulnerability by inadvertently making an internal service component in Cisco Smart Software Manager On-Prem SSM On-Prem externally accessible. This allows a remote attacker to execute...

9.8CVSS6AI score0.00914EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/10 12:53 p.m.•25 views

Vulnerabilities fixed in Microsoft Windows

Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Executio...

9.8CVSS6.7AI score0.1911EPSS
Exploits8
NCSC
NCSC
•added 2026/04/10 12:11 p.m.•8 views

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/10 12:6 p.m.•10 views

Vulnerability fixed in Juniper Networks Junos OS Evolved

Juniper has fixed a vulnerability in Junos OS Evolved running on PTX Series devices. A malicious party can exploit this vulnerability to increase privileges. The vulnerability is in the Flexible PIC Concentrators FPCs of Juniper Networks Junos OS Evolved on PTX systems. The vulnerability can lead...

8.5CVSS5.8AI score0.00114EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/04 1:49 p.m.•12 views

Vulnerability fixed in Fortinet's FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS. The vulnerability involves improper access controls in FortiClient EMS. Unauthenticated attackers can bypass security controls by sending specially crafted requests and execute unauthorized code or commands. The vulnerability can be exploited...

9.8CVSS6AI score0.88505EPSS
Exploits8References1
NCSC
NCSC
•added 2026/04/03 10:34 a.m.•8 views

Vulnerabilities fixed in Cisco Integrated Management Controller

Cisco has fixed several vulnerabilities in Cisco Integrated Management Controller IMC. The vulnerabilities are in Cisco IMC's Web-based management interface. An unauthorized remote attacker can bypass authentication through password change functionality by sending specially formatted HTTP request...

9.8CVSS6.1AI score0.01094EPSS
Exploits0References4
NCSC
NCSC
•added 2026/04/03 8:20 a.m.•11 views

Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights

Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...

6.5CVSS6.4AI score0.00489EPSS
Exploits0References3
NCSC
NCSC
•added 2026/03/30 11:36 a.m.•10 views

Vulnerability fixed in Fortinet FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS version 7.4.4. The vulnerability with reference CVE-2026-21643 concerns a critical vulnerability in FortiClient EMS. The cause lies in the improper neutralization of special SQL commands, which allows an unauthenticated malicious person to...

9.8CVSS6.1AI score0.94085EPSS
Exploits1References1
NCSC
NCSC
•added 2026/03/27 6:9 p.m.•23 views

Vulnerabilities fixed in F5 Networks BIG-IP, F5OS and NGINX App Protect WAF

F5 Networks has fixed vulnerabilities in the BIG-IP and F5OS product lines and NGINX App Protect WAF. The vulnerabilities include several configuration issues and exploit vectors. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of...

9.8CVSS7.5AI score0.02213EPSS
Exploits0References3
NCSC
NCSC
•added 2026/03/26 9:50 a.m.•8 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References11
NCSC
NCSC
•added 2026/03/26 9:48 a.m.•9 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 18.8.7, 18.9.3, and 18.10.1. The vulnerabilities included denial-of-service scenarios that could be triggered by authenticated users via specific Webhook configurations and continuous integration inputs. In addition, there were issues with improper...

8.8CVSS5.8AI score0.00478EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/25 2:15 p.m.•16 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Specifically Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4. The vulnerabilities include several issues such as insufficient input validation, improper memory handling, and issues with permissions that could lead to unauthorized access to sensitive...

9.3CVSS5.7AI score0.01527EPSS
Exploits7References3
NCSC
NCSC
•added 2026/03/25 2:2 p.m.•12 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include several issues such as improper path management, memory management, and insufficient input validation, which could lead to unauthorized access to sensitive data, unexpected application terminations, and other...

9.8CVSS5.8AI score0.00865EPSS
Exploits5References2
NCSC
NCSC
•added 2026/03/23 1:43 p.m.•6 views

Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway

Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...

9.8CVSS5.8AI score0.83996EPSS
Exploits7References1
NCSC
NCSC
•added 2026/03/20 3:56 p.m.•11 views

Vulnerability fixed in Oracle Identity Manager and Oracle Web Services Manager

Oracle has fixed a vulnerability in two components of Fusion Middleware, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability comes from insufficient access controls within Oracle Identity Manager and Oracle Web Services Manager, allowing unauthenticated remote attackers to...

9.8CVSS6.3AI score0.01008EPSS
Exploits1References2
NCSC
NCSC
•added 2026/03/20 2:3 p.m.•12 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to impersonate another user, gain access to sensitive data or execute arbitrary code in the victim's context. For successful abuse, the malicious party must be authenticated on the...

9.8CVSS7AI score0.2943EPSS
Exploits0
NCSC
NCSC
•added 2026/03/19 11:48 a.m.•9 views

Vulnerabilities fixed in Cisco Secure Firewall Management Center

The vulnerability with reference CVE-2026-20079 is located in the web interface of Cisco Secure Firewall Management Center. An unauthenticated remote malicious party can bypass authentication controls by exploiting an incorrect system process created at startup. The malicious party can exploit th...

10CVSS6.4AI score0.387EPSS
Exploits6References3
NCSC
NCSC
•added 2026/03/13 8:41 a.m.•9 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS 15 & 16 and iPadOS 15 & 16 The vulnerabilities are in the way memory is managed in various Apple products. An attacker could exploit these vulnerabilities by processing malicious Web content, which could lead to memory damage and possibly execute arbitrary code...

8.8CVSS6.2AI score0.10593EPSS
Exploits10References2
NCSC
NCSC
•added 2026/03/13 8:33 a.m.•6 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome versions before 146.0.7680.75. The vulnerabilities are in Google Chrome's V8 engine and Skia graphics library. The vulnerability in the V8 engine allows a malicious person to execute arbitrary code within the browser's sandboxed environment via a...

8.8CVSS6.1AI score0.02EPSS
Exploits1References1
NCSC
NCSC
•added 2026/03/12 2:54 p.m.•7 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...

9.9CVSS6AI score0.01329EPSS
Exploits0References2
NCSC
NCSC
•added 2026/03/12 2:45 p.m.•8 views

Vulnerability fixed in pac4j-jwt

Pac4j has fixed a vulnerability in the pac4j-jwt library specifically for versions before 4.5.9, 5.7.9 and 6.3.3. The vulnerability is located in the JwtAuthenticator module of the pac4j-jwt library. This vulnerability allows an attacker with access to the server's RSA public key to forge JWT...

10CVSS5.8AI score0.05856EPSS
Exploits17References1
NCSC
NCSC
•added 2026/03/12 2:44 p.m.•45 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in the command-line interface CLI of Cisco IOS XR, which allows authenticated local attackers to execute arbitrary root-level commands or obtain full administrative privileges. In addition, there is a problem with t...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References3
Total number of security vulnerabilities4207