Lucene search
K

4197 matches found

NCSC
NCSC
•added 2026/04/23 11:21 a.m.•10 views

Vulnerabilities handled in GitLab EE and CE

GitLab Inc. has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, particularly in versions ranging from 9.2 to 18.11.1, including various 18.x releases. These vulnerabilities affect various components of GitLab, such as the discussions endpoint, GraphQL AP...

8.1CVSS5.8AI score0.00407EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/22 2:10 p.m.•11 views

vulnerabilities in Oracle PeopleSoft

Oracle has identified vulnerabilities in Oracle PeopleSoft. These vulnerabilities enable unauthorized attackers to gain access to sensitive data and modify it. In some cases, these vulnerabilities can even lead to a denial-of-service attack on the affected products. Oracle has released updates to...

9.8CVSS7AI score0.47621EPSS
Exploits10References1
NCSC
NCSC
•added 2026/04/22 12:56 p.m.•7 views

vulnerabilities present in Oracle E-Business Suite

Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...

9.8CVSS6.7AI score0.01916EPSS
Exploits4References1
NCSC
NCSC
•added 2026/04/22 12:46 p.m.•7 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified vulnerabilities in Enterprise Manager Base Platform 13.5, 24.1. These vulnerabilities enable unauthorized attackers to gain unauthorized access, or they can lead to a denial-of-service attack via HTTP. Oracle has released updates for Enterprise Manager Base Platform to addre...

9.1CVSS6.8AI score0.00743EPSS
Exploits1References1
NCSC
NCSC
•added 2026/04/22 11:33 a.m.•6 views

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

9.1CVSS7.1AI score0.00413EPSS
Exploits0References2
NCSC
NCSC
•added 2026/04/22 9:40 a.m.•8 views

The vulnerability exploited in Microsoft’s ASP.NET Core framework

Microsoft has identified a vulnerability in ASP.NET Core. This vulnerability arises due to incorrect verification of cryptographic signatures within ASP.NET Core. As a result, an unauthorized attacker can elevate their privileges by circumventing security checks and gaining unauthorized access wi...

9.1CVSS6AI score0.11205EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/17 8:37 a.m.•6 views

Lack of vulnerability awareness in Cisco WebEx Services

Cisco has identified a vulnerability in Cisco Webex Services, specifically in the SSO integration with Control Hub. The vulnerability lies in the incorrect validation of certificates during the SSO integration of Cisco Webex Services through Control Hub. An unauthenticated external attacker can...

9.8CVSS6AI score0.0052EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/15 12:23 p.m.•10 views

vulnerabilities in Fortinet FortiSandbox

Fortinet has identified several vulnerabilities in FortiSandbox, including those in on-premises versions and FortiSandbox Cloud. Two of these vulnerabilities are classified as critical by Fortinet. Malicious actors can exploit these vulnerabilities through CVE-2026-39813 and CVE-2026-39808. In...

9.8CVSS6AI score0.48668EPSS
Exploits7References5
NCSC
NCSC
•added 2026/04/15 12:20 p.m.•18 views

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

8.1CVSS6.2AI score0.00901EPSS
Exploits0References3
NCSC
NCSC
•added 2026/04/15 8:54 a.m.•15 views

Microsoft Defender’s inability to address vulnerabilities

Microsoft has identified a vulnerability in System Center. A malicious individual could exploit this vulnerability by allowing Windows Defender to apply insufficient access control, thereby enabling an authorized attacker to escalate their privileges locally. UPDATE If Microsoft Defender...

7.8CVSS6.4AI score0.06749EPSS
Exploits3
NCSC
NCSC
•added 2026/04/15 8:53 a.m.•12 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

9.8CVSS7.2AI score0.64095EPSS
Exploits15
NCSC
NCSC
•added 2026/04/14 7:24 p.m.•6 views

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

8.8CVSS6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 7:23 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

8.8CVSS5.8AI score0.01928EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 7:20 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass security measures, impersonate another user and thus gain elevated privileges and access to sensitive data. For successful abuse, the malicious party must trick the victim...

8.4CVSS6.2AI score0.25082EPSS
Exploits1
NCSC
NCSC
•added 2026/04/14 7:18 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

7.8CVSS5.7AI score0.02279EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 12:55 p.m.•8 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

9.9CVSS5.9AI score0.00501EPSS
Exploits2References1
NCSC
NCSC
•added 2026/04/14 11:37 a.m.•13 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Analytics Toolkit, Ruggedcom, Industrial Edge Management Pro, SIDIS and TPM. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

9.8CVSS7.3AI score0.73495EPSS
Exploits7References8
NCSC
NCSC
•added 2026/04/13 9:38 a.m.•4 views

Vulnerability fixed in Adobe Acrobat

Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...

8.6CVSS6.4AI score0.07086EPSS
Exploits4References2
NCSC
NCSC
•added 2026/04/10 2:28 p.m.•14 views

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco Smart Software Manager On-Prem. A malicious party could exploit this vulnerability by inadvertently making an internal service component in Cisco Smart Software Manager On-Prem SSM On-Prem externally accessible. This allows a remote attacker to execute...

9.8CVSS6AI score0.00914EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/10 12:53 p.m.•25 views

Vulnerabilities fixed in Microsoft Windows

Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Executio...

9.8CVSS6.7AI score0.1911EPSS
Exploits8
NCSC
NCSC
•added 2026/04/10 12:11 p.m.•8 views

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/10 12:6 p.m.•10 views

Vulnerability fixed in Juniper Networks Junos OS Evolved

Juniper has fixed a vulnerability in Junos OS Evolved running on PTX Series devices. A malicious party can exploit this vulnerability to increase privileges. The vulnerability is in the Flexible PIC Concentrators FPCs of Juniper Networks Junos OS Evolved on PTX systems. The vulnerability can lead...

8.5CVSS5.8AI score0.00114EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/04 1:49 p.m.•12 views

Vulnerability fixed in Fortinet's FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS. The vulnerability involves improper access controls in FortiClient EMS. Unauthenticated attackers can bypass security controls by sending specially crafted requests and execute unauthorized code or commands. The vulnerability can be exploited...

9.8CVSS6AI score0.88505EPSS
Exploits8References1
NCSC
NCSC
•added 2026/04/03 10:34 a.m.•8 views

Vulnerabilities fixed in Cisco Integrated Management Controller

Cisco has fixed several vulnerabilities in Cisco Integrated Management Controller IMC. The vulnerabilities are in Cisco IMC's Web-based management interface. An unauthorized remote attacker can bypass authentication through password change functionality by sending specially formatted HTTP request...

9.8CVSS6.1AI score0.01094EPSS
Exploits0References4
NCSC
NCSC
•added 2026/04/03 8:20 a.m.•11 views

Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights

Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...

6.5CVSS6.4AI score0.00489EPSS
Exploits0References3
NCSC
NCSC
•added 2026/03/30 11:36 a.m.•10 views

Vulnerability fixed in Fortinet FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS version 7.4.4. The vulnerability with reference CVE-2026-21643 concerns a critical vulnerability in FortiClient EMS. The cause lies in the improper neutralization of special SQL commands, which allows an unauthenticated malicious person to...

9.8CVSS6.1AI score0.94085EPSS
Exploits1References1
NCSC
NCSC
•added 2026/03/27 6:9 p.m.•23 views

Vulnerabilities fixed in F5 Networks BIG-IP, F5OS and NGINX App Protect WAF

F5 Networks has fixed vulnerabilities in the BIG-IP and F5OS product lines and NGINX App Protect WAF. The vulnerabilities include several configuration issues and exploit vectors. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of...

9.8CVSS7.5AI score0.02213EPSS
Exploits0References3
NCSC
NCSC
•added 2026/03/26 9:50 a.m.•8 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References11
NCSC
NCSC
•added 2026/03/26 9:48 a.m.•6 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 18.8.7, 18.9.3, and 18.10.1. The vulnerabilities included denial-of-service scenarios that could be triggered by authenticated users via specific Webhook configurations and continuous integration inputs. In addition, there were issues with improper...

8.8CVSS5.8AI score0.00478EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/25 2:15 p.m.•14 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Specifically Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4. The vulnerabilities include several issues such as insufficient input validation, improper memory handling, and issues with permissions that could lead to unauthorized access to sensitive...

9.3CVSS5.7AI score0.01527EPSS
Exploits7References3
NCSC
NCSC
•added 2026/03/25 2:2 p.m.•9 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include several issues such as improper path management, memory management, and insufficient input validation, which could lead to unauthorized access to sensitive data, unexpected application terminations, and other...

9.8CVSS5.8AI score0.00865EPSS
Exploits5References2
NCSC
NCSC
•added 2026/03/23 1:43 p.m.•5 views

Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway

Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...

9.8CVSS5.8AI score0.83996EPSS
Exploits7References1
NCSC
NCSC
•added 2026/03/20 3:56 p.m.•10 views

Vulnerability fixed in Oracle Identity Manager and Oracle Web Services Manager

Oracle has fixed a vulnerability in two components of Fusion Middleware, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability comes from insufficient access controls within Oracle Identity Manager and Oracle Web Services Manager, allowing unauthenticated remote attackers to...

9.8CVSS6.3AI score0.01008EPSS
Exploits1References2
NCSC
NCSC
•added 2026/03/20 2:3 p.m.•11 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to impersonate another user, gain access to sensitive data or execute arbitrary code in the victim's context. For successful abuse, the malicious party must be authenticated on the...

9.8CVSS7AI score0.2943EPSS
Exploits0
NCSC
NCSC
•added 2026/03/19 11:48 a.m.•8 views

Vulnerabilities fixed in Cisco Secure Firewall Management Center

The vulnerability with reference CVE-2026-20079 is located in the web interface of Cisco Secure Firewall Management Center. An unauthenticated remote malicious party can bypass authentication controls by exploiting an incorrect system process created at startup. The malicious party can exploit th...

10CVSS6.4AI score0.387EPSS
Exploits6References3
NCSC
NCSC
•added 2026/03/13 8:41 a.m.•9 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS 15 & 16 and iPadOS 15 & 16 The vulnerabilities are in the way memory is managed in various Apple products. An attacker could exploit these vulnerabilities by processing malicious Web content, which could lead to memory damage and possibly execute arbitrary code...

8.8CVSS6.2AI score0.10593EPSS
Exploits10References2
NCSC
NCSC
•added 2026/03/13 8:33 a.m.•6 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome versions before 146.0.7680.75. The vulnerabilities are in Google Chrome's V8 engine and Skia graphics library. The vulnerability in the V8 engine allows a malicious person to execute arbitrary code within the browser's sandboxed environment via a...

8.8CVSS6.1AI score0.02EPSS
Exploits1References1
NCSC
NCSC
•added 2026/03/12 2:54 p.m.•7 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...

9.9CVSS6AI score0.01329EPSS
Exploits0References2
NCSC
NCSC
•added 2026/03/12 2:45 p.m.•8 views

Vulnerability fixed in pac4j-jwt

Pac4j has fixed a vulnerability in the pac4j-jwt library specifically for versions before 4.5.9, 5.7.9 and 6.3.3. The vulnerability is located in the JwtAuthenticator module of the pac4j-jwt library. This vulnerability allows an attacker with access to the server's RSA public key to forge JWT...

10CVSS5.8AI score0.05856EPSS
Exploits17References1
NCSC
NCSC
•added 2026/03/12 2:44 p.m.•45 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in the command-line interface CLI of Cisco IOS XR, which allows authenticated local attackers to execute arbitrary root-level commands or obtain full administrative privileges. In addition, there is a problem with t...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References3
NCSC
NCSC
•added 2026/03/12 2:42 p.m.•8 views

Vulnerabilities fixed in GitLab

GitLab fixed vulnerabilities in versions 18.9.2, 18.8.6 and 18.7.6 The vulnerabilities included several issues, including incorrect authorization checks that allowed authenticated users to access sensitive data, such as metadata from private repositories, and enabling denial-of-service situations...

8.7CVSS5.8AI score0.00523EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/12 7:46 a.m.•9 views

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

8.1CVSS6.2AI score0.01667EPSS
Exploits0References6
NCSC
NCSC
•added 2026/03/12 7:24 a.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Quotation Management Insurance and SAP NetWeaver. Some of the fixed vulnerabilities are in third-party products - such as Oracle - that are incorporated into SAP products. The vulnerabilities include a code injection flaw, missing...

9.8CVSS5.9AI score0.6906EPSS
Exploits3References1
NCSC
NCSC
•added 2026/03/12 7:12 a.m.•10 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerability is in the way input in form fields is sanitized. This allows attackers to insert malicious JavaScript code. When other users open the affected content, the injected scripts are executed in...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/12 7:3 a.m.•16 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Adobe Acrobat Reader versions up to 25.001.21265. The vulnerabilities include a Use After Free vulnerability that can be exploited to achieve arbitrary code execution. This vulnerability is triggered when a user opens a maliciously crafted file. In addition, the...

7.8CVSS5.9AI score0.00352EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/12 6:55 a.m.•6 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator versions 29.8.4, 30.1 and earlier. The vulnerabilities are in how Adobe Illustrator processes specially crafted files. This includes an Untrusted Search Path vulnerability, an out-of-bounds write vulnerability, a stack-based buffer overflow...

8.6CVSS6.5AI score0.00178EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/12 6:49 a.m.•10 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce up to version 2.4.9-alpha3. The vulnerabilities include improper input validation that can cause a denial-of-service without user interaction, and multiple improper authorization issues that allow attackers to bypass security mechanisms and gain...

8.7CVSS5.8AI score0.00636EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/11 9:19 a.m.•9 views

Vulnerabilities fixed in Fortinet FortiManager and FortiAnalyzer

Fortinet has fixed vulnerabilities in FortiAnalyzer and FortiManager including cloud variants. The vulnerability with reference CVE-2025-54820 is in FortiManager. This vulnerability allows a remote unauthenticated malicious person to execute unauthorized commands via a stack-based buffer overflow...

8.1CVSS6.3AI score0.0087EPSS
Exploits0References7
NCSC
NCSC
•added 2026/03/10 8:35 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...

7.8CVSS6AI score0.02818EPSS
Exploits0
NCSC
NCSC
•added 2026/03/10 8:20 p.m.•11 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges and/or execute arbitrary code and potentially gain access to sensitive data in the victim's context. Successful...

9.3CVSS6.3AI score0.02408EPSS
Exploits1
Total number of security vulnerabilities4197