Lucene search
K

4197 matches found

NCSC
NCSC
•added 2026/03/10 8:18 p.m.•15 views

Vulnerability fixed in Microsoft Authenticator app

Microsoft has fixed a vulnerability in the Authenticator app for Android and iOS. A malicious party could exploit the vulnerability to gain access to sensitive data. Successful abuse requires the malicious party to trick the victim into installing a rogue app. This app can then be misused to...

5.5CVSS5.8AI score0.00603EPSS
Exploits0
NCSC
NCSC
•added 2026/03/10 8:15 p.m.•14 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...

8.8CVSS5.8AI score0.01046EPSS
Exploits0
NCSC
NCSC
•added 2026/03/10 8:12 p.m.•6 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute SQL Statements with Sysadmin privileges. For successful abuse, the malicious party must have prior authorizations as a user. Of th...

8.8CVSS5.8AI score0.02044EPSS
Exploits0
NCSC
NCSC
•added 2026/03/10 8:7 p.m.•3 views

Vulnerabilities fixed in Microsoft Windows

Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Obtainin...

8.8CVSS6AI score0.04491EPSS
Exploits11
NCSC
NCSC
•added 2026/03/10 2:20 p.m.•7 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...

8.6CVSS6.3AI score0.8056EPSS
Exploits0References2
NCSC
NCSC
•added 2026/03/10 12:39 p.m.•10 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Heliox, Ruggedcom, SICAM, SIDIS and SIMATIC. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

9.8CVSS7.4AI score0.85844EPSS
Exploits12References5
NCSC
NCSC
•added 2026/03/06 12:7 p.m.•12 views

Vulnerabilities fixed in Cisco Catalyst SD-WAN Manager

Cisco has fixed several vulnerabilities in the Cisco Catalyst SD-WAN Manager. The vulnerabilities are in the peering authentication mechanisms of the Cisco Catalyst SD-WAN Controller and Manager products. These vulnerabilities allow an unauthenticated remote attacker to bypass the authentication...

10CVSS6.5AI score0.57793EPSS
Exploits11References3
NCSC
NCSC
•added 2026/03/05 9:36 a.m.•15 views

Vulnerabilities fixed in Kibana

Elastic has fixed vulnerabilities in Kibana. The vulnerabilities are in several components of Kibana. An authenticated user with view-only privileges can exploit an input validation flaw to cause a Denial of Service condition by sending specially crafted, misshapen payloads. This leads to excessi...

8.6CVSS6.1AI score0.00325EPSS
Exploits0References5
NCSC
NCSC
•added 2026/03/05 9:5 a.m.•9 views

Vulnerabilities fixed in Cisco Secure Firewall systems

Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...

8.6CVSS5.9AI score0.00705EPSS
Exploits0References26
NCSC
NCSC
•added 2026/03/04 2:3 p.m.•10 views

Vulnerability fixed in n8n Automation Platform

N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...

9.4CVSS6.4AI score0.00765EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/04 8:54 a.m.•14 views

Vulnerabilities fixed in VMware Aria Operations

Broadcom has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include privilege escalation, stored cross-site scripting XSS and command injection. The privilege escalation vulnerability could allow an attacker to gain elevated privileges, which could affect system integrity an...

9CVSS5.9AI score0.17424EPSS
Exploits0References2
NCSC
NCSC
•added 2026/03/03 9:7 a.m.•25 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit...

9.8CVSS6.1AI score0.08942EPSS
Exploits17References2
NCSC
NCSC
•added 2026/02/27 9:48 a.m.•7 views

Vulnerability fixed in Juniper Junos OS Evolved

Juniper has fixed a vulnerability in Junos OS Evolved Specifically for PTX Series devices. The vulnerability is in the On-Box Anomaly detection framework of Junos OS Evolved that runs on PTX Series devices. The cause is an incorrect assignment of permissions that allows unauthenticated remote...

9.8CVSS6.1AI score0.17709EPSS
Exploits2References1
NCSC
NCSC
•added 2026/02/27 7:15 a.m.•10 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 9.0 to but not including 18.7.5, 18.8 to but not including 18.8.5, and 18.9 to but not including 18.9.1. The vulnerabilities included several Denial of Service DoS and security vulnerabilities that could be exploited by both authenticated and...

8CVSS5.8AI score0.00357EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/25 10:39 a.m.•13 views

Vulnerabilities fixed in SolarWinds Serv-U

SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...

9.1CVSS6.1AI score0.0057EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/23 2:27 p.m.•58 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

6.8CVSS8.4AI score0.05145EPSS
Exploits0References8
NCSC
NCSC
•added 2026/02/20 2:47 p.m.•20 views

ZeroDay vulnerabilities fixed in Ivanti Endpoint Manager Mobile

Ivanti has fixed two vulnerabilities in Endpoint Manager Mobile EPMM, ok known as MobileIron. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the vulnerable system. Of the vulnerability marked CVE-2026-1281, Ivanti reports that it has been actively...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References2
NCSC
NCSC
•added 2026/02/20 10:13 a.m.•9 views

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in GitHub Enterprise Server Specifically for versions before 3.20, 3.19.2, 3.18.5 and 3.17.11. The first vulnerability concerns an authorization issue that allowed attackers to merge unauthorized pull-requests into repositories that provide fork support. The secon...

7.1CVSS5.6AI score0.0039EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/19 8:29 a.m.•9 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...

8.8CVSS6.5AI score0.2202EPSS
Exploits12References2
NCSC
NCSC
•added 2026/02/18 1:18 p.m.•14 views

Vulnerability fixed in Dell RecoverPoint for Virtual Machines

Dell has fixed a vulnerability in Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1. The vulnerability resides in hard-coded login credentials present in the software. This allows unauthenticated attackers on the same network to gain unauthorized access to the system. This coul...

10CVSS5.7AI score0.13131EPSS
Exploits1References3
NCSC
NCSC
•added 2026/02/13 1:35 p.m.•20 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities included several problems such as memory corruption, buffer overflow, and post-release usage, which could lead to unauthorized access to sensitive data, unexpected process crashes and other stability issues. The vulnerabilitie...

9CVSS6.3AI score0.22721EPSS
Exploits18References2
NCSC
NCSC
•added 2026/02/13 1:24 p.m.•14 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS, including versions Sequoia 15.7.4, Tahoe 26.3 and Sonoma 14.8.4. The vulnerabilities include memory corruption issues, unauthorized access to sensitive user data, and logging issues that could lead to unauthorized access to location information. The updat...

9CVSS5.6AI score0.22721EPSS
Exploits18References3
NCSC
NCSC
•added 2026/02/13 12:54 p.m.•12 views

Vulnerability fixed in BeyondTrust Remote Support

BeyondTrust has fixed a vulnerability in BeyondTrust Remote Support and some older versions of Privileged Remote Access. The vulnerability is in the software's pre-authentication, which allows unauthenticated attackers to execute operating system commands by sending specially crafted requests to...

9.9CVSS5.8AI score0.88115EPSS
Exploits11References1
NCSC
NCSC
•added 2026/02/11 11:45 a.m.•25 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...

9.1CVSS5.6AI score0.004EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/11 11:34 a.m.•9 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...

8.1CVSS5.8AI score0.01365EPSS
Exploits2References4
NCSC
NCSC
•added 2026/02/11 11:34 a.m.•8 views

Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient

Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...

9.6CVSS6AI score0.06289EPSS
Exploits0References3
NCSC
NCSC
•added 2026/02/10 7:11 p.m.•11 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office components. A malicious party could exploit the vulnerabilities to bypass security measures, pretend to be another user and thus gain elevated privileges and access to sensitive data. For successful exploitation, the malicious party must trick the...

7.8CVSS5.6AI score0.03635EPSS
Exploits0
NCSC
NCSC
•added 2026/02/10 7:8 p.m.•16 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...

9.8CVSS6.1AI score0.02344EPSS
Exploits0
NCSC
NCSC
•added 2026/02/10 7:7 p.m.•41 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Visual Studio and .NET components. A malicious party could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and potentially execute arbitrary code with the victim's privileges. For successful abuse, the...

8.8CVSS6.5AI score0.01357EPSS
Exploits0
NCSC
NCSC
•added 2026/02/10 7:5 p.m.•9 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...

8.8CVSS6.4AI score0.00902EPSS
Exploits0
NCSC
NCSC
•added 2026/02/10 7:4 p.m.•12 views

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Exchange server. A malicious person could, without prior authentication, impersonate another user and thus gain access to sensitive data in the victim's context. Microsoft has made updates available that fix the described vulnerability. We recommend that you...

6.5CVSS5.5AI score0.0768EPSS
Exploits0
NCSC
NCSC
•added 2026/02/10 7:1 p.m.•12 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

8.8CVSS5.9AI score0.25835EPSS
Exploits22
NCSC
NCSC
•added 2026/02/10 12:28 p.m.•13 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP CRM, SAP S/4HANA, SAP NetWeaver Application Server ABAP, SAP Supply Chain Management, SAP BusinessObjects BI Platform, SAP Document Management System, SAP Commerce Cloud, and SAP Business Workflow. The vulnerabilities include code...

9.9CVSS7.6AI score0.0049EPSS
Exploits2References1
NCSC
NCSC
•added 2026/02/10 12:27 p.m.•12 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Desigo, NX, Polarion, SENTRON, Simcenter, SINEC, SIPORT, Siveillance, Solid Edge, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service D...

9.8CVSS8.4AI score0.78483EPSS
Exploits6References8
NCSC
NCSC
•added 2026/02/09 10:41 a.m.•10 views

Vulnerability fixed in PEAR

PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...

9.8CVSS5.9AI score0.00395EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/09 10:39 a.m.•8 views

Vulnerabilities fixed in n8n

n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...

9.9CVSS6.9AI score0.01713EPSS
Exploits0References10
NCSC
NCSC
•added 2026/02/09 7:48 a.m.•14 views

Vulnerabilities fixed in Samsung mobile

Samsung has fixed vulnerabilities in several software components, including Emergency Sharing, KnoxGuard Manager, Settings, PACM, FacAtFunction, ShortcutService and Samsung Dialer, specific to the SMR Feb-2026 Release 1. The vulnerabilities are related to improper access management, improper...

8.5CVSS6AI score0.00295EPSS
Exploits1References1
NCSC
NCSC
•added 2026/02/06 9:25 a.m.•13 views

Vulnerability fixed in SmarterTools SmarterMail

SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...

9.8CVSS6.2AI score0.96268EPSS
Exploits3References1
NCSC
NCSC
•added 2026/02/06 9:22 a.m.•9 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...

8.8CVSS5.7AI score0.00384EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/06 9:20 a.m.•8 views

Vulnerability fixed in Cisco TelePresence Collaboration Endpoint

Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References1
NCSC
NCSC
•added 2026/02/02 9:47 a.m.•10 views

Vulnerabilities fixed in SolarWinds Web Help Desk

SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...

9.8CVSS6.2AI score0.8413EPSS
Exploits6References6
NCSC
NCSC
•added 2026/01/28 3:46 p.m.•23 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager. The vulnerabilities allow unauthenticated attackers to gain access to systems by using various techniques, including bypassing FortiCloud SSO login authentication via specially crafted SAML messages,...

9.8CVSS7.6AI score0.66322EPSS
Exploits1References9
NCSC
NCSC
•added 2026/01/28 9:32 a.m.•12 views

Vulnerability fixed in Fortinet products

Fortinet has fixed a vulnerability in FortiAnalyzer, FortiManager, FortiOS and FortiProxy products. The vulnerability is in specific implementations of FortiCloud SSO authentication. The vulnerability allows attackers with a registered device and a FortiCloud account to bypass authentication and...

9.8CVSS5.8AI score0.85844EPSS
Exploits0References2
NCSC
NCSC
•added 2026/01/27 7:27 a.m.•32 views

ZeroDay vulnerability fixed in Microsoft Office

Microsoft has fixed a ZeroDay vulnerability in Microsoft Office. The vulnerability is in the way Microsoft Office handles untrusted input, which allows attackers to bypass security features locally. This can affect the integrity of security decisions made by the software. The reliance on untruste...

7.8CVSS6.1AI score0.72152EPSS
Exploits12References1
NCSC
NCSC
•added 2026/01/23 8:54 a.m.•7 views

Vulnerability fixed in BIND 9

ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...

7.5CVSS5.6AI score0.08219EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/22 12:35 p.m.•12 views

Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition

GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE versions for 18.6.4, 18.7.2, and 18.8.2. Malicious parties can exploit the vulnerabilities to cause a denial-of-service DoS, or potentially gain access to sensitive data by bypassing security measures. GitLab has...

7.5CVSS5.5AI score0.00846EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/22 9:49 a.m.•9 views

Vulnerabilities fixed in Cisco Unified Communications products

Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...

9.8CVSS5.8AI score0.04307EPSS
Exploits1References4
NCSC
NCSC
•added 2026/01/22 9:22 a.m.•17 views

Vulnerability fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS handles certain requests. Unauthenticated attackers can cause a denial-of-service DoS by repeatedly sending requests, which can cause the firewall to go into maintenance mode, disrupting normal...

8.7CVSS5.5AI score0.00674EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/22 9:3 a.m.•18 views

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products, which use Oracle middle-ware products such as the Oracle Utilities Application Framework, WebLogic Server, Data Integrator and Business Intelligence Enterprise Edition. These vulnerabilities allow unauthenticated attackers to perform a deni...

10CVSS8.3AI score0.79807EPSS
Exploits19References1
NCSC
NCSC
•added 2026/01/21 2:15 p.m.•9 views

Vulnerability fixed in GNU Inetutils telnetd

Security researchers have found a a vulnerability in Inetutils telnetd version 2.7. This vulnerability has been present since version 1.9.3 that came out in 2015, according to the researchers. The vulnerability is in the way the telnetd service handles the USER environment variable. By setting th...

9.8CVSS5.7AI score0.98871EPSS
Exploits62References4
Total number of security vulnerabilities4197