Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/07/23 1:1 p.m.•7 views

Vulnerabilities fixed in Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 141. The vulnerabilities cover a wide range of issues including execution of unauthorized code. These vulnerabilities can be exploited by malicious parties to gain access to sensitive information or...

9.8CVSS7.1AI score0.00472EPSS
Exploits1References8
NCSC
NCSC
•added 2025/07/23 7:46 a.m.•6 views

Vulnerabilities fixed in Cisco ISE and ISE-PIC

Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...

10CVSS8.1AI score0.96732EPSS
Exploits12References1
NCSC
NCSC
•added 2025/07/19 11:40 a.m.•10 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openi...

8.8CVSS8.6AI score0.99907EPSS
Exploits9References1
NCSC
NCSC
•added 2025/07/18 1:12 p.m.•7 views

Vulnerability fixed in Keycloak

Red Hat has fixed a vulnerability in Keycloak. The vulnerability is in the way Keycloak handles privileged users. A privileged user can gain full administrative control over a realm, which can lead to unauthorized changes to user roles and configurations. This is especially risky in environments...

6.5CVSS6.9AI score0.00368EPSS
Exploits0References2
NCSC
NCSC
•added 2025/07/18 9:51 a.m.•7 views

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerability with reference CVE-2025-5777 involves an Out-of-Bounds Read. This vulnerability arises from insufficient input validation in systems configured as Gateway services. These include VPN virtual servers, ICA...

9.8CVSS8.9AI score0.9987EPSS
Exploits21References5
NCSC
NCSC
•added 2025/07/17 12:35 p.m.•30 views

Vulnerabilities fixed in XWiki

XWiki has fixed vulnerabilities in the rendering system and the default macro content parser. The vulnerabilities in the XWiki rendering system allowed attackers to perform XSS attacks due to the dependency on the xdom+xml/current syntax. This vulnerability has been fixed in version 14.10. In...

9.9CVSS8.3AI score0.00525EPSS
Exploits1References2
NCSC
NCSC
•added 2025/07/14 6:6 a.m.•11 views

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

10CVSS9.5AI score0.95343EPSS
Exploits23References2
NCSC
NCSC
•added 2025/07/11 1:20 p.m.•8 views

Vulnerability fixed in FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands by sending specially crafted HTTP requests. This could compromise the integrity and confidentiality of data managed by FortiWeb. For successful misuse, the...

9.8CVSS9.8AI score0.9671EPSS
Exploits18References1
NCSC
NCSC
•added 2025/07/11 10:1 a.m.•10 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in Adobe InDesign Desktop Versions 19.5.3 and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...

7.8CVSS8.2AI score0.00251EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/11 9:58 a.m.•6 views

Vulnerabilities fixed in Zoom Clients

Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...

9.1CVSS6.8AI score0.00569EPSS
Exploits0References6
NCSC
NCSC
•added 2025/07/11 9:57 a.m.•5 views

Vulnerability fixed in Juniper SRX300 Series

Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...

8.7CVSS6.8AI score0.00457EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/11 9:55 a.m.•5 views

Vulnerability fixed in Juniper Networks Security Director

Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...

9.6CVSS6.9AI score0.00373EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/09 8:57 a.m.•8 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.6, 29.5.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...

7.8CVSS7.6AI score0.00251EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/09 8:47 a.m.•48 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities in Adobe Framemaker are related to several types of vulnerabilities, including Heap-based Buffer Overflow, Integer Underflow, and NULL Pointer Dereference. These vulnerabilities can lead t...

7.8CVSS8.1AI score0.00214EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/09 8:41 a.m.•63 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.2, 23.14, 21.20 and earlier. The vulnerabilities in ColdFusion include a significant vulnerability related to improper restriction of XML External Entity Reference XXE, hard-coded credentials, improper authorization, XML...

9.3CVSS7AI score0.0263EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/09 8:38 a.m.•10 views

Vulnerabilities fixed in Schneider Electric EcoStruxture IT Datacenter Expert

Schneider Electric has fixed vulnerabilities in EcoStruxture IT Datacenter Expert. The vulnerabilities include insufficient control over special elements in OS commands, which can result in unauthenticated external code execution. In addition, there is an issue with insufficient entropy in passwo...

9.5CVSS8.5AI score0.15311EPSS
Exploits6References1
NCSC
NCSC
•added 2025/07/09 8:33 a.m.•62 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...

8.6CVSS7.9AI score0.01033EPSS
Exploits0References3
NCSC
NCSC
•added 2025/07/09 8:29 a.m.•10 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP S/4HANA, SAP SCM, and SAP NetWeaver. The vulnerabilities include remote code execution, code injection, and insecure deserialization, which can be exploited by attackers with user privileges to create or execute malicious code. This...

9.9CVSS10AI score0.78198EPSS
Exploits15References1
NCSC
NCSC
•added 2025/07/08 6:26 p.m.•7 views

Vulnerabilities fixed in Microsoft Edge (Chromium based)

Microsoft fixed vulnerabilities in Edge Chromium-based A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the victim's browser. This update also fixes the vulnerability with attribute...

8.8CVSS7.9AI score0.06564EPSS
Exploits6
NCSC
NCSC
•added 2025/07/08 6:26 p.m.•8 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...

8.8CVSS7.4AI score0.02775EPSS
Exploits9
NCSC
NCSC
•added 2025/07/08 6:25 p.m.•3 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code or gain access to sensitive data. Of the vulnerability with reference CVE-2025-49719, Microsoft says it has information that it has the attention of researchers on clos...

8.5CVSS8.1AI score0.1017EPSS
Exploits0
NCSC
NCSC
•added 2025/07/08 6:24 p.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...

7.5CVSS7.1AI score0.00839EPSS
Exploits0
NCSC
NCSC
•added 2025/07/08 6:23 p.m.•16 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Execution of arbitrary code - Accessin...

9.8CVSS7.9AI score0.2188EPSS
Exploits15
NCSC
NCSC
•added 2025/07/08 12:3 p.m.•5 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities in Splunk Enterprise and Splunk Cloud Platform allow both low-privileged and high-privileged users to perform unauthorized actions, such as suppressing alerts, executing remote commands, and causi...

7.3CVSS7.2AI score0.0043EPSS
Exploits0References8
NCSC
NCSC
•added 2025/07/08 11:58 a.m.•97 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as SIMATIC, SINEC, SIPROTEC, Solid Edge and TIA, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

9.8CVSS8.2AI score0.07166EPSS
Exploits0References6
NCSC
NCSC
•added 2025/07/03 7:43 a.m.•7 views

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

10CVSS7.8AI score0.01061EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/01 3:56 p.m.•6 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome Specifically for versions prior to 138.0.7204.96. The vulnerability is located in Google Chrome's V8 engine and is classified as a high severity confusion type vulnerability. This allows attackers to perform arbitrary read/write operations through...

8.1CVSS6.7AI score0.06564EPSS
Exploits5References2
NCSC
NCSC
•added 2025/06/30 12:59 p.m.•8 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...

8.4CVSS6.9AI score0.007EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/30 12:58 p.m.•13 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID20.2, ID19.5.3, and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Use After Free, NULL Pointer Dereference, and out-of-bounds read, all of which can lead to arbitrary code execution or disclosure ...

7.8CVSS7.8AI score0.00286EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/30 12:57 p.m.•3 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat Reader Specifically for versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier. The vulnerabilities include a Use After Free, out-of-bounds write, out-of-bounds read and NULL Pointer Dereference. These vulnerabilities can lead to the execution of...

7.8CVSS7.2AI score0.00479EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/26 12:32 p.m.•6 views

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in IBM WebSphere Application Server Versions 8.5 and 9.0. The vulnerability is in the processing of specially crafted serialized objects. This problem can be exploited by attackers to execute arbitrary code on the server. IBM has released updates to fix the...

9.8CVSS7.7AI score0.08023EPSS
Exploits0References3
NCSC
NCSC
•added 2025/06/25 2:54 p.m.•7 views

Vulnerability fixed in Citrix NetScaler ADC and NetScaler Gateway

Citrix has fixed a vulnerability in NetScaler ADC and NetScaler Gateway. To be vulnerable, NetScaler must be configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Note that this is often default config. The vulnerability is in the way memory is managed in...

9.8CVSS7AI score0.09756EPSS
Exploits4References1
NCSC
NCSC
•added 2025/06/22 8:19 a.m.•6 views

Vulnerabilities fixed in IBM InfoSphere Information Server

IBM has fixed vulnerabilities in IBM InfoSphere Information Server Versions 11.7.0.0 to 11.7.1.6. The first vulnerability involves a Denial-of-Service vulnerability that stems from insufficient validation of incoming request sources. This can be exploited to disrupt service availability. The seco...

8.7CVSS6.5AI score0.00376EPSS
Exploits0References2
NCSC
NCSC
•added 2025/06/22 8:17 a.m.•13 views

Vulnerability fixed in IBM Spectrum Protect Server

IBM has fixed a vulnerability in IBM Spectrum Protect Server Versions 8.1 to 8.1.26. The vulnerability is located in IBM Spectrum Protect Server's authentication mechanisms. This flaw allows attackers to bypass authentication, allowing unauthorized users to access sensitive data. This could...

9.8CVSS6.7AI score0.00322EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/20 11:4 a.m.•5 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...

9.1CVSS7AI score0.0047EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/19 8:42 a.m.•8 views

Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z

Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...

8.6CVSS6.9AI score0.00481EPSS
Exploits0References2
NCSC
NCSC
•added 2025/06/18 12:18 p.m.•5 views

Vulnerabilities fixed in Veeam Backup

Veeam has fixed vulnerabilities in Veeam Backup & Replication 12.3.2.3617 and Veeam Agent for Microsoft Windows 6.3.2.1205. The vulnerabilities can be exploited after access to compromise backup servers. The highest rated vulnerability, CVE-2025-23121, allows an attacker with domain user privileg...

9.9CVSS9.2AI score0.12442EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/18 10:17 a.m.•6 views

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

9.9CVSS7.4AI score0.50825EPSS
Exploits1References3
NCSC
NCSC
•added 2025/06/18 8:1 a.m.•18 views

Vulnerabilities fixed in Apache Tomcat

Apache has fixed vulnerabilities in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.7, 10.1.0-M1 to 10.1.41, and 9.0.0-M1 to 9.0.105. The vulnerabilities include denial-of-service due to insufficient limits on multipart headers, lack of resource allocation without limits, untrusted sear...

8.7CVSS7.9AI score0.64718EPSS
Exploits1References3
NCSC
NCSC
•added 2025/06/12 11:12 a.m.•10 views

Vulnerabilities fixed in Trend Micro Apex One and Apex Central

Trend Micro has fixed vulnerabilities in Apex One and Apex Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Trend Micro has released updates to fix the vulnerabilities. See attached...

9.8CVSS7.9AI score0.01944EPSS
Exploits0References2
NCSC
NCSC
•added 2025/06/12 11:8 a.m.•8 views

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

8.8CVSS7.4AI score0.00352EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/12 11:4 a.m.•15 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. The vulnerabilities include improper certificate validation that allows attackers to connect to FortiClient via revoked certificates, leading to unauthorized access. In addition, there are vulnerabilities in session escalation and privilege managemen...

7.2CVSS7.5AI score0.01076EPSS
Exploits3References10
NCSC
NCSC
•added 2025/06/11 6:58 a.m.•9 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scripts into form fields,...

8.4CVSS6.1AI score0.007EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/10 6:46 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to execute arbitrary code with victim privileges. Since it cannot be ruled out that developers work with elevated privileges, it is plausible that execution of arbitrary code could...

7.8CVSS7.6AI score0.05806EPSS
Exploits1
NCSC
NCSC
•added 2025/06/10 6:45 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code in the victim's context, potentially gaining access to sensitive data in the victim's context. Successful exploitation...

8.8CVSS7.3AI score0.12606EPSS
Exploits13
NCSC
NCSC
•added 2025/06/10 6:44 p.m.•4 views

Vulnerabilities fixed in Google Chrome and Microsoft Edge

Google has fixed vulnerabilities in Google Chrome versions before 137.0.7151.68. The vulnerabilities are in Google Chrome's V8 engine and Blink. The first vulnerability involves out of bounds read and write problems that can lead to heap corruption. This can be exploited by a malicious party by...

8.8CVSS6.8AI score0.0645EPSS
Exploits3References3
NCSC
NCSC
•added 2025/06/10 6:43 p.m.•13 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Bypassing a security measure - Execution of arbitrary code User privileges - Execution of arbitrary...

8.8CVSS8.8AI score0.81558EPSS
Exploits19
NCSC
NCSC
•added 2025/06/10 1:11 p.m.•14 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as RUGGEDCOM, SCALANCE, SIMATIC and Tecnomatix The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

9.9CVSS8.6AI score0.99999EPSS
Exploits184References6
NCSC
NCSC
•added 2025/06/10 10:15 a.m.•7 views

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in various SAP products such as HANA, Business Objects and Netweaver. The vulnerabilities include a lack of authorization controls, allowing attackers to execute functions without restrictions. This can lead to unauthorized actions within the application, which can...

9.6CVSS6.5AI score0.00594EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/10 7:19 a.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in the Android operating system. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities are in how the GPU Kernel Drivers handle system calls from non-privileged users. This can lead to unauthorized access to memory,...

8.7CVSS7AI score0.00273EPSS
Exploits1References2
Total number of security vulnerabilities4197