118
CVEs Today
7
Threats Today
2
News Today
97
Critical
97
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2023-27351
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote
05:18 KSA
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
Required Action: Apply mitigations per vendor instructions, …
CVE-2024-27199
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow
05:18 KSA
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or…
CVE-2025-2749
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an
05:18 KSA
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Required Action: Apply mitigations per vendor instructions, follo…
CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an
05:18 KSA
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
Required Action: Apply mitigations…
CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site
05:18 KSA
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sen…
CVE-2026-20122
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs
05:18 KSA
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious f…
CVE-2026-20128
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverab
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesyst…
CVE-2026-20133
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive informati
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.
Required Action: Please adhere t…
CVE-2021-35394
Realtek Jungle SDK Remote Code Execution Vulnerability — RealTek Jungle SDK contains multiple memory corruption vulnerab
11:01 KSA
Realtek Jungle SDK Remote Code Execution Vulnerability — RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
CVE-2021-35395
Realtek AP-Router SDK Buffer Overflow Vulnerability — Realtek AP-Router SDK HTTP web server boa contains a buffer overfl
11:01 KSA
Realtek AP-Router SDK Buffer Overflow Vulnerability — Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).
CVE-2021-35464
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability — ForgeRock Access Management (AM) Core
11:01 KSA
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability — ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFr…
CVE-2021-35587
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Access Manager allows an unauthenticated a
11:01 KSA
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
CVE-2021-3560
Red Hat Polkit Incorrect Authorization Vulnerability — Red Hat Polkit contains an incorrect authorization vulnerability
11:01 KSA
Red Hat Polkit Incorrect Authorization Vulnerability — Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
CVE-2021-36260
Hikvision Improper Input Validation — A command injection vulnerability in the web server of some Hikvision product. Due
11:01 KSA
Hikvision Improper Input Validation — A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
CVE-2021-36380
Sunhillo SureLine OS Command Injection Vulnerablity — Sunhillo SureLine contains an OS command injection vulnerability t
11:01 KSA
Sunhillo SureLine OS Command Injection Vulnerablity — Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/n…
CVE-2021-36741
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and
11:01 KSA
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
CVE-2021-36742
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and
11:01 KSA
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
CVE-2021-36934
Microsoft Windows SAM Local Privilege Escalation Vulnerability — If a Volume Shadow Copy (VSS) shadow copy of the system
11:01 KSA
Microsoft Windows SAM Local Privilege Escalation Vulnerability — If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
CVE-2021-36942
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability — Microsoft Windows Local Security Authority (LS
11:01 KSA
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability — Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authentic…
CVE-2021-36948
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability — Microsoft Windows Update Medic Service conta
11:01 KSA
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability — Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-36955
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-37415
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11302 is v
11:01 KSA
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
CVE-2021-37973
Google Chromium Portals Use-After-Free Vulnerability — Google Chromium Portals contains a use-after-free vulnerability t
11:01 KSA
Google Chromium Portals Use-After-Free Vulnerability — Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affe…
CVE-2021-37975
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that
11:01 KSA
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-37976
Google Chromium Information Disclosure Vulnerability — Google Chromium contains an information disclosure vulnerability
11:01 KSA
Google Chromium Information Disclosure Vulnerability — Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vul…
CVE-2021-38000
Google Chromium Intents Improper Input Validation Vulnerability — Google Chromium Intents contains an improper input val
11:01 KSA
Google Chromium Intents Improper Input Validation Vulnerability — Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple …
CVE-2021-38003
Google Chromium V8 Memory Corruption Vulnerability — Google Chromium V8 Engine has a bug in JSON.stringify, where the in
11:01 KSA
Google Chromium V8 Memory Corruption Vulnerability — Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including,…
CVE-2021-38163
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver contains a vulnerability that allows unrestricted f
11:01 KSA
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
CVE-2021-38406
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability — Delta Electronics DOPSoft 2 lacks proper validatio
11:01 KSA
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability — Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
CVE-2021-38645
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-38646
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability — Microsoft Office Access Connectivity E
11:01 KSA
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability — Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
CVE-2021-38647
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability — Microsoft Open Management Infrastru
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
CVE-2021-38648
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
CVE-2021-38649
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
CVE-2021-39144
XStream Remote Code Execution Vulnerability — XStream contains a remote code execution vulnerability that allows an atta
11:01 KSA
XStream Remote Code Execution Vulnerability — XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability ca…
CVE-2021-39226
Grafana Authentication Bypass Vulnerability — Grafana contains an authentication bypass vulnerability that allows authen
11:01 KSA
Grafana Authentication Bypass Vulnerability — Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
CVE-2021-39793
Google Pixel Out-of-Bounds Write Vulnerability — Google Pixel contains a possible out-of-bounds write due to a logic err
11:01 KSA
Google Pixel Out-of-Bounds Write Vulnerability — Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability — The Red Hat polkit pkexec utility contains an out-of-bounds
11:01 KSA
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability — The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
CVE-2021-40407
Reolink RLC-410W IP Camera OS Command Injection Vulnerability — Reolink RLC-410W IP cameras contain an authenticated OS
11:01 KSA
Reolink RLC-410W IP Camera OS Command Injection Vulnerability — Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF) — A crafted request uri-path can cause mod_proxy to forward the request t
11:01 KSA
Apache HTTP Server-Side Request Forgery (SSRF) — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-40444
Microsoft MSHTML Remote Code Execution Vulnerability — Microsoft MSHTML contains a unspecified vulnerability that allows
11:01 KSA
Microsoft MSHTML Remote Code Execution Vulnerability — Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
CVE-2021-40449
Microsoft Windows Win32k Privilege Escalation Vulnerability — Unspecified vulnerability allows for an authenticated user
11:01 KSA
Microsoft Windows Win32k Privilege Escalation Vulnerability — Unspecified vulnerability allows for an authenticated user to escalate privileges.
CVE-2021-40450
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability — Zoho ManageEngine ADSelfService Plus contains
11:01 KSA
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability — Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
CVE-2021-40655
D-Link DIR-605 Router Information Disclosure Vulnerability — D-Link DIR-605 routers contain an information disclosure vu
11:01 KSA
D-Link DIR-605 Router Information Disclosure Vulnerability — D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.
CVE-2021-40870
Aviatrix Controller Unrestricted Upload of File — Unrestricted upload of a file with a dangerous type is possible, which
11:01 KSA
Aviatrix Controller Unrestricted Upload of File — Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVE-2021-4102
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that
11:01 KSA
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-41277
Metabase GeoJSON API Local File Inclusion Vulnerability — Metabase contains a local file inclusion vulnerability in the
11:01 KSA
Metabase GeoJSON API Local File Inclusion Vulnerability — Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
CVE-2021-41357
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-41379
Microsoft Windows Installer Privilege Escalation Vulnerability — Microsoft Windows Installer contains an unspecified vul
11:01 KSA
Microsoft Windows Installer Privilege Escalation Vulnerability — Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-41773
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows
11:01 KSA
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if …
CVE-2021-42013
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows
11:01 KSA
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CG…
CVE-2021-42237
Sitecore XP Remote Command Execution Vulnerability — Sitcore XP contains an insecure deserialization vulnerability which
11:01 KSA
Sitecore XP Remote Command Execution Vulnerability — Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
CVE-2021-42258
BQE BillQuick Web Suite SQL Injection Vulnerability — BQE BillQuick Web Suite contains an SQL injection vulnerability wh
11:01 KSA
BQE BillQuick Web Suite SQL Injection Vulnerability — BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.
Linux Kernel Heap-Based Buffer Overflow Vulnerability — Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem C…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
F5 BIG-IP Missing Authentication Vulnerability — F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
CVE-2022-20699
Cisco Small Business RV Series Stack-based Buffer Overflow (CVE-2022-20699)
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20700
Cisco Small Business RV Series Stack-based Buffer Overflow Remote Code Execution
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20701
Cisco Small Business RV Series Stack-based Buffer Overflow (CVE-2022-20701)
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
Cisco SD-WAN Path Traversal Vulnerability — Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow …
Cisco IOS XR Open Port Vulnerability — Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability — Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
CVE-2022-21587
Oracle E-Business Suite Web Applications Desktop Integrator Unauthenticated Remote Compromise
11:01 KSA
Oracle E-Business Suite Unspecified Vulnerability — Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-21971
Microsoft Windows Runtime Remote Code Execution Vulnerability CVE-2022-21971
11:01 KSA
Microsoft Windows Runtime Remote Code Execution Vulnerability — Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability — Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
CVE-2022-22071
Qualcomm Chipsets Use-After-Free in Process Shell Memory During Initialization
11:01 KSA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.
Samsung Mobile Devices Use-After-Free Vulnerability — Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability — Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code re…
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability — Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
CVE-2022-40684
Fortinet Multiple Products Authentication Bypass Vulnerability CVE-2022-40684
11:01 KSA
Fortinet Multiple Products Authentication Bypass Vulnerability — Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially cr…
Mitel MiVoice Connect Command Injection Vulnerability — The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability — D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-…
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability — Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-41040
Microsoft Exchange Server SSRF Vulnerability (ProxyNotShell) - CVE-2022-41040
11:01 KSA
Microsoft Exchange Server Server-Side Request Forgery Vulnerability — Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41049)
11:01 KSA
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Mitel MiVoice Connect Code Injection Vulnerability — The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
CVE-2022-48618
Apple Multiple Products TOCTOU Memory Corruption Vulnerability (CVE-2022-48618)
11:01 KSA
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
CVE-2023-0266
Linux Kernel Use-After-Free Vulnerability — Linux kernel contains a use-after-free vulnerability that allows for privile
11:01 KSA
Linux Kernel Use-After-Free Vulnerability — Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
CVE-2023-0386
Linux Kernel OverlayFS Privilege Escalation via Improper Ownership Management
11:01 KSA
Linux Kernel Improper Ownership Management Vulnerability — Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copie…
CVE-2023-0669
Fortra GoAnywhere MFT Pre-Authentication Remote Code Execution (CVE-2023-0669)
11:01 KSA
Fortra GoAnywhere MFT Remote Code Execution Vulnerability — Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
TP-Link Archer AX-21 Command Injection Vulnerability — TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
CVE-2023-1671
Sophos Web Appliance Command Injection Remote Code Execution (CVE-2023-1671)
11:01 KSA
Sophos Web Appliance Command Injection Vulnerability — Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability — Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrativ…
CVE-2023-20118
Cisco Small Business RV Series Routers Command Injection Vulnerability (CVE-2023-20118)
11:01 KSA
Cisco Small Business RV Series Routers Command Injection Vulnerability — Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain…
CVE-2023-20198
Cisco IOS XE Web UI Privilege Escalation - Unauthenticated Remote Code Execution
11:01 KSA
Cisco IOS XE Web UI Privilege Escalation Vulnerability — Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use …
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability — Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute f…
Cisco IOS XE Web UI Command Injection Vulnerability — Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file s…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
ScienceLogic SL1 Unspecified Vulnerability — ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability — Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.
CVE-2026-33121
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement…
CVE-2026-33207
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into…
CVE-2026-40459
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP synt
12:32 KSA
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.
This issue was fixed in PAC4J versio…
CVE-2026-40900
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELE…
CVE-2026-40901
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocit
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the applic…
CVE-2025-36568
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versio
12:32 KSA
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged…
CVE-2026-4659
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV
06:18 KSA
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath() functions…
CVE-2026-6490
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown f
12:32 KSA
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack…
CVE-2026-23776
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5,
12:32 KSA
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerabil…
CVE-2026-5231
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in al
06:18 KSA
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utm_so…
CVE-2026-6483
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the
12:32 KSA
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public an…
CVE-2026-6421
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library
06:18 KSA
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It i…
CVE-2026-41300
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote
07:54 KSA
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual pr…
CVE-2026-6674
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter
10:00 KSA
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL …
CVE-2026-4852
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site
03:31 KSA
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This m…
CVE-2026-6729
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated
05:48 KSA
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attack…
CVE-2026-40045
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials
07:54 KSA
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gatew…
CVE-2026-41298
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-beari
07:54 KSA
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.
CVE-2026-41301
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingre
07:54 KSA
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to cre…
CVE-2026-41331
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that a
07:54 KSA
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing cons…
CVE-2026-6675
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Em
10:00 KSA
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient emai…
⚠️ Threat Intelligence
7 threats
rss:The Hacker News
—
13:11 KSA
<strong>CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines</strong>
CISA added eight newly exploited vulnerabilities to its KEV catalog, including three critical flaws in Cisco Catalyst SD-WAN Manager that are actively being exploited in the wild. Federal …
rss:BleepingComputer
—
05:32 KSA
<strong>KelpDAO suffers $290 million heist tied to Lazarus hackers</strong>
North Korean state-sponsored Lazarus Group hackers conducted a $290 million cryptocurrency heist targeting KelpDAO, a decentralized finance (DeFi) platform. The attack represents a significant financial …
rss:Dark Reading
—
04:16 KSA
<strong>Vercel Employee's AI Tool Access Led to Data Breach</strong>
A Vercel employee's compromised access to AI tools resulted in stolen OAuth tokens being exploited for unauthorized data access. Security researchers highlight that OAuth tokens have become a critical atta…
rss:BleepingComputer
—
04:16 KSA
<strong>China's Apple App Store infiltrated by crypto-stealing wallet apps</strong>
26 malicious applications on Apple's China App Store impersonate legitimate cryptocurrency wallets including Metamask, Coinbase, and Trust Wallet to steal user recovery phrases and drain cry…
rss:BleepingComputer
—
03:00 KSA
<strong>The Gentlemen ransomware now uses SystemBC for bot-powered attacks</strong>
A botnet comprising over 1,570 SystemBC proxy malware hosts, primarily corporate victims, has been identified in connection with Gentlemen ransomware attacks. The discovery reveals the gang's use…
rss:CISA Advisories
—
03:00 KSA
<strong>CISA Adds Eight Known Exploited Vulnerabilities to Catalog</strong>
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in PaperCut NG/MF and JetBrains TeamCity, based on evidence of active exploitation in the…
rss:Dark Reading
—
01:56 KSA
<strong>Serial-to-IP Devices Hide Thousands of Old and New Bugs</strong>
Serial-to-IP converter devices used in operational technology environments contain thousands of known and zero-day vulnerabilities that are increasingly targeted by attackers. These devices, which bridge le…
📰 Cybersecurity News
2 articles
Saudi Arabia Launches National Cybersecurity Authority Integration with Vision 2030 Digital Infrastr
03:18 KSA
The National Cybersecurity Authority (NCA) has announced a comprehensive integration framework aligning cybersecurity governance with Vision 2030's digital transformation objectives. This initiative e…
Vision 2030 Cybersecurity Investment Fund Allocates SAR 2.5 Billion for Regional Threat Intelligence
03:18 KSA
The Public Investment Fund has announced a SAR 2.5 billion allocation to develop a GCC-wide threat intelligence sharing platform as part of Vision 2030's cybersecurity pillar. The platform will integr…
This digest is updated automatically every day — Last updated: Tuesday, April 21, 2026
CVE Archive ·
Threats ·
News