177
CVEs
23
Threats
0
News
130
Critical
131
CISA KEV
🛡 Security Vulnerabilities (CVE)
SAP NetWeaver Missing Authentication for Critical Function Vulnerability — SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrativ…
CVE-2020-8816
Pi-Hole AdminLTE Remote Code Execution Vulnerability — Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by
11:01 KSA
Pi-Hole AdminLTE Remote Code Execution Vulnerability — Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
CVE-2020-9054
Zyxel Multiple NAS Devices OS Command Injection Vulnerability — Multiple Zyxel network-attached storage (NAS) devices co
11:01 KSA
Zyxel Multiple NAS Devices OS Command Injection Vulnerability — Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
CVE-2020-9377
D-Link DIR-610 Devices Remote Command Execution — D-Link DIR-610 devices allow remote code execution via the cmd paramet
11:01 KSA
D-Link DIR-610 Devices Remote Command Execution — D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
CVE-2020-9818
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and watchOS Mail contains an out-o
11:01 KSA
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
CVE-2020-9819
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability — Apple iOS, iPadOS, and watchOS Mail contains a memory c
11:01 KSA
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability — Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
CVE-2020-9859
Apple Multiple Products Code Execution Vulnerability — Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecifie
11:01 KSA
Apple Multiple Products Code Execution Vulnerability — Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
CVE-2020-9907
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, and tvOS contain a memory corruption vulner
11:01 KSA
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
CVE-2020-9934
Apple iOS, iPadOS, and macOS Input Validation Vulnerability — Apple iOS, iPadOS, and macOS contain an unspecified vulner
11:01 KSA
Apple iOS, iPadOS, and macOS Input Validation Vulnerability — Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
CVE-2021-0920
Android Kernel Race Condition Vulnerability — Android kernel contains a race condition, which allows for a use-after-fre
11:01 KSA
Android Kernel Race Condition Vulnerability — Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.
CVE-2021-1048
Android Kernel Use-After-Free Vulnerability — Android kernel contains a use-after-free vulnerability that allows for pri
11:01 KSA
Android Kernel Use-After-Free Vulnerability — Android kernel contains a use-after-free vulnerability that allows for privilege escalation.
CVE-2021-1497
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability — Cisco HyperFlex HX Installer Virtual Mach
11:01 KSA
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability — Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
CVE-2021-1498
Cisco HyperFlex HX Data Platform Command Injection Vulnerability — Cisco HyperFlex HX Installer Virtual Machine contains
11:01 KSA
Cisco HyperFlex HX Data Platform Command Injection Vulnerability — Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
CVE-2021-1647
Microsoft Defender Remote Code Execution Vulnerability — Microsoft Defender contains an unspecified vulnerability that a
11:01 KSA
Microsoft Defender Remote Code Execution Vulnerability — Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-1675
Microsoft Windows Print Spooler Remote Code Execution Vulnerability — Microsoft Windows Print Spooler contains an unspec
11:01 KSA
Microsoft Windows Print Spooler Remote Code Execution Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-1732
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-1782
Apple Multiple Products Race Condition Vulnerability — Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condit
11:01 KSA
Apple Multiple Products Race Condition Vulnerability — Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
CVE-2021-1789
Apple Multiple Products Type Confusion Vulnerability — A type confusion issue affecting multiple Apple products allows p
11:01 KSA
Apple Multiple Products Type Confusion Vulnerability — A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
CVE-2021-1870
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain an
11:01 KSA
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not …
CVE-2021-1871
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain an
11:01 KSA
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not …
CVE-2021-1879
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability — Apple iOS, iPadOS, and watchOS WebKit c
11:01 KSA
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability — Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability cou…
CVE-2021-1905
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm Chipsets contain a use after free vulnerabil
11:01 KSA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
CVE-2021-1906
Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability — Multiple Qualcomm chipsets contai
11:01 KSA
Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability — Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation…
CVE-2021-20016
SonicWall SSLVPN SMA100 SQL Injection Vulnerability — SonicWall SSLVPN SMA100 contains a SQL injection vulnerability tha
11:01 KSA
SonicWall SSLVPN SMA100 SQL Injection Vulnerability — SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
CVE-2021-20021
SonicWall Email Security Improper Privilege Management Vulnerability — SonicWall Email Security contains an improper pri
11:01 KSA
SonicWall Email Security Improper Privilege Management Vulnerability — SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerabi…
CVE-2021-20022
SonicWall Email Security Unrestricted Upload of File Vulnerability — SonicWall Email Security contains an unrestricted u
11:01 KSA
SonicWall Email Security Unrestricted Upload of File Vulnerability — SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usag…
CVE-2021-20023
SonicWall Email Security Path Traversal Vulnerability — SonicWall Email Security contains a path traversal vulnerability
11:01 KSA
SonicWall Email Security Path Traversal Vulnerability — SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain alon…
CVE-2021-20028
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability — SonicWall Secure Remote Access (SRA) products contain
11:01 KSA
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability — SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
CVE-2021-20035
SonicWall SMA100 Appliances OS Command Injection Vulnerability — SonicWall SMA100 appliances contain an OS command injec
11:01 KSA
SonicWall SMA100 Appliances OS Command Injection Vulnerability — SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentia…
CVE-2021-20038
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability — SonicWall SMA 100 devies are vulnerable to an u
11:01 KSA
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability — SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
CVE-2021-20090
Arcadyan Buffalo Firmware Path Traversal Vulnerability — Arcadyan Buffalo firmware contains a path traversal vulnerabili
11:01 KSA
Arcadyan Buffalo Firmware Path Traversal Vulnerability — Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers acr…
CVE-2021-20123
Draytek VigorConnect Path Traversal Vulnerability — Draytek VigorConnect contains a path traversal vulnerability in the
11:01 KSA
Draytek VigorConnect Path Traversal Vulnerability — Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system wi…
CVE-2021-20124
Draytek VigorConnect Path Traversal Vulnerability — Draytek VigorConnect contains a path traversal vulnerability in the
11:01 KSA
Draytek VigorConnect Path Traversal Vulnerability — Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the unde…
CVE-2021-21017
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability — Acrobat Acrobat and Reader contain a heap-based buff
11:01 KSA
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability — Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
CVE-2021-21148
Google Chromium V8 Heap Buffer Overflow Vulnerability — Google Chromium V8 Engine contains a heap buffer overflow vulner
11:01 KSA
Google Chromium V8 Heap Buffer Overflow Vulnerability — Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that…
CVE-2021-21166
Google Chromium Race Condition Vulnerability — Google Chromium contains a race condition vulnerability that allows a rem
11:01 KSA
Google Chromium Race Condition Vulnerability — Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, includ…
CVE-2021-21193
Google Chromium Blink Use-After-Free Vulnerability — Google Chromium Blink contains a use-after-free vulnerability that
11:01 KSA
Google Chromium Blink Use-After-Free Vulnerability — Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chro…
CVE-2021-21206
Google Chromium Blink Use-After-Free Vulnerability — Google Chromium Blink contains a use-after-free vulnerability that
11:01 KSA
Google Chromium Blink Use-After-Free Vulnerability — Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chro…
CVE-2021-21220
Google Chromium V8 Improper Input Validation Vulnerability — Google Chromium V8 Engine contains an improper input valida
11:01 KSA
Google Chromium V8 Improper Input Validation Vulnerability — Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web br…
CVE-2021-21224
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that
11:01 KSA
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,…
CVE-2023-25717
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability — Ruckus Wireless Access Point (AP) software contains an un
11:01 KSA
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability — Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (C…
CVE-2023-26083
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability — Arm Mali GPU Kernel Driver contains an information dis
11:01 KSA
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability — Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CVE-2023-26359
Critical Adobe ColdFusion Deserialization RCE Vulnerability (CVE-2023-26359)
11:01 KSA
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability — Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26360
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability — Adobe ColdFusion contains a deserialization of untrus
11:01 KSA
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability — Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability — Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
CVE-2023-27350
PaperCut MF/NG Improper Access Control Vulnerability — PaperCut MF/NG contains an improper access control vulnerability
11:01 KSA
PaperCut MF/NG Improper Access Control Vulnerability — PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
CVE-2023-27524
Apache Superset Insecure Default Initialization of Resource Vulnerability — Apache Superset contains an insecure default
11:01 KSA
Apache Superset Insecure Default Initialization of Resource Vulnerability — Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the…
CVE-2023-27532
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability — Veeam Backup & Rep
11:01 KSA
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability — Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the …
CVE-2023-27992
Zyxel Multiple NAS Devices Command Injection Vulnerability — Multiple Zyxel network-attached storage (NAS) devices conta
11:01 KSA
Zyxel Multiple NAS Devices Command Injection Vulnerability — Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.
CVE-2023-28252
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Qlik Sense HTTP Tunneling Vulnerability — Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.
Qlik Sense Path Traversal Vulnerability — Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further…
Apple iOS and iPadOS Use-After-Free Vulnerability — Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Apple Multiple Products WebKit Code Execution Vulnerability — Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKi…
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
JetBrains TeamCity Authentication Bypass Vulnerability — JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability — Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability — Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML …
Apple Multiple Products WebKit Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that u…
Apple Multiple products Use-After-Free Vulnerability — Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability — NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability — Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.
SonicWall SMA100 Appliances OS Command Injection Vulnerability — SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands a…
HTTP/2 Rapid Reset Attack Vulnerability — HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
CVE-2023-45249
Acronis Cyber Infrastructure Unauthenticated Remote Command Execution via Default Credentials
11:01 KSA
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability — Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability — North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unau…
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability — Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWi…
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability — F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to t…
F5 BIG-IP Configuration Utility SQL Injection Vulnerability — F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system command…
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability — Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to acces…
SysAid Server Path Traversal Vulnerability — SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.
QNAP VioStor NVR OS Command Injection Vulnerability — QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limi…
CVE-2023-48365
Qlik Sense HTTP Tunneling Privilege Escalation Vulnerability (CVE-2023-48365)
11:01 KSA
Qlik Sense HTTP Tunneling Vulnerability — Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.
CVE-2023-4863
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability (CVE-2023-4863)
11:01 KSA
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability — Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that…
Fortinet FortiClient EMS SQL Injection Vulnerability — Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
ownCloud graphapi Information Disclosure Vulnerability — ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.
GNU C Library Buffer Overflow Vulnerability — GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability — Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Pr…
FXC AE1021, AE1021PE OS Command Injection Vulnerability — FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.
CVE-2023-50224
TP-Link TL-WR841N Authentication Bypass via Spoofing - Credential Disclosure
11:01 KSA
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted product…
Digiever DS-2105 Pro Missing Authorization Vulnerability — Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
Google Chromium libvpx Heap Buffer Overflow Vulnerability — Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web brows…
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability — Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.
Google Skia Integer Overflow Vulnerability — Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Ch…
CVE-2023-6448
Unitronics Vision PLC/HMI Insecure Default Password Remote Command Execution
11:01 KSA
Unitronics Vision PLC and HMI Insecure Default Password Vulnerability — Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability — Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability — Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA v…
Google Chromium WebRTC Heap Buffer Overflow Vulnerability — Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a…
GitLab Community and Enterprise Editions Improper Access Control Vulnerability — GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultima…
Spreadsheet::ParseExcel Remote Code Execution Vulnerability — Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings …
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability — Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability — Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we…
D-Link DIR-859 Router Path Traversal Vulnerability — D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRID…
Linux Kernel Use-After-Free Vulnerability — Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
GeoVision Devices OS Command Injection Vulnerability — Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or …
Android Pixel Privilege Escalation Vulnerability — Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability — Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Rep…
OSGeo GeoServer GeoTools Eval Injection Vulnerability — OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to …
Android Kernel Remote Code Execution Vulnerability — Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability — Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially…
VMware ESXi Authentication Bypass Vulnerability — VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by …
RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability — RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.
CVE-2024-38014
Microsoft Windows Installer Privilege Escalation Vulnerability CVE-2024-38014
11:01 KSA
Microsoft Windows Installer Improper Privilege Management Vulnerability — Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
CVE-2024-38080
Microsoft Windows Hyper-V Privilege Escalation Vulnerability CVE-2024-38080
11:01 KSA
Microsoft Windows Hyper-V Privilege Escalation Vulnerability — Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Microsoft SharePoint Deserialization Vulnerability — Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
Microsoft Windows Kernel Privilege Escalation Vulnerability — Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attack…
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability — Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
Microsoft Windows MSHTML Platform Spoofing Vulnerability — Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
Microsoft Windows Scripting Engine Memory Corruption Vulnerability — Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
Microsoft Project Remote Code Execution Vulnerability — Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability — Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability — Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.
Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integri…
Microsoft Publisher Protection Mechanism Failure Vulnerability — Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
CVE-2024-38475
Apache HTTP Server mod_rewrite Output Escaping Vulnerability (CVE-2024-38475)
11:01 KSA
Apache HTTP Server Improper Escaping of Output Vulnerability — Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentional…
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability — VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute…
VMware vCenter Server Privilege Escalation Vulnerability — VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially cr…
CVE-2024-38856
Apache OFBiz Unauthenticated Remote Code Execution via Authorization Bypass
11:01 KSA
Apache OFBiz Incorrect Authorization Vulnerability — Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.
Versa Director Dangerous File Type Upload Vulnerability — The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the u…
Twilio Authy Information Disclosure Vulnerability — Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was regis…
CrushFTP VFS Sandbox Escape Vulnerability — CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
Veeam Backup and Replication Deserialization Vulnerability — Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
SonicWall SonicOS Improper Access Control Vulnerability — SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Zyxel DSL CPE OS Command Injection Vulnerability — Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.
Zyxel DSL CPE OS Command Injection Vulnerability — Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.
Mitel SIP Phones Argument Injection Vulnerability — Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploita…
Edimax IC-7100 IP Camera OS Command Injection Vulnerability — Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product c…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
Google Chromium Out of Bounds Memory Access Vulnerability — Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple w…
CVE-2026-33120
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
17:32 KSA
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-6560
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_B
00:49 KSA
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has bee…
CVE-2026-6563
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoByI
00:49 KSA
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has …
CVE-2026-6581
A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPIn
00:49 KSA
A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. T…
CVE-2026-34617
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could r
17:32 KSA
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining eleva…
CVE-2026-32190
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
13:16 KSA
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-33114
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33115
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33826
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent net
17:32 KSA
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-27289
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted f
23:36 KSA
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of…
CVE-2026-27310
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27311
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27312
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27313
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
01:41 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-32184
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elev
04:54 KSA
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32189
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
11:03 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32192
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
13:16 KSA
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32197
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
13:16 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32200
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-33095
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges loc
17:32 KSA
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been publish…
CVE-2026-6568
A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareO
00:49 KSA
A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack c…
CVE-2026-6569
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/co
00:49 KSA
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launch…
CVE-2026-6574
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file
00:49 KSA
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed…
CVE-2026-6577
A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of
00:49 KSA
A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exp…
CVE-2026-6580
A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of
00:49 KSA
A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key
. The at…
CVE-2026-6582
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_
00:49 KSA
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authen…
CVE-2026-32188
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
07:00 KSA
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32195
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
13:16 KSA
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
17:32 KSA
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made av…
The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attribut…
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may…
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be …
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injec…
A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper aut…
CVE-2026-6578
A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the fi
04:18 KSA
A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be lau…
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack i…
CVE-2026-6056
07:00 KSA
⚠️ Threat Intelligence
23 threats
rss:BleepingComputer
—
00:05 KSA
Vercel confirms breach as hackers claim to be selling stolen data
Cloud development platform Vercel has confirmed a security breach after threat actors claimed to have accessed its systems and are attempting to sell the stolen data. This incident affects organiz…
rss:BleepingComputer
—
23:00 KSA
Apple account change alerts abused to send phishing emails
Attackers are exploiting Apple's legitimate account change notification system to distribute phishing emails impersonating iPhone purchase confirmations. By leveraging Apple's official email servers, the…
rss:Mandiant Blog
—
21:58 KSA
Expanding your Bigtable architecture with change streams
This article covers Google Bigtable's change streams feature that enhances event-based architectures and offline processing for organizations managing large volumes of transactional and analytical data. Th…
rss:Mandiant Blog
—
21:58 KSA
How to optimize your existing queries with search indexes
This article discusses Google BigQuery's search indexes and SEARCH function launched in October 2022, which enable efficient searching of unstructured and semi-structured data using SQL. While focused on …
rss:Mandiant Blog
—
20:56 KSA
Applying Generative AI to product design with BigQuery DataFrames
This article explores the application of generative AI and BigQuery DataFrames to streamline product naming processes, particularly in the pharmaceutical industry. It addresses the complexity of e…
rss:Mandiant Blog
—
20:56 KSA
Introducing the unified Chronicle Security Operations platform
Google Cloud introduces Chronicle, a unified security operations platform designed to address the challenges of understaffed security teams. The platform leverages AI-powered innovation and frontline…
rss:Mandiant Blog
—
20:56 KSA
Managed service egress with Private Service Connect interfaces
This article discusses Google Cloud's Private Service Connect as a solution for secure private access to managed services over VPCs. It addresses the infrastructure and connectivity requirements for …
rss:BleepingComputer
—
20:56 KSA
NIST to stop rating non-priority flaws due to volume increase
NIST will discontinue assigning severity scores to lower-priority vulnerabilities due to overwhelming submission volumes and resource constraints. This change impacts vulnerability management practice…
rss:Mandiant Blog
—
19:54 KSA
Built with BigQuery: Bloomreach Engagement brings power to marketers with advanced personalization
Bloomreach Engagement platform utilizes BigQuery for advanced customer personalization and marketing analytics. The solution enables companies to deliver personali…
rss:Mandiant Blog
—
19:54 KSA
Use a GitHub repository to manage pipelines across Data Fusion instances/namespaces
Article discusses managing complex data pipelines across multiple environments using GitHub repositories. Addresses challenges in pipeline version control, collaboration, and dep…
rss:Mandiant Blog
—
19:54 KSA
Providing scalable, reliable video distribution with Google Kubernetes Engine at AbemaTV
AbemaTV, a free video streaming service, leverages Google Cloud infrastructure for video distribution APIs and peripheral services. The article discusses scalable cloud arch…
rss:Mandiant Blog
—
18:50 KSA
Expanding our infrastructure around the world
Google is expanding its global cloud infrastructure to serve businesses and government organizations with hyperscale cloud solutions. Enhanced infrastructure deployment worldwide strengthens cloud security posture an…
rss:Mandiant Blog
—
18:50 KSA
Meet the inaugural cohort of the Google for Startups Accelerator: AI First in Europe
Google for Startups Accelerator: AI First program supports emerging companies developing AI-driven solutions across Europe. The 10-week program aims to help startups scale their…
rss:Mandiant Blog
—
18:50 KSA
Why EigenPhi built its Web3 blockchain analysis platform on Google Cloud
EigenPhi developed a Web3 blockchain analysis platform leveraging Google Cloud infrastructure to address the increasing complexity of blockchain technology. The platform aims to enhance tra…
rss:Mandiant Blog
—
17:48 KSA
AlloyDB for PostgreSQL under the hood: adaptive autovacuum
This article describes AlloyDB's database optimization features including adaptive autovacuum and automatic memory management. It focuses on performance tuning and operational efficiency rather than cybe…
rss:Mandiant Blog
—
17:48 KSA
Confidential VMs on Intel CPUs: Your new intelligent defense
Google Cloud introduces Confidential VMs with Intel TDX technology for protecting sensitive workloads in the cloud. This security feature enables organizations to process confidential data without code…
rss:Mandiant Blog
—
17:48 KSA
Education turns out for Google Cloud Next ‘23
This article covers Google Cloud Next conference attendance by educators and IT professionals. It focuses on cloud technology demonstrations and success stories rather than cybersecurity threats.
Source: https://clo…
rss:Mandiant Blog
—
16:36 KSA
Cloud Load Balancing enhancements improve security and distributed application support
Google Cloud announces enhancements to Cloud Load Balancing including mTLS support for client-side authentication during TLS negotiation. These security improvements enhance p…
rss:Mandiant Blog
—
16:36 KSA
Manage infrastructure with Workload Identity Federation and Terraform Cloud
Article discusses managing infrastructure as code (IaC) using Terraform Cloud with Workload Identity Federation for enterprises. Addresses access control complexity and security manageme…
rss:Mandiant Blog
—
16:36 KSA
Conrad Electronics: Simplifying and accelerating development with Apigee and GKE
Conrad Electronics discusses implementation of Apigee and Google Kubernetes Engine (GKE) to streamline development processes. The article focuses on technical infrastructure improve…
rss:Mandiant Blog
—
15:33 KSA
What’s new with Google Cloud
This article provides an overview of Google Cloud's latest updates and announcements. It serves as a general informational resource rather than addressing specific cybersecurity threats or vulnerabilities.
Source: https://cloud.goog…
rss:Mandiant Blog
—
15:33 KSA
Five generative AI use cases for the financial services industry
This article explores generative AI applications in financial services and its potential to transform banking and investment operations. It does not focus on specific cybersecurity threats or vulne…
rss:Mandiant Blog
—
15:33 KSA
Five use cases for manufacturers to get started with generative AI
This article discusses generative AI applications in manufacturing to improve productivity and reduce costs. While focused on business transformation, it does not address specific cybersecurity t…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Sunday, April 19, 2026
CVE Archive ·
Threats ·
News