200
CVEs
29
Threats
0
News
200
Critical
200
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2023-27351
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote
05:18 KSA
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
Required Action: Apply mitigations per vendor instructions, …
CVE-2024-27199
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow
05:18 KSA
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or…
CVE-2025-2749
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an
05:18 KSA
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Required Action: Apply mitigations per vendor instructions, follo…
CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an
05:18 KSA
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
Required Action: Apply mitigations…
CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site
05:18 KSA
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sen…
CVE-2026-20122
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs
05:18 KSA
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious f…
CVE-2026-20128
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverab
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesyst…
CVE-2026-20133
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive informati
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.
Required Action: Please adhere t…
CVE-2021-21311
Adminer Server-Side Request Forgery Vulnerability — Adminer contains a server-side request forgery vulnerability that, w
11:01 KSA
Adminer Server-Side Request Forgery Vulnerability — Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.
CVE-2021-21315
System Information Library for Node.JS Command Injection — In this vulnerability, an attacker can send a malicious paylo
11:01 KSA
System Information Library for Node.JS Command Injection — In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.
CVE-2021-21551
Dell dbutil Driver Insufficient Access Control Vulnerability — Dell dbutil driver contains an insufficient access contro
11:01 KSA
Dell dbutil Driver Insufficient Access Control Vulnerability — Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
CVE-2021-21972
VMware vCenter Server Remote Code Execution Vulnerability — VMware vCenter Server vSphere Client contains a remote code
11:01 KSA
VMware vCenter Server Remote Code Execution Vulnerability — VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on …
CVE-2021-21973
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability — VMware vCenter Server and
11:01 KSA
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability — VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
CVE-2021-21975
VMware Server Side Request Forgery in vRealize Operations Manager API — Server Side Request Forgery (SSRF) in vRealize O
11:01 KSA
VMware Server Side Request Forgery in vRealize Operations Manager API — Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal admi…
CVE-2021-21985
VMware vCenter Server Improper Input Validation Vulnerability — VMware vSphere Client contains an improper input validat
11:01 KSA
VMware vCenter Server Improper Input Validation Vulnerability — VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
CVE-2021-22005
VMware vCenter Server File Upload Vulnerability — VMware vCenter Server contains a file upload vulnerability in the Anal
11:01 KSA
VMware vCenter Server File Upload Vulnerability — VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
CVE-2021-22017
VMware vCenter Server Improper Access Control — Rhttproxy as used in vCenter Server contains a vulnerability due to impr
11:01 KSA
VMware vCenter Server Improper Access Control — Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
CVE-2021-22204
ExifTool Remote Code Execution Vulnerability — Improper neutralization of user data in the DjVu file format in Exiftool
11:01 KSA
ExifTool Remote Code Execution Vulnerability — Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVE-2021-22205
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability — GitHub Community and Enterprise Editions
11:01 KSA
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability — GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifT…
CVE-2021-22502
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability — Micro Focus Operation Bridge Report (OBR
11:01 KSA
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability — Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-22506
Micro Focus Access Manager Information Leakage Vulnerability — Micro Focus Access Manager contains an information leakag
11:01 KSA
Micro Focus Access Manager Information Leakage Vulnerability — Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
CVE-2021-22555
Linux Kernel Heap Out-of-Bounds Write Vulnerability — Linux Kernel contains a heap out-of-bounds write vulnerability tha
11:01 KSA
Linux Kernel Heap Out-of-Bounds Write Vulnerability — Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
CVE-2021-22600
Linux Kernel Privilege Escalation Vulnerability — Linux Kernel contains a flaw in the packet socket (AF_PACKET) implemen
11:01 KSA
Linux Kernel Privilege Escalation Vulnerability — Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
CVE-2021-22893
Ivanti Pulse Connect Secure Use-After-Free Vulnerability — Ivanti Pulse Connect Secure contains a use-after-free vulnera
11:01 KSA
Ivanti Pulse Connect Secure Use-After-Free Vulnerability — Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
CVE-2021-22894
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability — Ivanti Pulse Connect Secure Collaboratio
11:01 KSA
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability — Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting roo…
CVE-2021-22899
Ivanti Pulse Connect Secure Command Injection Vulnerability — Ivanti Pulse Connect Secure contains a command injection v
11:01 KSA
Ivanti Pulse Connect Secure Command Injection Vulnerability — Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
CVE-2021-22900
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability — Ivanti Pulse Connect Secure contains an unrestricte
11:01 KSA
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability — Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web…
CVE-2021-22941
Citrix ShareFile Improper Access Control Vulnerability — Improper Access Control in Citrix ShareFile storage zones contr
11:01 KSA
Citrix ShareFile Improper Access Control Vulnerability — Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
CVE-2021-22986
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability — F5 BIG-IP and BIG-IQ Cen
11:01 KSA
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability — F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to ex…
CVE-2021-22991
F5 BIG-IP Traffic Management Microkernel Buffer Overflow — The Traffic Management Microkernel of BIG-IP ASM Risk Engine
11:01 KSA
F5 BIG-IP Traffic Management Microkernel Buffer Overflow — The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.
CVE-2021-23874
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability — McAfee Total Protection (MTP) contains an im
11:01 KSA
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability — McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
CVE-2021-25296
Nagios XI OS Command Injection — Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios
11:01 KSA
Nagios XI OS Command Injection — Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
CVE-2021-25297
Nagios XI OS Command Injection — Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios
11:01 KSA
Nagios XI OS Command Injection — Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
CVE-2021-25298
Nagios XI OS Command Injection — Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios
11:01 KSA
Nagios XI OS Command Injection — Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
CVE-2021-25337
Samsung Mobile Devices Improper Access Control Vulnerability — Samsung mobile devices contain an improper access control
11:01 KSA
Samsung Mobile Devices Improper Access Control Vulnerability — Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and…
CVE-2021-25369
Samsung Mobile Devices Improper Access Control Vulnerability — Samsung mobile devices using Mali GPU contains an imprope
11:01 KSA
Samsung Mobile Devices Improper Access Control Vulnerability — Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was …
CVE-2021-25370
Samsung Mobile Devices Memory Corruption Vulnerability — Samsung mobile devices using Mali GPU contain an incorrect impl
11:01 KSA
Samsung Mobile Devices Memory Corruption Vulnerability — Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was c…
CVE-2021-25371
Samsung Mobile Devices Unspecified Vulnerability — Samsung mobile devices contain an unspecified vulnerability within DS
11:01 KSA
Samsung Mobile Devices Unspecified Vulnerability — Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
CVE-2021-25372
Samsung Mobile Devices Improper Boundary Check Vulnerability — Samsung mobile devices contain an improper boundary check
11:01 KSA
Samsung Mobile Devices Improper Boundary Check Vulnerability — Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
CVE-2021-25394
Samsung Mobile Devices Race Condition Vulnerability — Samsung mobile devices contain a race condition vulnerability with
11:01 KSA
Samsung Mobile Devices Race Condition Vulnerability — Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25395
Samsung Mobile Devices Race Condition Vulnerability — Samsung mobile devices contain a race condition vulnerability with
11:01 KSA
Samsung Mobile Devices Race Condition Vulnerability — Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25487
Samsung Mobile Devices Out-of-Bounds Read Vulnerability — Samsung mobile devices contain an out-of-bounds read vulnerabi
11:01 KSA
Samsung Mobile Devices Out-of-Bounds Read Vulnerability — Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an i…
CVE-2021-25489
Samsung Mobile Devices Improper Input Validation Vulnerability — Samsung mobile devices contain an improper input valida
11:01 KSA
Samsung Mobile Devices Improper Input Validation Vulnerability — Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
CVE-2021-26084
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability — Atlassian
11:01 KSA
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability — Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execu…
CVE-2021-26085
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability — Affected versions of Atlassian Conflue
11:01 KSA
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability — Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
CVE-2021-26086
Atlassian Jira Server and Data Center Path Traversal Vulnerability — Atlassian Jira Server and Data Center contain a pat
11:01 KSA
Atlassian Jira Server and Data Center Path Traversal Vulnerability — Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.
CVE-2021-26411
Microsoft Internet Explorer Memory Corruption Vulnerability — Microsoft Internet Explorer contains an unspecified vulner
11:01 KSA
Microsoft Internet Explorer Memory Corruption Vulnerability — Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulner
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
CVE-2021-26857
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulner
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
CVE-2021-26858
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulner
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
CVE-2021-27059
Microsoft Office Remote Code Execution Vulnerability — Microsoft Office contains an unspecified vulnerability that allow
11:01 KSA
Microsoft Office Remote Code Execution Vulnerability — Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-27065
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulner
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
CVE-2021-27085
Microsoft Internet Explorer Remote Code Execution Vulnerability — Microsoft Internet Explorer contains an unspecified vu
11:01 KSA
Microsoft Internet Explorer Remote Code Execution Vulnerability — Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-27101
Accellion FTA SQL Injection Vulnerability — Accellion FTA contains a SQL injection vulnerability exploited via a crafted
11:01 KSA
Accellion FTA SQL Injection Vulnerability — Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.
CVE-2021-27102
Accellion FTA OS Command Injection Vulnerability — Accellion FTA contains an OS command injection vulnerability exploite
11:01 KSA
Accellion FTA OS Command Injection Vulnerability — Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
CVE-2021-27103
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability — Accellion FTA contains a server-side request forgery (S
11:01 KSA
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability — Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.
CVE-2021-27104
Accellion FTA OS Command Injection Vulnerability — Accellion FTA contains an OS command injection vulnerability exploite
11:01 KSA
Accellion FTA OS Command Injection Vulnerability — Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
CVE-2021-27561
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability — Yealink Device Management contains a server
11:01 KSA
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability — Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
CVE-2021-27562
Arm Trusted Firmware Out-of-Bounds Write Vulnerability — Arm Trusted Firmware contains an out-of-bounds write vulnerabil
11:01 KSA
Arm Trusted Firmware Out-of-Bounds Write Vulnerability — Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-sec…
CVE-2021-27852
Checkbox Survey Deserialization of Untrusted Data Vulnerability — Deserialization of Untrusted Data vulnerability in Che
11:01 KSA
Checkbox Survey Deserialization of Untrusted Data Vulnerability — Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
CVE-2021-27860
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit — A vulnerability in the web management interface of FatPipe
11:01 KSA
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit — A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.
CVE-2021-27876
Veritas Backup Exec Agent File Access Vulnerability — Veritas Backup Exec (BE) Agent contains a file access vulnerabilit
11:01 KSA
Veritas Backup Exec Agent File Access Vulnerability — Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
CVE-2021-27877
Veritas Backup Exec Agent Improper Authentication Vulnerability — Veritas Backup Exec (BE) Agent contains an improper au
11:01 KSA
Veritas Backup Exec Agent Improper Authentication Vulnerability — Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
CVE-2021-27878
Veritas Backup Exec Agent Command Execution Vulnerability — Veritas Backup Exec (BE) Agent contains a command execution
11:01 KSA
Veritas Backup Exec Agent Command Execution Vulnerability — Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.
CVE-2021-28310
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Windows Win32k contains an unspecified vulnerability tha
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-28550
Adobe Acrobat and Reader Use-After-Free Vulnerability — Adobe Acrobat and Reader contains a use-after-free vulnerability
11:01 KSA
Adobe Acrobat and Reader Use-After-Free Vulnerability — Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
CVE-2021-28663
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability — Arm Mali Graphics Processing Unit (GPU) kernel dr
11:01 KSA
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability — Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or discl…
CVE-2021-28664
Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability — Arm Mali Graphics Processing Unit (GPU) kernel drive
11:01 KSA
Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability — Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and …
CVE-2021-28799
QNAP NAS Improper Authorization Vulnerability — QNAP NAS running HBS 3 contains an improper authorization vulnerability
11:01 KSA
QNAP NAS Improper Authorization Vulnerability — QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
CVE-2021-29256
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Mali GPU Kernel Driver contains a use-after-free vulnerabi
11:01 KSA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
CVE-2021-30116
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability — Kaseya Virtual System/Server Adm
11:01 KSA
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability — Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks again…
CVE-2021-30533
Google Chromium PopupBlocker Security Bypass Vulnerability — Google Chromium PopupBlocker contains an insufficient polic
11:01 KSA
Google Chromium PopupBlocker Security Bypass Vulnerability — Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web b…
CVE-2021-30551
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that
11:01 KSA
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-30554
Google Chromium WebGL Use-After-Free Vulnerability — Google Chromium WebGL contains a use-after-free vulnerability that
11:01 KSA
Google Chromium WebGL Use-After-Free Vulnerability — Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chro…
CVE-2021-30563
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that
11:01 KSA
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-30632
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains an out-of-bounds write vulnera
11:01 KSA
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that …
CVE-2021-30633
Google Chromium Indexed DB API Use-After-Free Vulnerability — Google Chromium Indexed DB API contains a use-after-free v
11:01 KSA
Google Chromium Indexed DB API Use-After-Free Vulnerability — Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vuln…
CVE-2021-30657
Apple macOS Unspecified Vulnerability — Apple macOS contains an unspecified logic issue in System Preferences that may a
11:01 KSA
Apple macOS Unspecified Vulnerability — Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
CVE-2021-30661
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability — Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safar
11:01 KSA
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability — Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
CVE-2021-30663
Apple Multiple Products WebKit Integer Overflow Vulnerability — Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contai
11:01 KSA
Apple Multiple Products WebKit Integer Overflow Vulnerability — Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers t…
CVE-2021-30665
Apple Multiple Products WebKit Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit cont
11:01 KSA
Apple Multiple Products WebKit Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers…
CVE-2021-30666
Apple iOS WebKit Buffer Overflow Vulnerability — Apple iOS WebKit contains a buffer-overflow vulnerability that leads to
11:01 KSA
Apple iOS WebKit Buffer Overflow Vulnerability — Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Appl…
CVE-2021-30713
Apple macOS Unspecified Vulnerability — Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified per
11:01 KSA
Apple macOS Unspecified Vulnerability — Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
CVE-2021-30761
Apple iOS WebKit Memory Corruption Vulnerability — Apple iOS WebKit contains a memory corruption vulnerability that lead
11:01 KSA
Apple iOS WebKit Memory Corruption Vulnerability — Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to …
CVE-2021-30762
Apple iOS WebKit Use-After-Free Vulnerability — Apple iOS WebKit contains a use-after-free vulnerability that leads to c
11:01 KSA
Apple iOS WebKit Use-After-Free Vulnerability — Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple …
CVE-2021-30807
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer cont
11:01 KSA
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
CVE-2021-30858
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vul
11:01 KSA
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including…
CVE-2021-30860
Apple Multiple Products Integer Overflow Vulnerability — Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an i
11:01 KSA
Apple Multiple Products Integer Overflow Vulnerability — Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FOR…
CVE-2021-30869
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability — Apple iOS, iPadOS, and macOS contain a type confusion vulner
11:01 KSA
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability — Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
CVE-2021-30883
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, macOS, watchOS, and tvOS contain a memory corruptio
11:01 KSA
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
CVE-2021-30900
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple GPU drivers, included in iOS, iPadOS, and macOS,
11:01 KSA
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
CVE-2021-30983
Apple iOS and iPadOS Buffer Overflow Vulnerability — Apple iOS and iPadOS contain a buffer overflow vulnerability that c
11:01 KSA
Apple iOS and iPadOS Buffer Overflow Vulnerability — Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
CVE-2021-31010
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability — In affected versions of Apple iOS, macOS, and watchOS, a sandbo
11:01 KSA
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability — In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
CVE-2021-31166
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability — Microsoft HTTP Protocol Stack contains a vulnerabili
11:01 KSA
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability — Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
CVE-2021-31196
Microsoft Exchange Server Information Disclosure Vulnerability — Microsoft Exchange Server contains an information discl
11:01 KSA
Microsoft Exchange Server Information Disclosure Vulnerability — Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
CVE-2021-31199
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability — Microsoft Enhanced Cryptographic Provider
11:01 KSA
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability — Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-31201
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability — Microsoft Enhanced Cryptographic Provider
11:01 KSA
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability — Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-31207
Microsoft Exchange Server Security Feature Bypass Vulnerability — Microsoft Exchange Server contains an unspecified vuln
11:01 KSA
Microsoft Exchange Server Security Feature Bypass Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
CVE-2021-3129
Laravel Ignition File Upload Vulnerability — Laravel Ignition contains a file upload vulnerability that allows unauthent
11:01 KSA
Laravel Ignition File Upload Vulnerability — Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().
CVE-2021-3156
Sudo Heap-Based Buffer Overflow Vulnerability — Sudo contains an off-by-one error that can result in a heap-based buffer
11:01 KSA
Sudo Heap-Based Buffer Overflow Vulnerability — Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
CVE-2021-31755
Tenda AC11 Router Stack Buffer Overflow Vulnerability — Tenda AC11 devices contain a stack buffer overflow vulnerability
11:01 KSA
Tenda AC11 Router Stack Buffer Overflow Vulnerability — Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
CVE-2021-31955
Microsoft Windows Kernel Information Disclosure Vulnerability — Microsoft Windows Kernel contains an unspecified vulnera
11:01 KSA
Microsoft Windows Kernel Information Disclosure Vulnerability — Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.
CVE-2021-31956
Microsoft Windows NTFS Privilege Escalation Vulnerability — Microsoft Windows New Technology File System (NTFS) contains
11:01 KSA
Microsoft Windows NTFS Privilege Escalation Vulnerability — Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
CVE-2021-31979
Microsoft Windows Kernel Privilege Escalation Vulnerability — Microsoft Windows kernel contains an unspecified vulnerabi
11:01 KSA
Microsoft Windows Kernel Privilege Escalation Vulnerability — Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-32030
ASUS Routers Improper Authentication Vulnerability — ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authe
11:01 KSA
ASUS Routers Improper Authentication Vulnerability — ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) an…
CVE-2021-32648
October CMS Improper Authentication — In affected versions of the october/system package an attacker can request an acco
11:01 KSA
October CMS Improper Authentication — In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE-2021-33044
Dahua IP Camera Authentication Bypass Vulnerability — Dahua IP cameras and related products contain an authentication by
11:01 KSA
Dahua IP Camera Authentication Bypass Vulnerability — Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
CVE-2021-33045
Dahua IP Camera Authentication Bypass Vulnerability — Dahua IP cameras and related products contain an authentication by
11:01 KSA
Dahua IP Camera Authentication Bypass Vulnerability — Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
CVE-2021-33739
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability — Microsoft Desktop Window Manage
11:01 KSA
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability — Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-33742
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability — Microsoft Windows MSHTML Platform contains an un
11:01 KSA
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability — Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-33766
Microsoft Exchange Server Information Disclosure — Microsoft Exchange Server contains an information disclosure vulnerab
11:01 KSA
Microsoft Exchange Server Information Disclosure — Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
CVE-2021-33771
Microsoft Windows Kernel Privilege Escalation Vulnerability — Microsoft Windows kernel contains an unspecified vulnerabi
11:01 KSA
Microsoft Windows Kernel Privilege Escalation Vulnerability — Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-34448
Microsoft Windows Scripting Engine Memory Corruption Vulnerability — Microsoft Windows Scripting Engine contains an unsp
11:01 KSA
Microsoft Windows Scripting Engine Memory Corruption Vulnerability — Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulner
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
CVE-2021-34484
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service conta
11:01 KSA
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-34486
Microsoft Windows Event Tracing Privilege Escalation Vulnerability — Microsoft Windows Event Tracing contains an unspeci
11:01 KSA
Microsoft Windows Event Tracing Privilege Escalation Vulnerability — Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
CVE-2021-34523
Microsoft Exchange Server Privilege Escalation Vulnerability — Microsoft Exchange Server contains an unspecified vulnera
11:01 KSA
Microsoft Exchange Server Privilege Escalation Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-34527
Microsoft Windows Print Spooler Remote Code Execution Vulnerability — Microsoft Windows Print Spooler contains an unspec
11:01 KSA
Microsoft Windows Print Spooler Remote Code Execution Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to per…
CVE-2021-3493
Linux Kernel Privilege Escalation Vulnerability — The overlayfs stacking file system in Linux kernel does not properly v
11:01 KSA
Linux Kernel Privilege Escalation Vulnerability — The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
CVE-2021-35211
SolarWinds Serv-U Remote Code Execution Vulnerability — SolarWinds Serv-U contains an unspecified memory escape vulnerab
11:01 KSA
SolarWinds Serv-U Remote Code Execution Vulnerability — SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
CVE-2021-35247
SolarWinds Serv-U Improper Input Validation Vulnerability — SolarWinds Serv-U versions 15.2.5 and earlier contain an imp
11:01 KSA
SolarWinds Serv-U Improper Input Validation Vulnerability — SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.
VMware Tools Authentication Bypass Vulnerability — VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity…
CVE-2023-20887
VMware Aria Operations for Networks Command Injection Remote Code Execution
11:01 KSA
Vmware Aria Operations for Networks Command Injection Vulnerability — VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code…
Android Framework Privilege Escalation Vulnerability — Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.
CVE-2023-21237
Android Pixel Framework Information Disclosure via Hidden Foreground Service Notification
11:01 KSA
Android Pixel Information Disclosure Vulnerability — Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sen…
Google Chrome Skia Integer Overflow Vulnerability — Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects…
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability — Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address s…
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability — Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-21715
Microsoft Office Publisher Security Feature Bypass Vulnerability (CVE-2023-21715)
11:01 KSA
Microsoft Office Publisher Security Feature Bypass Vulnerability — Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
CVE-2023-21823
Microsoft Windows Graphics Component Privilege Escalation Vulnerability (CVE-2023-21823)
11:01 KSA
Microsoft Windows Graphic Component Privilege Escalation Vulnerability — Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-21839
Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2023-21839)
11:01 KSA
Oracle WebLogic Server Unspecified Vulnerability — Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
CVE-2023-22515
Atlassian Confluence Broken Access Control - Unauthorized Admin Account Creation
11:01 KSA
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability — Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability — Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impac…
CVE-2023-23376
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-23397
Microsoft Office Outlook Privilege Escalation Vulnerability — Microsoft Office Outlook contains a privilege escalation v
11:01 KSA
Microsoft Office Outlook Privilege Escalation Vulnerability — Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
CVE-2023-23529
Apple Multiple Products WebKit Type Confusion Vulnerability — Apple iOS, MacOS, Safari and iPadOS WebKit contain a type
11:01 KSA
Apple Multiple Products WebKit Type Confusion Vulnerability — Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebK…
CVE-2023-23752
Joomla! Improper Access Control Vulnerability — Joomla! contains an improper access control vulnerability that allows un
11:01 KSA
Joomla! Improper Access Control Vulnerability — Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.
CVE-2023-24489
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability — Citrix Content Collaboration contains an
11:01 KSA
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability — Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.
CVE-2023-24880
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880)
11:01 KSA
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability — Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
CVE-2023-24955
Microsoft SharePoint Server Remote Code Injection Vulnerability (CVE-2023-24955)
11:01 KSA
Microsoft SharePoint Server Code Injection Vulnerability — Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
D-Link DIR-820 Router OS Command Injection Vulnerability — D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
CVE-2023-2533
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability — PaperCut NG/MF contains a cross-site request forgery (C
11:01 KSA
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability — PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.
ZKTeco BioTime Path Traversal Vulnerability — ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
ASUS RT-AX55 Routers OS Command Injection Vulnerability — ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.
CVE-2023-41763
Microsoft Skype for Business Privilege Escalation Vulnerability CVE-2023-41763
11:01 KSA
Microsoft Skype for Business Privilege Escalation Vulnerability — Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
Apple Multiple Products Kernel Privilege Escalation Vulnerability — Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
Mitel MiCollab Path Traversal Vulnerability — Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attack…
RoundCube Webmail Cross-Site Scripting Vulnerability — RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message…
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.
Android Framework Privilege Escalation Vulnerability — Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability — Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to imperson…
Microsoft Windows MSHTML Platform Spoofing Vulnerability — Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CV…
CVE-2024-43468
Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
11:01 KSA
Microsoft Configuration Manager SQL Injection Vulnerability — Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed …
CVE-2024-43572
Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43572
11:01 KSA
Microsoft Windows Management Console Remote Code Execution Vulnerability — Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.
Microsoft Windows MSHTML Platform Spoofing Vulnerability — Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.
Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability — Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Apple Multiple Products Code Execution Vulnerability — Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability — Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
Apache OFBiz Forced Browsing Vulnerability — Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.
CVE-2024-45519
Zimbra Collaboration Suite Unauthenticated Command Execution in postjournal
11:01 KSA
Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.
PHP-CGI OS Command Injection Vulnerability — PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Google Chromium Visuals Use-After-Free Vulnerability — Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, in…
Fortinet FortiManager Missing Authentication Vulnerability — Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability — Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limite…
NAKIVO Backup and Replication Absolute Path Traversal Vulnerability — NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.
ServiceNow Improper Input Validation Vulnerability — ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.
Progress WhatsUp Gold Path Traversal Vulnerability — Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.
Microsoft Partner Center Improper Access Control Vulnerability — Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability — Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RP…
CVE-2024-49138
Microsoft Windows CLFS Driver Heap-Based Buffer Overflow Privilege Escalation
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability — Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, th…
CVE-2024-50302
Linux Kernel HID Use-of-Uninitialized-Resource Memory Leak (CVE-2024-50302)
11:01 KSA
Linux Kernel Use of Uninitialized Resource Vulnerability — The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
Aviatrix Controllers OS Command Injection Vulnerability — Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_desti…
Cleo Multiple Products Unrestricted File Upload Vulnerability — Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.
CyberPanel Incorrect Default Permissions Vulnerability — CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.
CyberPanel Incorrect Default Permissions Vulnerability — CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root.
ServiceNow Incomplete List of Disallowed Inputs Vulnerability — ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerabi…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limi…
Linux Kernel Out-of-Bounds Write Vulnerability — Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
Linux Kernel Out-of-Bounds Read Vulnerability — Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.
Linux Kernel Out-of-Bounds Access Vulnerability — Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privile…
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability — SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability — AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or av…
Mitel MiCollab Path Traversal Vulnerability — Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be c…
CVE-2024-55591
Fortinet FortiOS/FortiProxy Authentication Bypass - Super-Admin Privilege Escalation
11:01 KSA
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability — Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Cleo Multiple Products Unauthenticated File Upload Vulnerability — Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or Pow…
Craft CMS Code Injection Vulnerability — Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.
SimpleHelp Path Traversal Vulnerability — SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server…
Advantive VeraCore Unrestricted File Upload Vulnerability — Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.
Yiiframework Yii Improper Protection of Alternate Path Vulnerability — Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, incl…
Palo Alto Networks Expedition Missing Authentication Vulnerability — Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, cre…
GeoVision Devices OS Command Injection Vulnerability — Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or …
Progress WhatsUp Gold SQL Injection Vulnerability — Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.
Kingsoft WPS Office Path Traversal Vulnerability — Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
CVE-2024-7593
Ivanti Virtual Traffic Manager Authentication Bypass - Admin Account Creation
11:01 KSA
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability — Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability — TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of u…
Google Chromium V8 Inappropriate Implementation Vulnerability — Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web bro…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, b…
⚠️ Threat Intelligence
29 threats
rss:BleepingComputer
—
03:00 KSA
<strong>The Gentlemen ransomware now uses SystemBC for bot-powered attacks</strong>
A botnet comprising over 1,570 SystemBC proxy malware hosts, primarily corporate victims, has been identified in connection with Gentlemen ransomware attacks. The discovery reveals the gang's use…
rss:CISA Advisories
—
03:00 KSA
<strong>CISA Adds Eight Known Exploited Vulnerabilities to Catalog</strong>
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in PaperCut NG/MF and JetBrains TeamCity, based on evidence of active exploitation in the…
rss:Dark Reading
—
01:56 KSA
<strong>Serial-to-IP Devices Hide Thousands of Old and New Bugs</strong>
Serial-to-IP converter devices used in operational technology environments contain thousands of known and zero-day vulnerabilities that are increasingly targeted by attackers. These devices, which bridge le…
rss:The Hacker News
—
00:54 KSA
<strong>SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files</strong>
A critical vulnerability (CVE-2026-5760) in SGLang with a CVSS score of 9.8 has been disclosed, allowing remote code execution through malicious GGUF model files. This command injection v…
rss:BleepingComputer
—
00:54 KSA
<strong>Seiko USA website defaced as hacker claims customer data theft</strong>
The Seiko USA website was defaced by attackers who claim to have stolen customer data from its Shopify database and are demanding ransom under threat of public data leakage. This incident demonstrate…
rss:CISA Advisories
—
00:54 KSA
<strong>Supply Chain Compromise Impacts Axios Node Package Manager</strong>
CISA issued an alert regarding a supply chain compromise affecting the Axios npm package, a widely-used HTTP client for JavaScript in Node.js and browser environments. This vulnerability could impact …
rss:SecurityWeek
—
22:17 KSA
<strong>Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking</strong>
Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex serial-to-IP converter products that could expose operational technology and healthcare systems to hacking att…
rss:Malwarebytes Lab
—
21:16 KSA
<strong>Big Tech can stop scams. They just don&#8217;t (Lock and Code S07E08)</strong>
The article discusses how major technology companies have the capability to prevent financial scams targeting older adults but fail to implement adequate protective measures. It features i…
rss:Dark Reading
—
21:16 KSA
<strong>WhatsApp Leaks User Metadata to Attackers</strong>
WhatsApp vulnerability allows attackers to infer limited user metadata without direct communication, potentially facilitating targeted malicious activities. This metadata exposure could be leveraged for reconnaissance in…
rss:The Hacker News
—
21:16 KSA
<strong>⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More</strong>
Weekly security recap highlighting multiple attack vectors including third-party tool compromise leading to internal access, malicious software delivery through trusted down…
rss:BleepingComputer
—
21:16 KSA
<strong>Microsoft: Teams increasingly abused in helpdesk impersonation attacks</strong>
Microsoft warns that threat actors are increasingly abusing external Microsoft Teams for helpdesk impersonation attacks to gain initial access and perform lateral movement within enterprise n…
rss:Malwarebytes Lab
—
20:12 KSA
<strong>Mythos: An AI tool too powerful for public release</strong>
Anthropic has restricted public access to its Mythos AI tool, limiting distribution to select organizations due to concerns about potential misuse and security risks. The decision reflects growing awareness of A…
rss:BleepingComputer
—
20:12 KSA
<strong>British Scattered Spider hacker pleads guilty to crypto theft charges</strong>
A British individual, identified as a leader of the Scattered Spider cybercrime group, has pleaded guilty to wire fraud and aggravated identity theft charges in the United States. This represe…
rss:BleepingComputer
—
20:12 KSA
<strong>The backup myth that is putting businesses at risk</strong>
While backups protect data, they do not ensure business continuity during downtime. The article emphasizes that Business Continuity and Disaster Recovery (BCDR) solutions are essential to maintain operations dur…
rss:SecurityWeek
—
19:00 KSA
<strong>British Scattered Spider Hacker Pleads Guilty in the US</strong>
Tyler Buchanan, a British hacker associated with the Scattered Spider group, pleaded guilty to hacking into multiple companies, committing fraud, and stealing cryptocurrency from individuals. This case high…
rss:The Hacker News
—
19:00 KSA
<strong>Why Most AI Deployments Stall After the Demo</strong>
Article discusses challenges in AI deployment beyond initial demonstrations, focusing on organizational and implementation barriers rather than technical failures. The piece examines why promising AI initiatives often…
rss:BleepingComputer
—
19:00 KSA
<strong>Microsoft tests Windows Explorer speed, performance improvements</strong>
Microsoft is testing performance improvements to Windows 11 File Explorer, focusing on faster launch speeds and overall system responsiveness. These updates are being rolled out to Insider program …
rss:SecurityWeek
—
17:48 KSA
<strong>Bluesky Disrupted by Sophisticated DDoS Attack</strong>
A pro-Iran hacker group claimed responsibility for a sophisticated DDoS attack against Bluesky social media platform that lasted approximately 24 hours. The attack highlights the ongoing threat of state-aligned cybe…
rss:SecurityWeek
—
17:48 KSA
<strong>Hackers Abuse QEMU for Defense Evasion</strong>
Threat actors are exploiting QEMU machine emulator as an evasion technique across multiple campaigns distributing ransomware and remote access tools. This abuse demonstrates attackers' efforts to bypass security defenses by…
rss:The Hacker News
—
17:48 KSA
<strong>Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain</strong>
Researchers discovered a critical architectural vulnerability in Anthropic's Model Context Protocol (MCP) that allows remote code execution through arbitrary command execution. This desi…
rss:SecurityWeek
—
16:47 KSA
<strong>Half of the 6 Million Internet-Facing FTP Servers Lack Encryption</strong>
Approximately 3 million of the 6 million internet-facing FTP servers worldwide lack encryption, exposing organizations to various cyber attacks. The continued reliance on the outdated FTP protocol…
rss:SecurityWeek
—
16:47 KSA
<strong>Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House</strong>
The U.S. Senate approved a short-term extension of surveillance powers used by intelligence agencies until April 30. This renewal follows contentious voting in the House regarding the…
rss:BleepingComputer
—
16:47 KSA
<strong>Microsoft pulls service update causing Teams launch failures</strong>
Microsoft reverted a service update that caused Microsoft Teams desktop client launch failures for some customers. The issue affected user productivity and required immediate rollback to restore servic…
rss:SecurityWeek
—
14:32 KSA
<strong>Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers</strong>
Researchers observed year-long exploitation attempts targeting a vulnerability in discontinued TP-Link routers, but no successful payload execution has been achieved. This suggests the vulnerability ma…
rss:SecurityWeek
—
14:32 KSA
<strong>Next.js Creator Vercel Hacked</strong>
Vercel, the creator of Next.js framework, suffered a data breach with hackers from ShinyHunters group demanding $2 million for stolen data. This incident impacts developers and organizations relying on Vercel's platform for applicat…
rss:The Hacker News
—
14:32 KSA
<strong>Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems</strong>
Researchers have identified ZionSiphon, a sophisticated malware specifically designed to target Israeli water treatment and desalination infrastructure. The malware, discovere…
rss:BleepingComputer
—
14:32 KSA
<strong>Microsoft releases emergency updates to fix Windows Server issues</strong>
Microsoft released emergency out-of-band updates to address critical issues in Windows Server systems following the April 2026 security patches. These updates are essential for organizations runni…
rss:Malwarebytes Lab
—
13:18 KSA
<strong>A week in security (April 13 &#8211; April 19)</strong>
This article provides a weekly roundup of cybersecurity topics and threats covered during April 13-19, 2026. It serves as a summary of significant security incidents and developments from that week.
Source: htt…
rss:The Hacker News
—
11:00 KSA
<strong>Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials</strong>
Web infrastructure provider Vercel suffered a security breach through compromised third-party AI tool Context.ai used by an employee, allowing unauthorized access to internal systems and …
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Monday, April 20, 2026
CVE Archive ·
Threats ·
News