172
CVEs Today
14
Threats Today
2
News Today
150
Critical
150
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2023-27351
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote
05:18 KSA
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
Required Action: Apply mitigations per vendor instructions, …
CVE-2024-27199
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow
05:18 KSA
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or…
CVE-2025-2749
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an
05:18 KSA
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Required Action: Apply mitigations per vendor instructions, follo…
CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an
05:18 KSA
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
Required Action: Apply mitigations…
CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site
05:18 KSA
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sen…
CVE-2026-20122
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs
05:18 KSA
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious f…
CVE-2026-20128
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverab
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesyst…
CVE-2026-20133
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive informati
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.
Required Action: Please adhere t…
CVE-2021-35394
Realtek Jungle SDK Remote Code Execution Vulnerability — RealTek Jungle SDK contains multiple memory corruption vulnerab
11:01 KSA
Realtek Jungle SDK Remote Code Execution Vulnerability — RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
CVE-2021-35395
Realtek AP-Router SDK Buffer Overflow Vulnerability — Realtek AP-Router SDK HTTP web server boa contains a buffer overfl
11:01 KSA
Realtek AP-Router SDK Buffer Overflow Vulnerability — Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).
CVE-2021-35464
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability — ForgeRock Access Management (AM) Core
11:01 KSA
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability — ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFr…
CVE-2021-35587
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Access Manager allows an unauthenticated a
11:01 KSA
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
CVE-2021-3560
Red Hat Polkit Incorrect Authorization Vulnerability — Red Hat Polkit contains an incorrect authorization vulnerability
11:01 KSA
Red Hat Polkit Incorrect Authorization Vulnerability — Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
CVE-2021-36260
Hikvision Improper Input Validation — A command injection vulnerability in the web server of some Hikvision product. Due
11:01 KSA
Hikvision Improper Input Validation — A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
CVE-2021-36380
Sunhillo SureLine OS Command Injection Vulnerablity — Sunhillo SureLine contains an OS command injection vulnerability t
11:01 KSA
Sunhillo SureLine OS Command Injection Vulnerablity — Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/n…
CVE-2021-36741
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and
11:01 KSA
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
CVE-2021-36742
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and
11:01 KSA
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
CVE-2021-36934
Microsoft Windows SAM Local Privilege Escalation Vulnerability — If a Volume Shadow Copy (VSS) shadow copy of the system
11:01 KSA
Microsoft Windows SAM Local Privilege Escalation Vulnerability — If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
CVE-2021-36942
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability — Microsoft Windows Local Security Authority (LS
11:01 KSA
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability — Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authentic…
CVE-2021-36948
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability — Microsoft Windows Update Medic Service conta
11:01 KSA
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability — Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-36955
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-37415
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11302 is v
11:01 KSA
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
CVE-2021-37973
Google Chromium Portals Use-After-Free Vulnerability — Google Chromium Portals contains a use-after-free vulnerability t
11:01 KSA
Google Chromium Portals Use-After-Free Vulnerability — Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affe…
CVE-2021-37975
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that
11:01 KSA
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-37976
Google Chromium Information Disclosure Vulnerability — Google Chromium contains an information disclosure vulnerability
11:01 KSA
Google Chromium Information Disclosure Vulnerability — Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vul…
CVE-2021-38000
Google Chromium Intents Improper Input Validation Vulnerability — Google Chromium Intents contains an improper input val
11:01 KSA
Google Chromium Intents Improper Input Validation Vulnerability — Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple …
CVE-2021-38003
Google Chromium V8 Memory Corruption Vulnerability — Google Chromium V8 Engine has a bug in JSON.stringify, where the in
11:01 KSA
Google Chromium V8 Memory Corruption Vulnerability — Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including,…
CVE-2021-38163
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver contains a vulnerability that allows unrestricted f
11:01 KSA
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
CVE-2021-38406
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability — Delta Electronics DOPSoft 2 lacks proper validatio
11:01 KSA
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability — Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
CVE-2021-38645
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-38646
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability — Microsoft Office Access Connectivity E
11:01 KSA
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability — Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
CVE-2021-38647
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability — Microsoft Open Management Infrastru
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
CVE-2021-38648
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
CVE-2021-38649
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
CVE-2021-39144
XStream Remote Code Execution Vulnerability — XStream contains a remote code execution vulnerability that allows an atta
11:01 KSA
XStream Remote Code Execution Vulnerability — XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability ca…
CVE-2021-39226
Grafana Authentication Bypass Vulnerability — Grafana contains an authentication bypass vulnerability that allows authen
11:01 KSA
Grafana Authentication Bypass Vulnerability — Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
CVE-2021-39793
Google Pixel Out-of-Bounds Write Vulnerability — Google Pixel contains a possible out-of-bounds write due to a logic err
11:01 KSA
Google Pixel Out-of-Bounds Write Vulnerability — Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability — The Red Hat polkit pkexec utility contains an out-of-bounds
11:01 KSA
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability — The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
CVE-2021-40407
Reolink RLC-410W IP Camera OS Command Injection Vulnerability — Reolink RLC-410W IP cameras contain an authenticated OS
11:01 KSA
Reolink RLC-410W IP Camera OS Command Injection Vulnerability — Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF) — A crafted request uri-path can cause mod_proxy to forward the request t
11:01 KSA
Apache HTTP Server-Side Request Forgery (SSRF) — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-40444
Microsoft MSHTML Remote Code Execution Vulnerability — Microsoft MSHTML contains a unspecified vulnerability that allows
11:01 KSA
Microsoft MSHTML Remote Code Execution Vulnerability — Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
CVE-2021-40449
Microsoft Windows Win32k Privilege Escalation Vulnerability — Unspecified vulnerability allows for an authenticated user
11:01 KSA
Microsoft Windows Win32k Privilege Escalation Vulnerability — Unspecified vulnerability allows for an authenticated user to escalate privileges.
CVE-2021-40450
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability — Zoho ManageEngine ADSelfService Plus contains
11:01 KSA
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability — Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
CVE-2021-40655
D-Link DIR-605 Router Information Disclosure Vulnerability — D-Link DIR-605 routers contain an information disclosure vu
11:01 KSA
D-Link DIR-605 Router Information Disclosure Vulnerability — D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.
CVE-2021-40870
Aviatrix Controller Unrestricted Upload of File — Unrestricted upload of a file with a dangerous type is possible, which
11:01 KSA
Aviatrix Controller Unrestricted Upload of File — Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVE-2021-4102
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that
11:01 KSA
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-41277
Metabase GeoJSON API Local File Inclusion Vulnerability — Metabase contains a local file inclusion vulnerability in the
11:01 KSA
Metabase GeoJSON API Local File Inclusion Vulnerability — Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
CVE-2021-41357
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-41379
Microsoft Windows Installer Privilege Escalation Vulnerability — Microsoft Windows Installer contains an unspecified vul
11:01 KSA
Microsoft Windows Installer Privilege Escalation Vulnerability — Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-41773
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows
11:01 KSA
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if …
CVE-2021-42013
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows
11:01 KSA
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CG…
CVE-2021-42237
Sitecore XP Remote Command Execution Vulnerability — Sitcore XP contains an insecure deserialization vulnerability which
11:01 KSA
Sitecore XP Remote Command Execution Vulnerability — Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
CVE-2021-42258
BQE BillQuick Web Suite SQL Injection Vulnerability — BQE BillQuick Web Suite contains an SQL injection vulnerability wh
11:01 KSA
BQE BillQuick Web Suite SQL Injection Vulnerability — BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.
CVE-2021-42278
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Servic
11:01 KSA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-42287
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Servic
11:01 KSA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-42292
Microsoft Excel Security Feature Bypass — A security feature bypass vulnerability in Microsoft Excel would allow a local
11:01 KSA
Microsoft Excel Security Feature Bypass — A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability — An authenticated attacker could leverage improper valida
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
CVE-2021-43226
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows Common Log File System Driver contains a privil
11:01 KSA
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
CVE-2021-43798
Grafana Path Traversal Vulnerability — Grafana contains a path traversal vulnerability that could allow access to local
11:01 KSA
Grafana Path Traversal Vulnerability — Grafana contains a path traversal vulnerability that could allow access to local files.
CVE-2021-43890
Microsoft Windows AppX Installer Spoofing Vulnerability — Microsoft Windows AppX Installer contains a spoofing vulnerabi
11:01 KSA
Microsoft Windows AppX Installer Spoofing Vulnerability — Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
CVE-2021-44026
Roundcube Webmail SQL Injection Vulnerability — Roundcube Webmail is vulnerable to SQL injection via search or search_pa
11:01 KSA
Roundcube Webmail SQL Injection Vulnerability — Roundcube Webmail is vulnerable to SQL injection via search or search_params.
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11306
11:01 KSA
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
CVE-2021-44168
Fortinet FortiOS Arbitrary File Download — Fortinet FortiOS "execute restore src-vis" downloads code without integrity c
11:01 KSA
Fortinet FortiOS Arbitrary File Download — Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
CVE-2021-44207
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability — Acclaim Systems USAHERDS contains a hard-coded c
11:01 KSA
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability — Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained …
CVE-2021-44228
Apache Log4j2 Remote Code Execution Vulnerability — Apache Log4j2 contains a vulnerability where JNDI features do not pr
11:01 KSA
Apache Log4j2 Remote Code Execution Vulnerability — Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVE-2021-44515
Zoho Desktop Central Authentication Bypass Vulnerability — Zoho Desktop Central contains an authentication bypass vulner
11:01 KSA
Zoho Desktop Central Authentication Bypass Vulnerability — Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
CVE-2021-44529
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability — Ivanti Endpoint Manager Cloud
11:01 KSA
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability — Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobo…
CVE-2021-45046
Apache Log4j2 Deserialization of Untrusted Data Vulnerability — Apache Log4j2 contains a deserialization of untrusted da
11:01 KSA
Apache Log4j2 Deserialization of Untrusted Data Vulnerability — Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-defa…
CVE-2021-45382
D-Link Multiple Routers Remote Code Execution Vulnerability — A remote code execution vulnerability exists in all series
11:01 KSA
D-Link Multiple Routers Remote Code Execution Vulnerability — A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
CVE-2022-0028
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability — A Palo Alto Networks PAN-OS URL filt
11:01 KSA
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability — A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Linux Kernel Heap-Based Buffer Overflow Vulnerability — Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem C…
CVE-2022-0543
Debian-specific Redis Server Lua Sandbox Escape Vulnerability — Redis is prone to a (Debian-specific) Lua sandbox escape
11:01 KSA
Debian-specific Redis Server Lua Sandbox Escape Vulnerability — Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVE-2022-0609
Google Chromium Animation Use-After-Free Vulnerability — Google Chromium Animation contains a use-after-free vulnerabili
11:01 KSA
Google Chromium Animation Use-After-Free Vulnerability — Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that util…
CVE-2022-0847
Linux Kernel Privilege Escalation Vulnerability — Linux kernel contains an improper initialization vulnerability where a
11:01 KSA
Linux Kernel Privilege Escalation Vulnerability — Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."
CVE-2022-1040
Sophos Firewall Authentication Bypass Vulnerability — An authentication bypass vulnerability in User Portal and Webadmin
11:01 KSA
Sophos Firewall Authentication Bypass Vulnerability — An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
F5 BIG-IP Missing Authentication Vulnerability — F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
CVE-2022-20699
Cisco Small Business RV Series Stack-based Buffer Overflow (CVE-2022-20699)
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20700
Cisco Small Business RV Series Stack-based Buffer Overflow Remote Code Execution
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20701
Cisco Small Business RV Series Stack-based Buffer Overflow (CVE-2022-20701)
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20703
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Busine
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
Cisco SD-WAN Path Traversal Vulnerability — Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow …
Cisco IOS XR Open Port Vulnerability — Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability — Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
CVE-2022-21587
Oracle E-Business Suite Web Applications Desktop Integrator Unauthenticated Remote Compromise
11:01 KSA
Oracle E-Business Suite Unspecified Vulnerability — Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-21971
Microsoft Windows Runtime Remote Code Execution Vulnerability CVE-2022-21971
11:01 KSA
Microsoft Windows Runtime Remote Code Execution Vulnerability — Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability — Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
CVE-2022-22071
Qualcomm Chipsets Use-After-Free in Process Shell Memory During Initialization
11:01 KSA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.
Samsung Mobile Devices Use-After-Free Vulnerability — Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
CVE-2022-22536
SAP Multiple Products HTTP Request Smuggling Vulnerability — SAP NetWeaver Application Server ABAP, SAP NetWeaver Applic
11:01 KSA
SAP Multiple Products HTTP Request Smuggling Vulnerability — SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's req…
CVE-2022-22587
Apple Memory Corruption Vulnerability — Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can a
11:01 KSA
Apple Memory Corruption Vulnerability — Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
CVE-2022-22620
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain a use-aft
11:01 KSA
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit…
CVE-2022-22674
Apple macOS Out-of-Bounds Read Vulnerability — macOS Monterey contains an out-of-bounds read vulnerability that could al
11:01 KSA
Apple macOS Out-of-Bounds Read Vulnerability — macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
CVE-2022-22675
Apple macOS Out-of-Bounds Write Vulnerability — macOS Monterey contains an out-of-bounds write vulnerability that could
11:01 KSA
Apple macOS Out-of-Bounds Write Vulnerability — macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
CVE-2022-22706
Arm Mali GPU Kernel Driver Unspecified Vulnerability — Arm Mali GPU Kernel Driver contains an unspecified vulnerability
11:01 KSA
Arm Mali GPU Kernel Driver Unspecified Vulnerability — Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.
CVE-2022-22718
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspeci
11:01 KSA
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
CVE-2022-2294
WebRTC Heap Buffer Overflow Vulnerability — WebRTC, an open-source project providing web browsers with real-time communi
11:01 KSA
WebRTC Heap Buffer Overflow Vulnerability — WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebR…
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability — Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
Teclib GLPI Remote Code Execution Vulnerability — Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.
ZK Framework AuUploader Unspecified Vulnerability — ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerabili…
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability — Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to …
Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated rem…
D-Link Routers Buffer Overflow Vulnerability — D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue pr…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability — Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code re…
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability — Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
CVE-2022-40684
Fortinet Multiple Products Authentication Bypass Vulnerability CVE-2022-40684
11:01 KSA
Fortinet Multiple Products Authentication Bypass Vulnerability — Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially cr…
Mitel MiVoice Connect Command Injection Vulnerability — The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability — D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-…
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability — Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-41040
Microsoft Exchange Server SSRF Vulnerability (ProxyNotShell) - CVE-2022-41040
11:01 KSA
Microsoft Exchange Server Server-Side Request Forgery Vulnerability — Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41049)
11:01 KSA
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
CVE-2022-41080
Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2022-41080)
11:01 KSA
Microsoft Exchange Server Privilege Escalation Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the re…
CVE-2022-41091
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41091)
11:01 KSA
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability — Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Mitel MiVoice Connect Code Injection Vulnerability — The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability — Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests…
CVE-2022-46169
Cacti Command Injection Vulnerability — Cacti contains a command injection vulnerability that allows an unauthenticated
11:01 KSA
Cacti Command Injection Vulnerability — Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability — Multiple Zoho ManageEngine products contain an
11:01 KSA
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability — Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.
IBM Aspera Faspex Code Execution Vulnerability — IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
CVE-2022-48618
Apple Multiple Products TOCTOU Memory Corruption Vulnerability (CVE-2022-48618)
11:01 KSA
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
CVE-2023-0266
Linux Kernel Use-After-Free Vulnerability — Linux kernel contains a use-after-free vulnerability that allows for privile
11:01 KSA
Linux Kernel Use-After-Free Vulnerability — Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
CVE-2023-0386
Linux Kernel OverlayFS Privilege Escalation via Improper Ownership Management
11:01 KSA
Linux Kernel Improper Ownership Management Vulnerability — Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copie…
CVE-2023-0669
Fortra GoAnywhere MFT Pre-Authentication Remote Code Execution (CVE-2023-0669)
11:01 KSA
Fortra GoAnywhere MFT Remote Code Execution Vulnerability — Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
TP-Link Archer AX-21 Command Injection Vulnerability — TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
CVE-2023-1671
Sophos Web Appliance Command Injection Remote Code Execution (CVE-2023-1671)
11:01 KSA
Sophos Web Appliance Command Injection Vulnerability — Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability — Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrativ…
CVE-2023-20118
Cisco Small Business RV Series Routers Command Injection Vulnerability (CVE-2023-20118)
11:01 KSA
Cisco Small Business RV Series Routers Command Injection Vulnerability — Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain…
CVE-2023-20198
Cisco IOS XE Web UI Privilege Escalation - Unauthenticated Remote Code Execution
11:01 KSA
Cisco IOS XE Web UI Privilege Escalation Vulnerability — Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use …
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability — Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute f…
Cisco IOS XE Web UI Command Injection Vulnerability — Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file s…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
Apple Multiple Products WebKit Type Confusion Vulnerability — Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use Web…
Zyxel Multiple Firewalls Buffer Overflow Vulnerability — Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (…
Microsoft WordPad Information Disclosure Vulnerability — Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Microsoft Word Information Disclosure Vulnerability — Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
ScienceLogic SL1 Unspecified Vulnerability — ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability — Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.
CVE-2026-33121
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement…
CVE-2026-33207
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into…
CVE-2026-40459
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP synt
12:32 KSA
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.
This issue was fixed in PAC4J versio…
CVE-2026-40900
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELE…
CVE-2026-40901
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocit
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the applic…
CVE-2025-36568
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versio
12:32 KSA
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged…
CVE-2026-4659
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV
06:18 KSA
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath() functions…
CVE-2026-6490
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown f
12:32 KSA
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack…
CVE-2026-23776
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5,
12:32 KSA
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerabil…
CVE-2026-5231
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in al
06:18 KSA
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utm_so…
CVE-2026-6483
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the
12:32 KSA
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public an…
CVE-2026-6421
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library
06:18 KSA
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It i…
CVE-2026-41300
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote
07:54 KSA
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual pr…
CVE-2026-6674
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter
10:00 KSA
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL …
CVE-2026-4852
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site
03:31 KSA
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This m…
CVE-2026-6729
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated
05:48 KSA
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attack…
CVE-2026-6711
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all
14:15 KSA
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it po…
CVE-2026-40045
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials
07:54 KSA
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gatew…
CVE-2026-41298
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-beari
07:54 KSA
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.
CVE-2026-41301
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingre
07:54 KSA
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to cre…
CVE-2026-41331
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that a
07:54 KSA
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing cons…
CVE-2026-6675
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Em
10:00 KSA
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient emai…
⚠️ Threat Intelligence
14 threats
rss:Malwarebytes Lab
—
17:36 KSA
<strong>Android 17 ends all-or-nothing access to your contacts</strong>
Android 17 introduces granular permission controls that allow users to grant apps access to specific contacts rather than their entire contact list. This security enhancement reduces the risk of unauthorized…
rss:SecurityWeek
—
17:36 KSA
<strong>Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities</strong>
CISA has added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, with five of them already being actively exploited in the wild. Organizations using Cisco, Kentico…
rss:SecurityWeek
—
17:36 KSA
<strong>Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000</strong>
Three healthcare organizations in Illinois and Texas disclosed data breaches affecting approximately 600,000 individuals. The breaches at Southern Illinois Dermatology, Saint Anthony …
rss:BleepingComputer
—
17:36 KSA
<strong>Actively exploited Apache ActiveMQ flaw impacts 6,400 servers</strong>
Over 6,400 Apache ActiveMQ servers exposed online are vulnerable to active exploitation of a high-severity code injection vulnerability. Shadowserver discovered widespread exposure of these critical s…
rss:SecurityWeek
—
16:14 KSA
<strong>$290 Million Kelp DAO Crypto Heist Blamed on North Korea</strong>
North Korean threat actors executed a sophisticated attack on Kelp DAO, targeting LayerZero's Distributed Validator Network (DVN) by compromising Remote Procedure Calls (RPCs) and launching DDoS attacks to…
rss:BleepingComputer
—
16:14 KSA
<strong>Former ransomware negotiator pleads guilty to BlackCat attacks</strong>
A former cybersecurity incident response employee pleaded guilty to participating in BlackCat (ALPHV) ransomware attacks against U.S. companies in 2023. This case highlights insider threat risks wher…
rss:BleepingComputer
—
15:14 KSA
<strong>NGate Android malware uses HandyPay NFC app to steal card data</strong>
NGate malware, a variant targeting Android devices, is being distributed through a trojanized version of HandyPay NFC payment application to steal payment card data from users. The malware exploits l…
rss:The Hacker News
—
13:11 KSA
<strong>CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines</strong>
CISA added eight newly exploited vulnerabilities to its KEV catalog, including three critical flaws in Cisco Catalyst SD-WAN Manager that are actively being exploited in the wild. Federal …
rss:BleepingComputer
—
05:32 KSA
<strong>KelpDAO suffers $290 million heist tied to Lazarus hackers</strong>
North Korean state-sponsored Lazarus Group hackers conducted a $290 million cryptocurrency heist targeting KelpDAO, a decentralized finance (DeFi) platform. The attack represents a significant financial …
rss:Dark Reading
—
04:16 KSA
<strong>Vercel Employee's AI Tool Access Led to Data Breach</strong>
A Vercel employee's compromised access to AI tools resulted in stolen OAuth tokens being exploited for unauthorized data access. Security researchers highlight that OAuth tokens have become a critical atta…
rss:BleepingComputer
—
04:16 KSA
<strong>China's Apple App Store infiltrated by crypto-stealing wallet apps</strong>
26 malicious applications on Apple's China App Store impersonate legitimate cryptocurrency wallets including Metamask, Coinbase, and Trust Wallet to steal user recovery phrases and drain cry…
rss:BleepingComputer
—
03:00 KSA
<strong>The Gentlemen ransomware now uses SystemBC for bot-powered attacks</strong>
A botnet comprising over 1,570 SystemBC proxy malware hosts, primarily corporate victims, has been identified in connection with Gentlemen ransomware attacks. The discovery reveals the gang's use…
rss:CISA Advisories
—
03:00 KSA
<strong>CISA Adds Eight Known Exploited Vulnerabilities to Catalog</strong>
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in PaperCut NG/MF and JetBrains TeamCity, based on evidence of active exploitation in the…
rss:Dark Reading
—
01:56 KSA
<strong>Serial-to-IP Devices Hide Thousands of Old and New Bugs</strong>
Serial-to-IP converter devices used in operational technology environments contain thousands of known and zero-day vulnerabilities that are increasingly targeted by attackers. These devices, which bridge le…
📰 Cybersecurity News
2 articles
Saudi Arabia Launches National Cybersecurity Authority Integration with Vision 2030 Digital Infrastr
03:18 KSA
The National Cybersecurity Authority (NCA) has announced a comprehensive integration framework aligning cybersecurity governance with Vision 2030's digital transformation objectives. This initiative e…
Vision 2030 Cybersecurity Investment Fund Allocates SAR 2.5 Billion for Regional Threat Intelligence
03:18 KSA
The Public Investment Fund has announced a SAR 2.5 billion allocation to develop a GCC-wide threat intelligence sharing platform as part of Vision 2030's cybersecurity pillar. The platform will integr…
This digest is updated automatically every day — Last updated: Tuesday, April 21, 2026
CVE Archive ·
Threats ·
News