200
CVEs
48
Threats
2
News
200
Critical
200
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2023-27351
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote
05:18 KSA
PaperCut NG/MF — CVE-2023-27351
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
Required Action: Apply mitigations per vendor instructions, …
CVE-2024-27199
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow
05:18 KSA
JetBrains TeamCity — CVE-2024-27199
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or…
CVE-2025-2749
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an
05:18 KSA
Kentico Kentico Xperience — CVE-2025-2749
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Required Action: Apply mitigations per vendor instructions, follo…
CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an
05:18 KSA
Quest KACE Systems Management Appliance (SMA) — CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
Required Action: Apply mitigations…
CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site
05:18 KSA
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sen…
CVE-2026-20122
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs
05:18 KSA
Cisco Catalyst SD-WAN Manger — CVE-2026-20122
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious f…
CVE-2026-20128
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverab
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20128
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesyst…
CVE-2026-20133
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive informati
05:18 KSA
Cisco Catalyst SD-WAN Manager — CVE-2026-20133
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.
Required Action: Please adhere t…
SonicWall SonicOS Buffer Overflow Vulnerability — A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability — Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
Grandstream Networks UCM6200 Series SQL Injection Vulnerability — Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.
Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability — Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.
Plex Media Server Remote Code Execution Vulnerability — Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media serv…
Unraid Remote Code Execution Vulnerability — Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Unraid Authentication Bypass Vulnerability — Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium…
Google Chrome Media Use-After-Free Vulnerability — Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability — Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified im…
Trend Micro Multiple Products Content Validation Escape Vulnerability — Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Multiple DrayTek Vigor Routers Web Management Page Vulnerability — DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
CVE-2020-8599
Trend Micro Apex One/OfficeScan Authentication Bypass and Arbitrary File Write
11:01 KSA
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability — Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
PlaySMS Server-Side Template Injection Vulnerability — PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
EyesOfNetwork Improper Privilege Management Vulnerability — EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability — EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.
CVE-2021-22175
GitLab Server-Side Request Forgery (SSRF) Vulnerability in Webhook Processing
11:01 KSA
GitLab Server-Side Request Forgery (SSRF) Vulnerability — GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
CVE-2021-22681
Rockwell Automation Insufficient Protected Credentials in Studio 5000 Logix Designer
02:50 KSA
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability — Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers…
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability — OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
OpenPLC ScadaBR Cross-site Scripting Vulnerability — OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.
CVE-2021-35394
Realtek Jungle SDK Remote Code Execution Vulnerability — RealTek Jungle SDK contains multiple memory corruption vulnerab
11:01 KSA
Realtek Jungle SDK Remote Code Execution Vulnerability — RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
CVE-2021-35395
Realtek AP-Router SDK Buffer Overflow Vulnerability — Realtek AP-Router SDK HTTP web server boa contains a buffer overfl
11:01 KSA
Realtek AP-Router SDK Buffer Overflow Vulnerability — Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).
CVE-2021-35464
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability — ForgeRock Access Management (AM) Core
11:01 KSA
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability — ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFr…
CVE-2021-35587
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Access Manager allows an unauthenticated a
11:01 KSA
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
CVE-2021-3560
Red Hat Polkit Incorrect Authorization Vulnerability — Red Hat Polkit contains an incorrect authorization vulnerability
11:01 KSA
Red Hat Polkit Incorrect Authorization Vulnerability — Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
CVE-2021-36260
Hikvision Improper Input Validation — A command injection vulnerability in the web server of some Hikvision product. Due
11:01 KSA
Hikvision Improper Input Validation — A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
CVE-2021-36380
Sunhillo SureLine OS Command Injection Vulnerablity — Sunhillo SureLine contains an OS command injection vulnerability t
11:01 KSA
Sunhillo SureLine OS Command Injection Vulnerablity — Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/n…
CVE-2021-36741
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and
11:01 KSA
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
CVE-2021-36742
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and
11:01 KSA
Trend Micro Multiple Products Improper Input Validation Vulnerability — Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
CVE-2021-36934
Microsoft Windows SAM Local Privilege Escalation Vulnerability — If a Volume Shadow Copy (VSS) shadow copy of the system
11:01 KSA
Microsoft Windows SAM Local Privilege Escalation Vulnerability — If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
CVE-2021-36942
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability — Microsoft Windows Local Security Authority (LS
11:01 KSA
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability — Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authentic…
CVE-2021-36948
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability — Microsoft Windows Update Medic Service conta
11:01 KSA
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability — Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-36955
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-37415
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11302 is v
11:01 KSA
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
CVE-2021-37973
Google Chromium Portals Use-After-Free Vulnerability — Google Chromium Portals contains a use-after-free vulnerability t
11:01 KSA
Google Chromium Portals Use-After-Free Vulnerability — Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affe…
CVE-2021-37975
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that
11:01 KSA
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-37976
Google Chromium Information Disclosure Vulnerability — Google Chromium contains an information disclosure vulnerability
11:01 KSA
Google Chromium Information Disclosure Vulnerability — Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vul…
CVE-2021-38000
Google Chromium Intents Improper Input Validation Vulnerability — Google Chromium Intents contains an improper input val
11:01 KSA
Google Chromium Intents Improper Input Validation Vulnerability — Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple …
CVE-2021-38003
Google Chromium V8 Memory Corruption Vulnerability — Google Chromium V8 Engine has a bug in JSON.stringify, where the in
11:01 KSA
Google Chromium V8 Memory Corruption Vulnerability — Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including,…
CVE-2021-38163
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver contains a vulnerability that allows unrestricted f
11:01 KSA
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
CVE-2021-38406
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability — Delta Electronics DOPSoft 2 lacks proper validatio
11:01 KSA
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability — Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
CVE-2021-38645
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-38646
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability — Microsoft Office Access Connectivity E
11:01 KSA
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability — Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
CVE-2021-38647
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability — Microsoft Open Management Infrastru
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
CVE-2021-38648
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
CVE-2021-38649
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastruc
11:01 KSA
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability — Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
CVE-2021-39144
XStream Remote Code Execution Vulnerability — XStream contains a remote code execution vulnerability that allows an atta
11:01 KSA
XStream Remote Code Execution Vulnerability — XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability ca…
CVE-2021-39226
Grafana Authentication Bypass Vulnerability — Grafana contains an authentication bypass vulnerability that allows authen
11:01 KSA
Grafana Authentication Bypass Vulnerability — Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
CVE-2021-39793
Google Pixel Out-of-Bounds Write Vulnerability — Google Pixel contains a possible out-of-bounds write due to a logic err
11:01 KSA
Google Pixel Out-of-Bounds Write Vulnerability — Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability — The Red Hat polkit pkexec utility contains an out-of-bounds
11:01 KSA
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability — The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
CVE-2021-40407
Reolink RLC-410W IP Camera OS Command Injection Vulnerability — Reolink RLC-410W IP cameras contain an authenticated OS
11:01 KSA
Reolink RLC-410W IP Camera OS Command Injection Vulnerability — Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF) — A crafted request uri-path can cause mod_proxy to forward the request t
11:01 KSA
Apache HTTP Server-Side Request Forgery (SSRF) — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-40444
Microsoft MSHTML Remote Code Execution Vulnerability — Microsoft MSHTML contains a unspecified vulnerability that allows
11:01 KSA
Microsoft MSHTML Remote Code Execution Vulnerability — Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
CVE-2021-40449
Microsoft Windows Win32k Privilege Escalation Vulnerability — Unspecified vulnerability allows for an authenticated user
11:01 KSA
Microsoft Windows Win32k Privilege Escalation Vulnerability — Unspecified vulnerability allows for an authenticated user to escalate privileges.
CVE-2021-40450
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability — Zoho ManageEngine ADSelfService Plus contains
11:01 KSA
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability — Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
CVE-2021-40655
D-Link DIR-605 Router Information Disclosure Vulnerability — D-Link DIR-605 routers contain an information disclosure vu
11:01 KSA
D-Link DIR-605 Router Information Disclosure Vulnerability — D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.
CVE-2021-40870
Aviatrix Controller Unrestricted Upload of File — Unrestricted upload of a file with a dangerous type is possible, which
11:01 KSA
Aviatrix Controller Unrestricted Upload of File — Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVE-2021-4102
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that
11:01 KSA
Google Chromium V8 Use-After-Free Vulnerability — Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2021-41277
Metabase GeoJSON API Local File Inclusion Vulnerability — Metabase contains a local file inclusion vulnerability in the
11:01 KSA
Metabase GeoJSON API Local File Inclusion Vulnerability — Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
CVE-2021-41357
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-41379
Microsoft Windows Installer Privilege Escalation Vulnerability — Microsoft Windows Installer contains an unspecified vul
11:01 KSA
Microsoft Windows Installer Privilege Escalation Vulnerability — Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-41773
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows
11:01 KSA
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if …
CVE-2021-42013
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows
11:01 KSA
Apache HTTP Server Path Traversal Vulnerability — Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CG…
CVE-2021-42237
Sitecore XP Remote Command Execution Vulnerability — Sitcore XP contains an insecure deserialization vulnerability which
11:01 KSA
Sitecore XP Remote Command Execution Vulnerability — Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
CVE-2021-42258
BQE BillQuick Web Suite SQL Injection Vulnerability — BQE BillQuick Web Suite contains an SQL injection vulnerability wh
11:01 KSA
BQE BillQuick Web Suite SQL Injection Vulnerability — BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.
CVE-2021-42278
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Servic
11:01 KSA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-42287
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Servic
11:01 KSA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
CVE-2021-42292
Microsoft Excel Security Feature Bypass — A security feature bypass vulnerability in Microsoft Excel would allow a local
11:01 KSA
Microsoft Excel Security Feature Bypass — A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability — An authenticated attacker could leverage improper valida
11:01 KSA
Microsoft Exchange Server Remote Code Execution Vulnerability — An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
CVE-2021-43226
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows Common Log File System Driver contains a privil
11:01 KSA
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
CVE-2021-43798
Grafana Path Traversal Vulnerability — Grafana contains a path traversal vulnerability that could allow access to local
11:01 KSA
Grafana Path Traversal Vulnerability — Grafana contains a path traversal vulnerability that could allow access to local files.
CVE-2021-43890
Microsoft Windows AppX Installer Spoofing Vulnerability — Microsoft Windows AppX Installer contains a spoofing vulnerabi
11:01 KSA
Microsoft Windows AppX Installer Spoofing Vulnerability — Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
CVE-2021-44026
Roundcube Webmail SQL Injection Vulnerability — Roundcube Webmail is vulnerable to SQL injection via search or search_pa
11:01 KSA
Roundcube Webmail SQL Injection Vulnerability — Roundcube Webmail is vulnerable to SQL injection via search or search_params.
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11306
11:01 KSA
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability — Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
CVE-2021-44168
Fortinet FortiOS Arbitrary File Download — Fortinet FortiOS "execute restore src-vis" downloads code without integrity c
11:01 KSA
Fortinet FortiOS Arbitrary File Download — Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
CVE-2021-44207
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability — Acclaim Systems USAHERDS contains a hard-coded c
11:01 KSA
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability — Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained …
CVE-2021-44228
Apache Log4j2 Remote Code Execution Vulnerability — Apache Log4j2 contains a vulnerability where JNDI features do not pr
11:01 KSA
Apache Log4j2 Remote Code Execution Vulnerability — Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVE-2021-44515
Zoho Desktop Central Authentication Bypass Vulnerability — Zoho Desktop Central contains an authentication bypass vulner
11:01 KSA
Zoho Desktop Central Authentication Bypass Vulnerability — Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
CVE-2021-44529
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability — Ivanti Endpoint Manager Cloud
11:01 KSA
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability — Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobo…
CVE-2021-45046
Apache Log4j2 Deserialization of Untrusted Data Vulnerability — Apache Log4j2 contains a deserialization of untrusted da
11:01 KSA
Apache Log4j2 Deserialization of Untrusted Data Vulnerability — Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-defa…
CVE-2021-45382
D-Link Multiple Routers Remote Code Execution Vulnerability — A remote code execution vulnerability exists in all series
11:01 KSA
D-Link Multiple Routers Remote Code Execution Vulnerability — A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
CVE-2022-0028
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability — A Palo Alto Networks PAN-OS URL filt
11:01 KSA
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability — A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Linux Kernel Heap-Based Buffer Overflow Vulnerability — Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem C…
CVE-2022-0543
Debian-specific Redis Server Lua Sandbox Escape Vulnerability — Redis is prone to a (Debian-specific) Lua sandbox escape
11:01 KSA
Debian-specific Redis Server Lua Sandbox Escape Vulnerability — Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVE-2022-0609
Google Chromium Animation Use-After-Free Vulnerability — Google Chromium Animation contains a use-after-free vulnerabili
11:01 KSA
Google Chromium Animation Use-After-Free Vulnerability — Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that util…
CVE-2022-0847
Linux Kernel Privilege Escalation Vulnerability — Linux kernel contains an improper initialization vulnerability where a
11:01 KSA
Linux Kernel Privilege Escalation Vulnerability — Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."
CVE-2022-1040
Sophos Firewall Authentication Bypass Vulnerability — An authentication bypass vulnerability in User Portal and Webadmin
11:01 KSA
Sophos Firewall Authentication Bypass Vulnerability — An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
F5 BIG-IP Missing Authentication Vulnerability — F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
CVE-2022-20699
Cisco Small Business RV Series Stack-based Buffer Overflow (CVE-2022-20699)
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20700
Cisco Small Business RV Series Stack-based Buffer Overflow Remote Code Execution
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20701
Cisco Small Business RV Series Stack-based Buffer Overflow (CVE-2022-20701)
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
CVE-2022-20703
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Busine
11:01 KSA
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability — A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrar…
Cisco SD-WAN Path Traversal Vulnerability — Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow …
Cisco IOS XR Open Port Vulnerability — Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability — Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
CVE-2022-21587
Oracle E-Business Suite Web Applications Desktop Integrator Unauthenticated Remote Compromise
11:01 KSA
Oracle E-Business Suite Unspecified Vulnerability — Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-21971
Microsoft Windows Runtime Remote Code Execution Vulnerability CVE-2022-21971
11:01 KSA
Microsoft Windows Runtime Remote Code Execution Vulnerability — Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability — Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
CVE-2022-22071
Qualcomm Chipsets Use-After-Free in Process Shell Memory During Initialization
11:01 KSA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.
Samsung Mobile Devices Use-After-Free Vulnerability — Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
CVE-2022-22536
SAP Multiple Products HTTP Request Smuggling Vulnerability — SAP NetWeaver Application Server ABAP, SAP NetWeaver Applic
11:01 KSA
SAP Multiple Products HTTP Request Smuggling Vulnerability — SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's req…
CVE-2022-22587
Apple Memory Corruption Vulnerability — Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can a
11:01 KSA
Apple Memory Corruption Vulnerability — Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
CVE-2022-22620
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain a use-aft
11:01 KSA
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability — Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit…
CVE-2022-22674
Apple macOS Out-of-Bounds Read Vulnerability — macOS Monterey contains an out-of-bounds read vulnerability that could al
11:01 KSA
Apple macOS Out-of-Bounds Read Vulnerability — macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
CVE-2022-22675
Apple macOS Out-of-Bounds Write Vulnerability — macOS Monterey contains an out-of-bounds write vulnerability that could
11:01 KSA
Apple macOS Out-of-Bounds Write Vulnerability — macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
CVE-2022-22706
Arm Mali GPU Kernel Driver Unspecified Vulnerability — Arm Mali GPU Kernel Driver contains an unspecified vulnerability
11:01 KSA
Arm Mali GPU Kernel Driver Unspecified Vulnerability — Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.
CVE-2022-22718
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspeci
11:01 KSA
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
CVE-2022-2294
WebRTC Heap Buffer Overflow Vulnerability — WebRTC, an open-source project providing web browsers with real-time communi
11:01 KSA
WebRTC Heap Buffer Overflow Vulnerability — WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebR…
CVE-2022-22947
VMware Spring Cloud Gateway Code Injection Vulnerability — Spring Cloud Gateway applications are vulnerable to a code in
11:01 KSA
VMware Spring Cloud Gateway Code Injection Vulnerability — Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
CVE-2022-22948
VMware vCenter Server Incorrect Default File Permissions Vulnerability — VMware vCenter Server contains an incorrect de
11:01 KSA
VMware vCenter Server Incorrect Default File Permissions Vulnerability — VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.
CVE-2022-22954
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability — VMware Workspace ONE Acc
11:01 KSA
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability — VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
CVE-2022-22960
VMware Multiple Products Privilege Escalation Vulnerability — VMware Workspace ONE Access, Identity Manager and vRealize
11:01 KSA
VMware Multiple Products Privilege Escalation Vulnerability — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability — When using routing functionality in VMware Tanz
11:01 KSA
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability — When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and ac…
CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability — Spring MVC or Spring WebFlux application running on JDK 9+
11:01 KSA
Spring Framework JDK 9+ Remote Code Execution Vulnerability — Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
CVE-2022-23131
Zabbix Frontend Authentication Bypass Vulnerability — Unsafe client-side session storage leading to authentication bypas
11:01 KSA
Zabbix Frontend Authentication Bypass Vulnerability — Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
CVE-2022-23134
Zabbix Frontend Improper Access Control Vulnerability — Malicious actors can pass step checks and potentially change the
11:01 KSA
Zabbix Frontend Improper Access Control Vulnerability — Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.
CVE-2022-23176
WatchGuard Firebox and XTM Privilege Escalation Vulnerability — WatchGuard Firebox and XTM appliances allow a remote att
11:01 KSA
WatchGuard Firebox and XTM Privilege Escalation Vulnerability — WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
CVE-2022-23227
NUUO NVRmini2 Devices Missing Authentication Vulnerability — NUUO NVRmini2 devices contain a missing authentication vul
11:01 KSA
NUUO NVRmini2 Devices Missing Authentication Vulnerability — NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
CVE-2022-23748
Dante Discovery Process Control Vulnerability — Dante Discovery contains a process control vulnerability in mDNSResponde
11:01 KSA
Dante Discovery Process Control Vulnerability — Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.
CVE-2022-24086
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability — Adobe Commerce and Magento Open Source
11:01 KSA
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability — Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
CVE-2022-24112
Apache APISIX Authentication Bypass Vulnerability — Apache APISIX contains an authentication bypass vulnerability that a
11:01 KSA
Apache APISIX Authentication Bypass Vulnerability — Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.
CVE-2022-24521
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) Drive
11:01 KSA
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-24682
Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) con
11:01 KSA
Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.
CVE-2022-24706
Apache CouchDB Insecure Default Initialization of Resource Vulnerability — Apache CouchDB contains an insecure default i
11:01 KSA
Apache CouchDB Insecure Default Initialization of Resource Vulnerability — Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
CVE-2022-24816
OSGeo GeoServer JAI-EXT Code Injection Vulnerability — OSGeo GeoServer JAI-EXT contains a code injection vulnerability t
11:01 KSA
OSGeo GeoServer JAI-EXT Code Injection Vulnerability — OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.
CVE-2022-24990
TerraMaster OS Remote Command Execution Vulnerability — TerraMaster OS contains a remote command execution vulnerability
11:01 KSA
TerraMaster OS Remote Command Execution Vulnerability — TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
CVE-2022-2586
Linux Kernel Use-After-Free Vulnerability — Linux Kernel contains a use-after-free vulnerability in the nft_object, allo
11:01 KSA
Linux Kernel Use-After-Free Vulnerability — Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
CVE-2022-26134
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability — Atlassian Confluence Server and Data C
11:01 KSA
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability — Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
CVE-2022-26138
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability — Atlassian Questions For Confluence App has
11:01 KSA
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability — Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and…
CVE-2022-26143
MiCollab, MiVoice Business Express Access Control Vulnerability — A vulnerability has been identified in MiCollab and Mi
11:01 KSA
MiCollab, MiVoice Business Express Access Control Vulnerability — A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a d…
CVE-2022-26258
D-Link DIR-820L Remote Code Execution Vulnerability — D-Link DIR-820L contains an unspecified vulnerability in Device Na
11:01 KSA
D-Link DIR-820L Remote Code Execution Vulnerability — D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
CVE-2022-26318
WatchGuard Firebox and XTM Appliances Arbitrary Code Execution — On WatchGuard Firebox and XTM appliances, an unauthenti
11:01 KSA
WatchGuard Firebox and XTM Appliances Arbitrary Code Execution — On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
CVE-2022-26352
dotCMS Unrestricted Upload of File Vulnerability — dotCMS ContentResource API contains an unrestricted upload of file wi
11:01 KSA
dotCMS Unrestricted Upload of File Vulnerability — dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows …
CVE-2022-26485
Mozilla Firefox Use-After-Free Vulnerability — Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter
11:01 KSA
Mozilla Firefox Use-After-Free Vulnerability — Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
CVE-2022-26486
Mozilla Firefox Use-After-Free Vulnerability — Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Fra
11:01 KSA
Mozilla Firefox Use-After-Free Vulnerability — Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
CVE-2022-26500
Veeam Backup & Replication Remote Code Execution Vulnerability — The Veeam Distribution Service in the Backup & Replicat
11:01 KSA
Veeam Backup & Replication Remote Code Execution Vulnerability — The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading …
CVE-2022-26501
Veeam Backup & Replication Remote Code Execution Vulnerability — The Veeam Distribution Service in the Backup & Replicat
11:01 KSA
Veeam Backup & Replication Remote Code Execution Vulnerability — The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading …
CVE-2022-26871
Trend Micro Apex Central Arbitrary File Upload Vulnerability — An arbitrary file upload vulnerability in Trend Micro Ape
11:01 KSA
Trend Micro Apex Central Arbitrary File Upload Vulnerability — An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
CVE-2022-26904
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service conta
11:01 KSA
Microsoft Windows User Profile Service Privilege Escalation Vulnerability — Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-26923
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — An authenticated user could manipulate a
11:01 KSA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability — An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalatio…
CVE-2022-26925
Microsoft Windows LSA Spoofing Vulnerability — Microsoft Windows Local Security Authority (LSA) contains a spoofing vuln
11:01 KSA
Microsoft Windows LSA Spoofing Vulnerability — Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
CVE-2022-27518
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability — Citrix Application Delive
11:01 KSA
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability — Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to ex…
CVE-2022-27593
QNAP Photo Station Externally Controlled Reference Vulnerability — Certain QNAP NAS running Photo Station with internet
11:01 KSA
QNAP Photo Station Externally Controlled Reference Vulnerability — Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was obser…
CVE-2022-27924
Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) allo
11:01 KSA
Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
CVE-2022-27925
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability — Synacor Zimbra Collaboration Suite (ZCS)
11:01 KSA
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability…
CVE-2022-27926
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability — Synacor Zimbra Collaboration Suite (
11:01 KSA
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.
CVE-2022-2856
Google Chromium Intents Insufficient Input Validation Vulnerability — Google Chromium Intents contains an insufficient v
11:01 KSA
Google Chromium Intents Insufficient Input Validation Vulnerability — Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affe…
CVE-2022-28810
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability — Zoho ManageEngine ADSelfService Plus contains
11:01 KSA
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability — Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.
CVE-2022-29303
SolarView Compact Command Injection Vulnerability — SolarView Compact contains a command injection vulnerability due to
11:01 KSA
SolarView Compact Command Injection Vulnerability — SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.
CVE-2022-29464
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability — Multiple WSO2 products allow for unrestricted file u
11:01 KSA
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability — Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
CVE-2022-29499
Mitel MiVoice Connect Data Validation Vulnerability — The Service Appliance component in Mitel MiVoice Connect allows re
11:01 KSA
Mitel MiVoice Connect Data Validation Vulnerability — The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability — A remote code execution vulnerabi
11:01 KSA
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability — A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run…
CVE-2022-30333
RARLAB UnRAR Directory Traversal Vulnerability — RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerabi
11:01 KSA
RARLAB UnRAR Directory Traversal Vulnerability — RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
CVE-2022-3038
Google Chromium Network Service Use-After-Free Vulnerability — Google Chromium Network Service contains a use-after-free
11:01 KSA
Google Chromium Network Service Use-After-Free Vulnerability — Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browse…
CVE-2022-30525
Zyxel Multiple Firewalls OS Command Injection Vulnerability — A command injection vulnerability in the CGI program of so
11:01 KSA
Zyxel Multiple Firewalls OS Command Injection Vulnerability — A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
CVE-2022-3075
Google Chromium Mojo Insufficient Data Validation Vulnerability — Google Chromium Mojo contains an insufficient data val
11:01 KSA
Google Chromium Mojo Insufficient Data Validation Vulnerability — Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. …
CVE-2022-31199
Netwrix Auditor Insecure Object Deserialization Vulnerability — Netwrix Auditor User Activity Video Recording component
11:01 KSA
Netwrix Auditor Insecure Object Deserialization Vulnerability — Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Su…
CVE-2022-3236
Sophos Firewall Code Injection Vulnerability — A code injection vulnerability in the User Portal and Webadmin of Sophos
11:01 KSA
Sophos Firewall Code Injection Vulnerability — A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
CVE-2022-32893
Apple iOS and macOS Out-of-Bounds Write Vulnerability — Apple iOS and macOS contain an out-of-bounds write vulnerability
11:01 KSA
Apple iOS and macOS Out-of-Bounds Write Vulnerability — Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
CVE-2022-32894
Apple iOS and macOS Out-of-Bounds Write Vulnerability — Apple iOS and macOS contain an out-of-bounds write vulnerability
11:01 KSA
Apple iOS and macOS Out-of-Bounds Write Vulnerability — Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
CVE-2022-32917
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability — Apple kernel, which is included in iOS, iPadOS, and m
11:01 KSA
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability — Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
CVE-2022-33891
Apache Spark Command Injection Vulnerability — Apache Spark contains a command injection vulnerability via Spark User In
11:01 KSA
Apache Spark Command Injection Vulnerability — Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
CVE-2022-34713
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability — A remote code execution vulnerabi
11:01 KSA
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability — A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability — Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
Teclib GLPI Remote Code Execution Vulnerability — Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.
ZK Framework AuUploader Unspecified Vulnerability — ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerabili…
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability — Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to …
Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated rem…
D-Link Routers Buffer Overflow Vulnerability — D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue pr…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
CVE-2022-37969
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log
11:01 KSA
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability — Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability — Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code re…
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability — Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
CVE-2022-40684
Fortinet Multiple Products Authentication Bypass Vulnerability CVE-2022-40684
11:01 KSA
Fortinet Multiple Products Authentication Bypass Vulnerability — Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially cr…
Mitel MiVoice Connect Command Injection Vulnerability — The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability — D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-…
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability — Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-41040
Microsoft Exchange Server SSRF Vulnerability (ProxyNotShell) - CVE-2022-41040
11:01 KSA
Microsoft Exchange Server Server-Side Request Forgery Vulnerability — Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41049)
11:01 KSA
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability — Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
CVE-2022-41080
Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2022-41080)
11:01 KSA
Microsoft Exchange Server Privilege Escalation Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
Microsoft Exchange Server Remote Code Execution Vulnerability — Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the re…
CVE-2022-41091
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41091)
11:01 KSA
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability — Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
⚠️ Threat Intelligence
48 threats
rss:CISA Advisories
—
03:33 KSA
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains vulnerabilities allowing arbitrary code execution and denial of service attacks. Siemens has released an updated version and recommends immedia…
rss:CISA Advisories
—
03:33 KSA
Siemens Analytics Toolkit
Siemens Analytics Toolkit contains improper certificate validation vulnerabilities that enable unauthenticated remote attackers to conduct man-in-the-middle attacks. Siemens has released patches and recommends immediate updates to affec…
rss:CISA Advisories
—
03:33 KSA
SenseLive X3050
Multiple critical vulnerabilities in SenseLive X3050 V1.523 could allow attackers to achieve complete control of the device. Six CVEs have been identified affecting this version, requiring immediate patching to prevent unauthorized device takeove…
rss:Dark Reading
—
02:32 KSA
Exploits Turn Windows Defender into Attacker Tool
Three proof-of-concept exploits are actively targeting Microsoft's Windows Defender security platform, with two remaining unpatched. Attackers are weaponizing the built-in security tool itself to bypass defenses …
rss:The Hacker News
—
02:31 KSA
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors operating The Gentlemen ransomware-as-a-service (RaaS) have been deploying SystemBC proxy malware to compromise victim networks. A compromised C2 server revealed over 1…
rss:CISA Advisories
—
02:31 KSA
Siemens TPM 2.0
Siemens TPM 2.0 modules contain an out-of-bounds read vulnerability that could lead to information disclosure or denial-of-service attacks. Siemens has released updated versions and recommends users update affected products immediately.
Source: …
rss:CISA Advisories
—
02:31 KSA
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
A privilege escalation vulnerability exists in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) that could allow attackers to elevate their privileges. Siemens has released patches and reco…
rss:CISA Advisories
—
02:31 KSA
Silex Technology SD-330AC and AMC Manager
Critical vulnerabilities in Silex Technology SD-330AC and AMC Manager devices allow attackers to execute arbitrary code, cause denial-of-service attacks, or alter configuration settings without authentication. Multiple v…
rss:BleepingComputer
—
01:31 KSA
New Lotus data wiper used against Venezuelan energy, utility firms
A previously undocumented data-wiping malware called Lotus was used in targeted attacks against energy and utility organizations in Venezuela. This malware represents a new threat to critical inf…
rss:CISA Advisories
—
01:31 KSA
Siemens Industrial Edge Management
Siemens Industrial Edge Management contains an authorization bypass vulnerability allowing unauthenticated remote attackers to circumvent authentication and access connected Industrial Edge Devices. This critical vulnerability …
rss:CISA Advisories
—
01:31 KSA
Siemens SCALANCE
Siemens SCALANCE W-700 IEEE 802.11n wireless devices before version V6.6.0 are affected by multiple vulnerabilities. Siemens has released patches and recommends immediate updates to the latest version to mitigate security risks.
Source: https:/…
rss:CISA Advisories
—
01:31 KSA
Hardy Barth Salia EV Charge Controller
Hardy Barth Salia EV Charge Controller firmware versions up to 2.3.81 contain buffer overflow and other vulnerabilities that could allow remote code execution and device crashes. Exploitation could compromise charging infra…
rss:Recorded Future
—
00:20 KSA
Emerging Enterprise Security Risks of AI
Enterprise adoption of agentic AI is rapidly accelerating, with autonomous AI agents being integrated into business applications to execute complex tasks at machine speed. This emerging technology introduces new security …
rss:Dark Reading
—
00:20 KSA
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
A critical remote code execution vulnerability (CVE-2026-1731) in Bomgar RMM tool is being actively exploited to deploy ransomware and compromise supply chains. This vulnerability poses significant …
rss:CISA Advisories
—
00:20 KSA
Zero Motorcycles Firmware
Zero Motorcycles firmware contains a Bluetooth pairing vulnerability allowing attackers to pair with motorcycles without authorization and gain access to all Bluetooth functions, including firmware modification capabilities. This vulner…
rss:CISA Advisories
—
00:20 KSA
Siemens SINEC NMS
Siemens SINEC NMS versions before V4.0 SP3 contain an authorization bypass vulnerability allowing attackers to reset arbitrary user account passwords. This critical vulnerability compromises access control mechanisms in industrial network manag…
rss:The Hacker News
—
22:18 KSA
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
Researchers discovered 22 vulnerabilities in Lantronix and Silex serial-to-IP converters affecting approximately 20,000 devices. These flaws could allow attackers to hijack devices a…
rss:Malwarebytes Lab
—
21:18 KSA
Fake Google Antigravity downloads are stealing accounts in minutes
Cybercriminals are distributing trojanized installers impersonating Google Antigravity that appear legitimate but secretly compromise user accounts. The malware executes normally while covertly s…
rss:SecurityWeek
—
21:18 KSA
Third US Security Expert Admits Helping Ransomware Gang
Angelo Martino, a Florida-based security professional, has pleaded guilty to collaborating with the BlackCat ransomware gang while working as a ransomware negotiator. This case represents the third US secur…
rss:Dark Reading
—
21:17 KSA
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
Google patched a critical remote code execution vulnerability in its AI-based tool caused by improper prompt injection sanitization. The flaw allowed attackers to escape the sandbox and execute arbitrar…
rss:Krebs on Securit
—
21:17 KSA
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British member of the cybercrime group 'Scattered Spider' pleaded guilty to wire fraud conspiracy and aggravated identity theft. The individual admitted involvement in text-message phishing attacks i…
rss:The Hacker News
—
21:17 KSA
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
A ransomware negotiator pleaded guilty to assisting BlackCat ransomware operators in conducting attacks against U.S. companies starting April 2023. Angelo Martino collaborated with the e-crim…
rss:Malwarebytes Lab
—
20:16 KSA
Real Apple notifications are being used to drive tech support scams
Scammers are exploiting legitimate Apple notification emails to deceive users into contacting fraudulent tech support numbers. This social engineering attack leverages the trust users place in o…
rss:SecurityWeek
—
20:16 KSA
Dozens of Malicious Crypto Apps Land in Apple App Store
Malicious cryptocurrency wallet applications disguised as legitimate wallets have infiltrated Apple's App Store, capable of stealing recovery phrases and private cryptographic keys from users. This supply c…
rss:The Hacker News
—
20:16 KSA
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
The article discusses Mean Time To Respond (MTTR) as a critical security metric that impacts data exfiltration risk, service disruption, and regulatory compliance. Mature Security Operations Centers…
rss:BleepingComputer
—
20:16 KSA
UK probes Telegram, teen chat sites over CSAM sharing concerns
Ofcom, the UK's communications regulator, has launched an investigation into Telegram over evidence of child sexual abuse material (CSAM) sharing on the platform. This regulatory action highlights co…
rss:BleepingComputer
—
20:16 KSA
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
IPQS demonstrates how combining identity, device, and network signals can effectively prevent fraud while maintaining seamless user experience. The approach balances security requiremen…
rss:SecurityWeek
—
19:12 KSA
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
Progress released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could be exploited for remote code execution, OS command injection, and WAF detection bypass. These criti…
rss:SecurityWeek
—
19:12 KSA
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
Researchers discovered over 1,500 unsecured Perforce P4 instances that allow attackers to read sensitive files on servers belonging to major organizations. This misconfiguration poses a significant…
rss:Dark Reading
—
19:12 KSA
Chinese APT Targets Indian Banks, Korean Policy Circles
A Chinese APT group is conducting espionage operations against Indian financial institutions and Korean policy-making circles using relatively outdated tactics and techniques. The threat actors appear to be…
rss:The Hacker News
—
19:11 KSA
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Google has patched a vulnerability in its Antigravity IDE that could allow attackers to achieve code execution through prompt injection attacks. The flaw combined the IDE's file-creatio…
rss:The Hacker News
—
19:11 KSA
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
A new variant of the NGate Android malware family has been discovered targeting Brazil by trojanizing the legitimate HandyPay application to steal NFC data and PIN codes. The malware a…
rss:The Hacker News
—
19:11 KSA
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Stolen credentials remain the most reliable entry point for attackers despite industry focus on sophisticated threats like zero-days and supply chain attacks. Identity-based …
rss:BleepingComputer
—
19:11 KSA
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has identified a critical vulnerability in Catalyst SD-WAN Manager that is actively being exploited in cyberattacks. U.S. government agencies have been given a four-day deadline to patch their syst…
rss:Malwarebytes Lab
—
17:36 KSA
Android 17 ends all-or-nothing access to your contacts
Android 17 introduces granular permission controls that allow users to grant apps access to specific contacts rather than their entire contact list. This security enhancement reduces the risk of unauthorized…
rss:SecurityWeek
—
17:36 KSA
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
Three healthcare organizations in Illinois and Texas disclosed data breaches affecting approximately 600,000 individuals. The breaches at Southern Illinois Dermatology, Saint Anthony …
rss:SecurityWeek
—
17:36 KSA
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
CISA has added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, with five of them already being actively exploited in the wild. Organizations using Cisco, Kentico…
rss:BleepingComputer
—
17:36 KSA
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Over 6,400 Apache ActiveMQ servers exposed online are vulnerable to active exploitation of a high-severity code injection vulnerability. Shadowserver discovered widespread exposure of these critical s…
rss:SecurityWeek
—
16:14 KSA
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
North Korean threat actors executed a sophisticated attack on Kelp DAO, targeting LayerZero's Distributed Validator Network (DVN) by compromising Remote Procedure Calls (RPCs) and launching DDoS attacks to…
rss:BleepingComputer
—
16:14 KSA
Former ransomware negotiator pleads guilty to BlackCat attacks
A former cybersecurity incident response employee pleaded guilty to participating in BlackCat (ALPHV) ransomware attacks against U.S. companies in 2023. This case highlights insider threat risks wher…
rss:BleepingComputer
—
15:14 KSA
NGate Android malware uses HandyPay NFC app to steal card data
NGate malware, a variant targeting Android devices, is being distributed through a trojanized version of HandyPay NFC payment application to steal payment card data from users. The malware exploits l…
rss:The Hacker News
—
13:11 KSA
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
CISA added eight newly exploited vulnerabilities to its KEV catalog, including three critical flaws in Cisco Catalyst SD-WAN Manager that are actively being exploited in the wild. Federal …
rss:BleepingComputer
—
05:32 KSA
KelpDAO suffers $290 million heist tied to Lazarus hackers
North Korean state-sponsored Lazarus Group hackers conducted a $290 million cryptocurrency heist targeting KelpDAO, a decentralized finance (DeFi) platform. The attack represents a significant financial …
rss:Dark Reading
—
04:16 KSA
Vercel Employee's AI Tool Access Led to Data Breach
A Vercel employee's compromised access to AI tools resulted in stolen OAuth tokens being exploited for unauthorized data access. Security researchers highlight that OAuth tokens have become a critical atta…
rss:BleepingComputer
—
04:16 KSA
China's Apple App Store infiltrated by crypto-stealing wallet apps
26 malicious applications on Apple's China App Store impersonate legitimate cryptocurrency wallets including Metamask, Coinbase, and Trust Wallet to steal user recovery phrases and drain cry…
rss:BleepingComputer
—
03:00 KSA
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A botnet comprising over 1,570 SystemBC proxy malware hosts, primarily corporate victims, has been identified in connection with Gentlemen ransomware attacks. The discovery reveals the gang's use…
rss:CISA Advisories
—
03:00 KSA
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in PaperCut NG/MF and JetBrains TeamCity, based on evidence of active exploitation in the…
rss:Dark Reading
—
01:56 KSA
Serial-to-IP Devices Hide Thousands of Old and New Bugs
Serial-to-IP converter devices used in operational technology environments contain thousands of known and zero-day vulnerabilities that are increasingly targeted by attackers. These devices, which bridge le…
📰 Cybersecurity News
2 articles
Saudi Arabia Launches National Cybersecurity Authority Integration with Vision 2030 Digital Infrastr
03:18 KSA
The National Cybersecurity Authority (NCA) has announced a comprehensive integration framework aligning cybersecurity governance with Vision 2030's digital transformation objectives. This initiative e…
Vision 2030 Cybersecurity Investment Fund Allocates SAR 2.5 Billion for Regional Threat Intelligence
03:18 KSA
The Public Investment Fund has announced a SAR 2.5 billion allocation to develop a GCC-wide threat intelligence sharing platform as part of Vision 2030's cybersecurity pillar. The platform will integr…
This digest is updated automatically every day — Last updated: Tuesday, April 21, 2026
CVE Archive ·
Threats ·
News