KEV entries used in ransomware campaigns.

Oracle · PeopleSoft Enterprise PeopleTools

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

Check Point · Security Gateway

Check Point Security Gateway Improper Authentication Vulnerability

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Nx · Nx Console

Nx Console Embedded Malicious Code Vulnerability

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

TanStack · TanStack

TanStack Unspecified Vulnerability

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

WebPros · cPanel & WHM and WP2 (WordPress Squared)

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

ConnectWise · ScreenConnect

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

SimpleHelp · SimpleHelp

SimpleHelp Path Traversal Vulnerability

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

SimpleHelp · SimpleHelp

SimpleHelp Missing Authorization Vulnerability

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

JetBrains · TeamCity

JetBrains TeamCity Relative Path Traversal Vulnerability

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

PaperCut · NG/MF

PaperCut NG/MF Improper Authentication Vulnerability

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

Microsoft · Exchange Server

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

Cisco · Secure Firewall Management Center (FMC)

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

BeyondTrust · Remote Support (RS) and Privileged Remote Access (PRA)

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

SmarterTools · SmarterMail

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.

SmarterTools · SmarterMail

SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. This could allow an unauthenticated attacker to supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.

SmarterTools · SmarterMail

SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Meta · React Server Components

Meta React Server Components Remote Code Execution Vulnerability

Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.

Oracle · E-Business Suite

Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

Oracle · E-Business Suite

Oracle E-Business Suite Unspecified Vulnerability

Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.

Fortra · GoAnywhere MFT

Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability

Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Microsoft · SharePoint

Microsoft SharePoint Code Injection Vulnerability

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Microsoft · SharePoint

Microsoft SharePoint Improper Authentication Vulnerability

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.

Microsoft · SharePoint

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Citrix · NetScaler ADC and Gateway

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Fortinet · FortiOS

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.

SAP · NetWeaver

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Microsoft · Windows

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

CrushFTP · CrushFTP

CrushFTP Authentication Bypass Vulnerability

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

Ivanti · Connect Secure, Policy Secure, and ZTA Gateways

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.

Fortinet · FortiOS and FortiProxy

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.

Microsoft · Windows

Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.

VMware · ESXi

VMware ESXi Arbitrary Write Vulnerability

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

Microsoft · Windows

Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

SonicWall · SonicOS

SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.

SimpleHelp · SimpleHelp

SimpleHelp Path Traversal Vulnerability

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.

SonicWall · SMA1000 Appliances

SonicWall SMA1000 Appliances Deserialization Vulnerability

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Fortinet · FortiOS and FortiProxy

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Qlik · Sense

Qlik Sense HTTP Tunneling Vulnerability

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Ivanti · Connect Secure, Policy Secure, and ZTA Gateways

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Mitel · MiCollab

Mitel MiCollab Path Traversal Vulnerability

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Mitel · MiCollab

Mitel MiCollab Path Traversal Vulnerability

Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Cleo · Multiple Products

Cleo Multiple Products Unauthenticated File Upload Vulnerability

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

Cleo · Multiple Products

Cleo Multiple Products Unrestricted File Upload Vulnerability

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.

CyberPersons · CyberPanel

CyberPanel Incorrect Default Permissions Vulnerability

CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.

Zyxel · Multiple Firewalls

Zyxel Multiple Firewalls Path Traversal Vulnerability

Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.

Array Networks · AG/vxAG ArrayOS

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Palo Alto Networks · PAN-OS

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Palo Alto Networks · PAN-OS

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Microsoft · Windows

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.

CyberPersons · CyberPanel

CyberPanel Incorrect Default Permissions Vulnerability

CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root.

Microsoft · SharePoint

Microsoft SharePoint Deserialization Vulnerability

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

Veeam · Backup & Replication

Veeam Backup and Replication Deserialization Vulnerability

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

Mozilla · Firefox

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.

Microsoft · Windows

Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.

Progress · WhatsUp Gold

Progress WhatsUp Gold SQL Injection Vulnerability

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

SonicWall · SonicOS

SonicWall SonicOS Improper Access Control Vulnerability

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Linux · Kernel

Linux Kernel PIE Stack Buffer Corruption Vulnerability

Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

Jenkins · Jenkins Command Line Interface (CLI)

Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

VMware · ESXi

VMware ESXi Authentication Bypass Vulnerability

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Microsoft · Windows

Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

PHP Group · PHP

PHP-CGI OS Command Injection Vulnerability

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Check Point · Quantum Security Gateways

Check Point Quantum Security Gateways Information Disclosure Vulnerability

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

Linux · Kernel

Linux Kernel Use-After-Free Vulnerability

Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.

NextGen Healthcare · Mirth Connect

NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability

NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.

Microsoft · DWM Core Library

Microsoft DWM Core Library Privilege Escalation Vulnerability

Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.

Palo Alto Networks · PAN-OS

Palo Alto Networks PAN-OS Command Injection Vulnerability

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Microsoft · SharePoint Server

Microsoft SharePoint Server Code Injection Vulnerability

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Ivanti · Endpoint Manager Cloud Service Appliance (EPM CSA)

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

Fortinet · FortiClient EMS

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

JetBrains · TeamCity

JetBrains TeamCity Authentication Bypass Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

Microsoft · Windows

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

ConnectWise · ScreenConnect

ConnectWise ScreenConnect Authentication Bypass Vulnerability

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.

Cisco · Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

Cisco ASA and FTD Information Disclosure Vulnerability

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.

Microsoft · Windows

Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Fortinet · FortiOS

Fortinet FortiOS Out-of-Bound Write Vulnerability

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.

Ivanti · Connect Secure, Policy Secure, and Neurons

Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

Atlassian · Confluence Data Center and Server

Atlassian Confluence Data Center and Server Template Injection Vulnerability

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Ivanti · Endpoint Manager Mobile (EPMM) and MobileIron Core

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

Ivanti · Connect Secure and Policy Secure

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

Microsoft · SharePoint Server

Microsoft SharePoint Server Privilege Escalation Vulnerability

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Ivanti · Connect Secure and Policy Secure

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

Adobe · ColdFusion

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Adobe · ColdFusion

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Qlik · Sense

Qlik Sense Path Traversal Vulnerability

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

Qlik · Sense

Qlik Sense HTTP Tunneling Vulnerability

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

SysAid · SysAid Server

SysAid Server Path Traversal Vulnerability

SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.

Atlassian · Confluence Data Center and Server

Atlassian Confluence Data Center and Server Improper Authorization Vulnerability

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.

Apache · ActiveMQ

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

F5 · BIG-IP Configuration Utility

F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

Citrix · NetScaler ADC and NetScaler Gateway

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Atlassian · Confluence Data Center and Server

Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.

Progress · WS_FTP Server

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

JetBrains · TeamCity

JetBrains TeamCity Authentication Bypass Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

Laravel · Ignition

Laravel Ignition File Upload Vulnerability

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

Zyxel · EMG2926 Routers

Zyxel EMG2926 Routers Command Injection Vulnerability

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Cisco · Adaptive Security Appliance and Firepower Threat Defense

Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

RARLAB · WinRAR

RARLAB WinRAR Code Execution Vulnerability

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.

Ivanti · Sentry

Ivanti Sentry Authentication Bypass Vulnerability

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Veeam · Backup & Replication

Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability

Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Ivanti · Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.