Progress
Security
Flowmon ADS analyses network threats; the flaw lets a clicked malicious link trigger unwanted actions in an admin’s session.
More Info....
CVSS Score v4 - 8.6
Honeywell
OT
Honeywell IQ4x is a building management controller; its default open HMI lets attackers create admin accounts and lock out operators.
More Info...
CVSS Score v4 - 10
Veeam
Patch
Multiple vulnerabilities - Authenticated domain users can execute remote code on the Backup Server, bypass restrictions, manipulate Backup Repository files, and let Backup Administrators perform RCE in high availability setups.
More Info....
CVSS Score v3 - 7.7 - 9.9
Trane
OT
Multiple vulnerabilities - Broken cryptographic algorithm lets attackers bypass authentication and gain root; other flaws enable DoS, sensitive data access, and account takeover in Tracer SC/SC+/Concierge.
More info....
CVSS Score v3 - 5.8 - 8.1
Palo Alto
Monthly
Monthly - Number of patches: 10, Number of critical patches: 0
More Info....
CVSS Score v3 - Multiple
Splunk
Patch
Splunk flaw let users with edit_cmd run shell commands via a REST endpoint; fixed by updates or removing the capability.
More Info...
CVSS Score v3 - 8
Navtor
Maritime
Multple vulnerabilities (3) -Unauthenticated attackers can access internal data, retrieve arbitrary system files, and expose application internals via missing authentication, path traversal, and verbose errors.
More Info....
CVSS Score v3 - 5.3-7.5
GitLab
Patch
GitLab is a DevOps platform; the flaw let authenticated users inject JavaScript in markdown due to improper sanitization.
More info....
CVSS Score v3 - 8.7
Fortinet
Security
FortiSwitch manages network switching; Overflow via crafted LLDP packet lets nearby attackers run unauthorized code.
More Info....
CVSS Score v3 - 8.8
Microsoft
Monthly
Monthly - Number of patches: 78, Number of critical patches: 0
More Info...
CVSS Score v3 - Multiple
Adobe
Monthly
Monthly - Number of patches: 80, Number of critical patches: 0
More Info....
CVSS Score v3 - Multiple
Zoom
Patch
Critical Zoom Workplace for Windows flaw lets attackers control file paths.
More info....
CVSS Score v3 - Critical
HPE
Patch
AOS‑CX switches provide network management; Unauthenticated access could bypass auth and allow admin password reset.
More Info....
CVSS Score v4 - 9.8
GitHub
Patch
GitHub Enterprise Server hosts private source code; Unsanitised push options let attackers with push access inject headers and gain RCE.
More Info....
CVSS Score v4 - 8.7
SAP
Monthly
Monthly - Number of patches: 15, Number of critical patches: 2
More Info....
CVSS Score v3 - Multiple
Schneider
Monthly
Monthly - Number of patches: 9, Number of critical patches: 3
More Info...
CVSS Score v3 - Multiple
Siemens
Monthly
Monthly - Number of patches: 17, Number of critical patches: 12
More Info....
CVSS Score v3 - Multiple
Kubernetes
Patch
Kubernetes ingress‑nginx, which routes external traffic to cluster services, has a flaw allowing config injection, code execution, and Secret access.
More info....
CVSS Score v3 - 8.8
Zitadel
Security
ZITADEL identity platform; XSS in /saml-post enabling possible account takeover.
More Info....
CVSS Score v3 - 9.3
Sick AG
Patch
Image‑based barcode reader; Allows unauthenticated read/write of sensitive files and execution of arbitrary Lua code.
More Info...
CVSS Score v3 - 9.8
Trivy
Security
Trivy VS Code extension, a vulnerability scanner, was compromised with malicious data‑stealing code using a local AI coding agent.
More Info....
CVSS Score v4 - 10
RedHat
Security
RedHat's Keycloak is an open‑source IAM platform, and a flaw lets a disabled SAML client still trigger IdP‑initiated SSO, enabling unauthorized access.
More Info...
CVSS Score v3 - 8.6
Microsoft
Patch
Microsoft Devices Pricing Program gives eligible organizations discounted hardware; a RCE flaw was disclosed and fully mitigated by Microsoft.
More Info....
CVSS Score v3 - 9.8
OpenClaw
Patch
OpenClaw <2026.2.14 lets attackers execute privileged slash commands through direct messages, enabling unauthorized privilege escalation.
More info....
CVSS Score v4 - 9.8
RustDesk
Patch
RustDesk is an RDP application; clients ≤1.4.5 allow session replay due to weak password‑hash and capture‑replay flaws.
More Info....
CVSS Score v4 - 9.3
Cisco
Security
Firewall management; vulnerability lets crafted HTTP bypass authentication and run scripts to obtain root access.
More Info....
CVSS Score v3 - 10
Cisco
Security
Firewall VPN web server; vulnerability lets crafted HTTP floods crash the device via DoS.
More Info...
CVSS Score v3 - 8.6
Cloudflare
Patch
High‑performance Rust proxy; vulnerability lets smuggled Upgrade requests bypass controls to enable session hijacking.
More Info....
CVSS Score v4 - 9.3
Multer
Patch
Multer handles file uploads in Node.js; vulnerability lets malformed requests crash the server via DoS.
More info....
CVSS Score v4 - 8.7
Apache
Security
Apache Ranger secures data access; this flaw lets attackers run arbitrary code, risking full system compromise.
More Info....
CVSS Score v3 - 9.8
WatchGuard
Security
WatchGuard Fireware OS secures network traffic; this flaw lets a privileged admin overwrite memory and run arbitrary root‑level code.
More Info...
CVSS Score v4 - 8.6
Labkotec
Patch
Labkotec LID‑3300IP detects ice; this flaw lets unauthenticated attackers change settings and run commands via crafted packets.
More info....
CVSS Score v3 - 8.8
Patch
Google Cloud Build automates CI/CD; this flaw let remote attackers run arbitrary code in builds before the 2026‑01‑26 fix.
More Info....
CVSS Score v4 - 8.7
Broadcom
Patch
Brocade ASCG manages support‑link and streaming config; this flaw lets unauthorized users run ASCG actions or disable key BSL functions.
More Info....
CVSS Score v4 - 8.3
AWS
Security
AWS-LC is a cryptographic library for AWS services. In versions before 1.69.0, improper certificate validation lets attackers bypass PKCS7 chain checks.
More Info....
CVSS Score v3 - 8.7
Android
Monthly
Patches for critical and high‑severity vulnerabilities detailed across multiple components. 129 vulnerabilities of which are 10 critical.
More Info...
CVSS Score v4 - <9.9
HP
Patch
HPE AutoPass License Server manages software licences; versions before 9.19 allow remote attackers to bypass authentication controls.
More Info....
CVSS Score v4 - 10
AFFiNE
Patch
AFFiNE is an open-source productivity workspace tool. Versions before 0.25.4 allow RCE by embedding specially crafted URL on a website.
More info....
CVSS Score v3 - 8.8
Mitsubishi
Patch
Mitsubishi Electric FX5-ENET/IP enables Ethernet/IP for PLCs; remote attackers can cause denial-of-service via repeated UDP packets, requiring reset.
More Info....
CVSS Score v4 - 8.7
TP-Link
Patch
TP‑Link has disclosed command injection (CVSSv4 8.5) and path traversal vulnerabilities in the Deco BE25, allowing authenticated adjacent attackers to execute arbitrary commands or access restricted files.
More Info....
CVSS Score v4 - Multiple
Xerox
Patch
Xerox FreeFlow Core automates print workflows for businesses. Path traversal flaw in versions ≤8.0.7 allows unauthorised remote code execution.
More Info....
CVSS Score v3 - 9.8
Johnson
Patch
Johnson Controls Frick Controls Quantum HD manages industrial refrigeration; versions 10.22 and prior allow unauthenticated code injection via input validation flaw.
More Info...
CVSS Score v4 - 8.8
NestJs
Patch
NestJS is a Node.js web framework for building APIs. nest.js 11.1.13 allows auth bypass if Fastify path-normalisation options are enabled.
More Info....
CVSS Score v4 - 8.2
Trend Micro
Security
Trend Micro Apex One - 8 vulnerabilities including 2 critical
More Info....
CVSS Score v3 - 7.2-9.8
Copeland
Patch
Copeland XWEB Pro manages refrigeration/HVAC systems; versions ≤1.12.1 allow attackers to bypass authentication and execute code before login.
More Info...
CVSS Score v3 - 10
OpenClaw
Patch
OpenClaw is an AI automation tool. In versions before 2026.2.23, sort validation could be bypassed, allowing unauthorised execution.
More Info....
CVSS Score v3 - 9.9
Hoppscotch
Patch
Hoppscotch is an API development ecosystem. Versions before 2026.2.0 allow unauthenticated config overwrite, exposing OAuth and stored credentials.
More info....
CVSS Score v3 - 9.1
Elastic
Patch
Elastic Kibana visualises Elasticsearch data; flaw in Workflows allows privileged users to read files and perform SSRF via code injection.
More Info....
CVSS Score v3 - 8.6
Patch
Google Cloud Vertex AI Workbench enables data science workflows; versions before 30 Jan 2026 let attackers steal user access tokens via startup script abuse.
More Info....
CVSS Score v4 - 8.4
Zitadel
Security
Zitadel is an identity management platform. Flaw let users mark their email and phone as verified without real verification, risking email-based policy bypass.
More Info....
CVSS Score v4 - 8.2
Cisco
Patch
Multiple vulnerabilities in Cisco Catalyst SD‑WAN Manager allow attackers to bypass authentication, escalate privileges, access sensitive information, and overwrite system files, with CVSS scores up to 9.8.
More Info...
CVSS Score v4 - Multiple
n8n
Patch
n8n is a workflow automation tool. Its Form node was vulnerable to second‑order expression injection by an unauthenticated attacker via crafted form data.
More Info....
CVSS Score v4 - 9.5
Juniper
Patch
Junos OS Evolved flaw on PTX routers exposes on-box Anomaly Detection externally, allowing unauthenticated remote attackers to execute code as root.
More info....
CVSS Score v4 - 9.3
ServiceNow
Patch
ServiceNow AI Platform automates business workflows. Vulnerability allowed remote code execution in ServiceNow Sandbox from unauthenticated users.
More Info....
CVSS Score v4 - 9.2
VMware
Patch
VMware Aria Operations is an IT operations management platform; flaw lets unauthenticated attackers remotely run commands during support-assisted migration.
More Info....
CVSS Score v3 - 8.1
Lanscope
Security
Lanscope Endpoint Manager manages endpoint security for businesses. Path traversal flaw lets attackers tamper with files and run code on affected systems.
More Info....
CVSS Score v4 - 9.3
EventSecurity
Security
EventSentry is a hybrid SIEM; versions before 6.0.1.20 allow password changes without current password, risking account takeover and escalation.
More Info...
CVSS Score v4 - 8.6
ASUSTOR
Patch
ASUSTOR ADM is a NAS operating system. Improper filename sanitization in its FTP Backup feature allows for path traversal.
More Info....
CVSS Score v4 - 9.2
Dell
Patch
Dell Wyse Management Suite manages thin clients; versions before 5.5 allow remote low-privilege attackers to elevate privileges due to missing authorisation.
More info....
CVSS Score v3 - 8.8
Hitachi
Patch
Hitachi Energy RTU500 series, remote terminal units for power grids, are vulnerable to DoS via an invalid U-format frame when bi-directional mode is enabled.
More Info....
CVSS Score v4 - 8.7
GitLab
Patch
GitLab released versions 18.9.1, 18.8.5, and 18.7.5 with important security and bug fixes. Immediate upgrade recommended.
More Info....
CVSS Score v4 - Multiple
SolarWinds
Patch
Serv-U is SolarWinds' file transfer server software. Broken access control lets admins create system admin users and run code as privileged accounts.
More Info....
CVSS Score v3 - 9.1
Zyxel
Patch
Zyxel security advisory for null pointer dereference and command injection vulnerabilities in certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders.
More Info...
CVSS Score v3 - Multiple
ManageEngine
Security
Zoho ManageEngine ADSelfService Plus is a self-service password tool; versions 6522 and below allow authenticated SQL Injection via search report option.
More Info....
CVSS Score v3 - 8.3
OneUptime
Patch
OneUptime monitors online services; versions ≤9.5.13 let any user run code via node:vm, risking full cluster compromise and credential exposure.
More Info...
CVSS Score v3 - 9.9
Sentry
Patch
Sentry error tracking monitors app issues for teams. Sentry 21.12.0–26.1.0 SAML SSO flaw lets attackers hijack accounts via malicious SAML IdP. Fixed in 26.2.0.
More Info....
CVSS Score v3 - 9.1
OpenSift
Patch
OpenSift, an AI study tool for semantic search, 1.1.2-alpha and below allow XSS via unsafe HTML in chat UI, letting attackers run scripts as users.
More info....
CVSS Score v4 - 8.6
ZoneMinder
Patch
ZoneMinder CCTV software manages video feeds and events. Versions 1.36.37 and below, 1.37.61-1.38.0 have authenticated SQL Injection in status.php.
More Info....
CVSS Score v3 - 8.8
Patch
Google Cloud Vertex AI SDK enables machine learning workflows; versions 1.98.0–1.130.0 allow stored XSS in _genai/_evals_visualization, risking code execution.
More Info....
CVSS Score v4 - 8.6
HPE
Patch
HPE Telco Service Activator has a potentially critical Host‑header flaw (CVE‑2025‑12543); update to version 10.5.0 to fix it.
More Info....
CVSS Score v3 - 9.6
Ghost
Patch
Ghost is a Node.js content management system. Versions 3.24.0-6.19.0 let unauthenticated attackers read database data; fixed in 6.19.1.
More Info...
CVSS Score v3 - 9.4
Dell
Patch
Dell Unisphere for PowerMax: storage management software. Missing authorisation allows remote low-privilege attackers unauthorised access.
More Info....
CVSS Score v3 - 8.8
OpenClaw
Patch
OpenClaw is a personal AI assistant. Versions 2026.1.8-2026.2.13 allow command injection via crafted commit author emails in a maintainer script. Patch: 2026.2.14.
More info....
CVSS Score v4 - 8.6
Microsoft
Patch
Microsoft Teams is a collaboration platform for chat and meetings; improper access control lets attackers disclose information over a network.
More Info....
CVSS Score v3 - 8.2
F5 BIG-IP
Security
F5 BIG-IP AFM/DDoS: Network security and DDoS protection. Undisclosed traffic may cause TMM to terminate, risking service disruption.
More Info....
CVSS Score v4 - 8.7
OpenStack
Patch
OpenStack Nova manages virtual machines in clouds. Vulnerability in Flat image backend allows unsafe image resize, risking host data loss.
More Info...
CVSS Score v3 - 8.2
Splunk
Patch
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise
More Info....
CVSS Score v3 - Multiple
Dell
Patch
Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
More info....
CVSS Score v4 - Multiple
Tenable
Security
Tenable Security Center manages vulnerability data; authenticated remote attackers can inject commands, executing code on the server.
More Info....
CVSS Score v4 - 8.8
Atlassian
Monthly
Atlassian Monthly Patches - 16 Patches, 3 Critical
More Info...
CVSS Score v3 - Multiple
Dell
Patch
Dell RecoverPoint for VMs enables data protection and recovery; versions before 6.0.3.1 HF1 have hardcoded credentials, risking unauthorised OS access.
More Info....
CVSS Score v3 - 10
Glory Global
Patch
Glory RBG-100 recycler automates cash handling in banks; hard-coded admin credentials in ISPK-08 allow remote attackers full system access via SSH.
More info....
CVSS Score v4 - 9.8
Microsoft
Patch
Windows Admin Center manages Windows servers remotely; Microsoft: Improper authentication lets authorised attackers elevate privileges over a network.
More Info....
CVSS Score v3 - 8.8
IBM
Patch
IBM DataStage on Cloud Pak for Data processes enterprise data; flaw lets authenticated users upload files, execute commands, and access sensitive data.
More Info....
CVSS Score v3 - 8.8
Caido
Security
Caido web security toolkit audits web apps; before 0.55.0, X-Forwarded-Host header could bypass domain restrictions on port 8080.
More Info....
CVSS Score v3 - 8.1
IBM
Patch
IBM Java Buffer overflow vulnerability in Eclipse OMR port library affects IBM Cloud Pak System.
More Info...
CVSS Score v3 - 9.8
Hyland
Patch
Hyland OnBase Workflow Timer Service exposes an unauthenticated .NET Remoting endpoint on TCP 8900 that allows unsafe object deserialization, leading to arbitrary file read/write and potential RCE or NTLM hash coercion.
CVSS Score v4 - 10
NetApp
Patch
Multiple NetApp products could be susceptible to a vulnerability in Active Storage. This could lead to disclosure of information, modification of data or Denial of Service.
More Info....
CVSS Score v3 - Mutltiple
Juniper
Security
Juniper Secure Analytics (JSA) 7.5.0 (prior to UP14 IF01) contained multiple critical vulnerabilities, fixed in update 7.5.0 UP14 IF01.
More Info...
CVSS Score v3 - 9.1
PostgreSQL
Patch
PostgreSQL is an open-source relational database system. intarray extension input validation flaw lets attackers run code as the database OS user.
More Info....
CVSS Score v3 - 8.8
AMD
Patch
Chip debug interface for embedded systems; improper access control lets privileged attackers enable debug, risking data confidentiality or integrity.
More info....
CVSS Score v4 - 8.7
Palo Alto
Monthly
Palo Alto Monthly Patches - 15 Patches, 0 Critical
More Info....
CVSS Score v3 - Mutltiple
METIS
OT Patch
METIS WIC devices manage industrial control systems; versions ≤2.1.234-r18 allow unauthenticated remote root command execution via /console endpoint.
More Info...
CVSS Score v3 - 9.8
QNAP
Monthly
QNAP NAS operating systems manage network storage devices. QNAP OS had a link following flaw allowing remote attackers to access unintended file locations.
More Info....
CVSS Score v4 - 9.2
Pillow
Patch
Pillow Python library processes images; versions 10.3.0–12.1.0 allow out-of-bounds write when loading crafted PSD files, fixed in 12.1.1.
More info....
CVSS Score v4 - 8.9
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating. This is also used where the CVSS value is 10.
Security
Vendors of cyber security products should know better and given their importance they are highlighted when vulnerable, often combined with critival severity
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours.
Patch
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.
Exploit
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.
OT
This bottom descriptor indicates that the vulnerable product is Operational Technology (OT) such as an Industrial Control System (ICS). OT is not to be confused with Information Technology (IT)
ZERO
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.
LOCAL
Whilst vulnerabilities reported are remotely exploitable, there are rare occasions when we will report on a vulnerability with a locally exploitable attack vector (AV:L)
Monthly
Several vendors release multiple patches on or around the same day each month.
The severity level will reflect the highest vulnerability