Vulnerability Details
The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Tuesday 06 May 2025

Patch
Monthly Patches are out for Android, with 29 vulnerabilities, all rated High, plus Imagination Technologies, Arm, MediaTek, and Qualcomm updates.
More info.
TCMAN

Patch
GIM v11 has been updated to fix 6 security vulnerabilities. Highest CVSSv4 score of 9.3
More info.
IBM

Patch
IBM has published a Critical bulletin for Business Automation Insights.
More info.
Monday 05 May 2025
Qualcomm

Patch
Monthly Patches are out for Qualcomm, with 12 vulnerabilities, 1 rated Critical and the rest High, plus open source software updates. Highest CVSSv3 score of 8.2
More info.
MediaTek

Patch
MediaTek has published Monthly Patches with 6 CVEs, 1 rated High and 5 rated Medium. Highest CVSSv4 score of 7.5.
More info.
IBM

Patch
IBM has published Critical bulletins for Cloud Pak for Business Automation, Cloud Pak for Network Automation, Cloud Pak System, Watson for Speech Services Cartridge, Planning Analytics Cartridge, and watsonx Orchestrate Cartridge.
More info.
NetApp

New
NetApp has published 10 new bulletins identifyng vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.7
No patches yet.
More info.
Linux

Patch
Mageia has updated the kernel. More info.
Thursday 01 May 2025
Wednesday 30 April 2025

Patch
Google has updated Chrome for Desktop to fix 8 security vulnerabilities.
More info.
Mozilla

Patch
Mozilla has published security updates for Thunderbird, Thunderbird ESR, Firefox, and Firefox ESR, all rated High.
More info.
Tenable

Patch
Tenable Identity Exposure has been updated to fix vulnerabiltiies in third-party software. Highest CVSSv3 score of 10.
More info.
Splunk

Patch
Splunk remedied vulnerabilities in third-party software in Splunk User Behavior Analytics.
More info.
IBM

Patch
IBM has published Critical bulletins for SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem.
More info.
Linux

Patch
Tuesday 29 April 2025
Apache

Patch
Tomcat contains an incorrect error handling vulnerability for some invalid HTTP priority headers could result in a DoS.
More info.
SICK

Patch
PowerDNS

Patch
PowerDNS DNSdist contains an emergency release fixing a security issue that allows a remote attacker to cause a DoS.
More info.
Ribbon
Communications

Patch
Ribbon Communications Apollo has been updated to fix several vulnerabilities, including Use of Hard-coded Credentials.
More info.
IBM

Patch
IBM has published Critical bulletins for Operational Decision Manager, Cloud Transformation Advisor, Cloud Pak for Security, Rapid Infrastructure Automation, API Connect, and Cloud Pak for Business Automation.
More info.
Monday 28 April 2025
SAP

Exploit
Wiesemann
& Theis

Patch
Com-Server firmware supports the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to MitM attacks. CVSSv3 score of 9.1
More info.
NetApp

New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.
No patches yet.
More info.
IBM

Patch
IBM has published Critical bulletins for CICS TX Advanced and QRadar SIEM.
More info.
Linux

Patch
Debian has updated the kernel. More info.
Friday 25 April 2025
Microsoft

Patch
Microsoft has updated Edge with the latest chromium security fixes.
More info.
Johnson
Controls

Patch
Nice

New
Planet
Technology

Patch
Planet Technology Network Products contain several vulnerabilities, including OS command injection, use of hard-coded credentials, and missing authentication for critical function. Highest CVSSv4 score of 9.3
More info.
Bosch

Patch
Multiple ctrlX OS vulnerabilities exist in Device Admin and Solutions. Highest CVSSv3 score of 7.5
More info.
Mitsubishi
Electric

Patch
A DoS vulnerability exists in the Ethernet function of multiple FA products. CVSSv3 score of 5.9
More info.
Thursday 24 April 2025
HPE

Patch
A security vulnerability in Apache Tomcat has been identified in HPE Telco Service Orchestrator software could allow a remote attacker to achieve RCE. CVSSv3 score of 9.8
More info.
Security vulnerabilities have been identified in "HPE Telco Network Function Virtual Orchestrator" software. Highest CVSSv3 score of 9.1.
More info.
Linux

Patch
Ubuntu has updated the kernel. More info.
Wednesday 23 April 2025

Patch
XWiki

Patch
XWiki contains a vulnerability that allows a remote attacker to escape from the HQL execution context and perform a blind SQL injection. CVSSv4 score of 9.3
More info.
Spring

Patch
A recent fix broke a vulnerability mitigation in Spring Security. CVSSv3 score of 5.3
More info.
Trellix

Patch
Trellix Endpoint Security has been updated to fix a persistent DoS vulnerability.
More info.
CODESYS

Patch
A remote attacker can read static visualization files of the CODESYS WebVisu. CVSSv3 score of 5.3
More info.
Linux

Patch
Ubuntu has updated the kernel. More info.
Tuesday 22 April 2025
Hitachi

Patch
Multiple vulnerabilities have been found in JP1. Highest CVSSv3 score of 8.1
More info.
HPE

Patch
Security vulnerabilities have been identified in HPE UOCAM that could allow a remote attacker to achieve DoS, Remote Buffer Overflow, and RCE. Highest CVSSv3 score of 9.1
More info.
PyTorch

Patch
PyTorch contans a RCE vulnerability. CVSSv4 score of 9.3
More info.
TRUMPF

Patch
TRUMPF products contain a RCE vulnerability in log4net. CVSSv3 score of 9.8
More info.
IBM

Patch
IBM has published Critical bulletins for Power HMC, QRadar Suite, CICS TX Standard, App Connect Enterprise,
More info.
Dell

Patch
Dell has published Critical bulletins for APEX Cloud Platform, SRM, SMR, and PowerStore X.
More info.
Monday 21 April 2025
Microsoft

Patch
Microsoft has updated Edge with the latest chromium updates.
More info.
Tenable

Patch
Nessus has been updated to fix 3rd party software vulnerabilities. Highest CVSSv3 score of 8.1
More info.
ASUS

Patch
An improper authentication control vulnerability exists in certain ASUS router firmware series that can be triggered by a crafted request, potentially leading to unauthorized execution of functions.. CVSSv3 score of 7.5
More info.
Yokogawa

Patch
BD

Patch
BD has published Critical bulletins for IDM, Pyxis, Data Agent, CCE, and Alaris.
More info.
NetApp

New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.5
No patches yet.
More info.
PRODUCT

GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
PRODUCT

INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
PRODUCT

HIGH
This alert state indicates a more serious vulnerability which is exploitable.
PRODUCT

CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

NEW
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

+24hrs
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Patch
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.

Exploit
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.

ZERO
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.