NetApp
Patch
Multiple NetApp products could be susceptible to a vulnerability in Active Storage. This could lead to disclosure of information, modification of data or Denial of Service.
More Info....
CVSS Score v3 - Mutltiple
Juniper
Security
Juniper Secure Analytics (JSA) 7.5.0 (prior to UP14 IF01) contained multiple critical vulnerabilities, fixed in update 7.5.0 UP14 IF01.
More Info...
CVSS Score v3 - 9.1
PostgreSQL
Patch
PostgreSQL is an open-source relational database system. intarray extension input validation flaw lets attackers run code as the database OS user.
More Info....
CVSS Score v3 - 8.8
AMD
Patch
Chip debug interface for embedded systems; improper access control lets privileged attackers enable debug, risking data confidentiality or integrity.
More info....
CVSS Score v4 - 8.7
Palo Alto
Monthly
Palo Alto Monthly Patches - 15 Patches, 0 Critical
More Info....
CVSS Score v3 - Mutltiple
METIS
OT Patch
METIS WIC devices manage industrial control systems; versions ≤2.1.234-r18 allow unauthenticated remote root command execution via /console endpoint.
More Info...
CVSS Score v3 - 9.8
QNAP
Monthly
QNAP NAS operating systems manage network storage devices. QNAP OS had a link following flaw allowing remote attackers to access unintended file locations.
More Info....
CVSS Score v4 - 9.2
Pillow
Patch
Pillow Python library processes images; versions 10.3.0–12.1.0 allow out-of-bounds write when loading crafted PSD files, fixed in 12.1.1.
More info....
CVSS Score v4 - 8.9
Fortinet
Security
Fortinet FortiSandbox analyses files for threats; flaw allows unauthenticated attackers to run scripts via crafted requests (XSS) in multiple versions.
More Info....
CVSS Score v3 - 8.8
Ivanti
Security
Ivanti Endpoint Manager manages devices and security; before 2024 SU5, remote attackers could bypass authentication and leak stored credentials.
More Info...
CVSS Score v3 - 8.6
MongoDB
Patch
MongoDB is a NoSQL database for storing and managing data. Unauthenticated crafted messages can exhaust memory and crash MongoDB server.
More Info....
CVSS Score v4 - 8.7
Python
Patch
Python cryptography library offers cryptographic tools; before 46.0.5, SECT curve public key validation flaw risks key leaks and signature forgery.
More Info....
CVSS Score v4 - 8.2
RedHat
Security
Keycloak identity and access management platform: Fails to check if Identity Provider is enabled, allowing token issuance from disabled IdPs.
More Info....
CVSS Score v3 - 8.8
BeyondTrust
Security
BeyondTrust RS & PRA enable secure remote system access; critical flaw lets unauthenticated attackers run OS commands via crafted requests.
More Info....
CVSS Score v4 - 9.9
Fortinet
Security
Fortinet FortiClientEMS manages endpoint security for networks. SQL injection flaw lets unauthenticated attackers run code via crafted HTTP requests.
More Info...
CVSS Score v3 - 9.8
GitLab
Patch
GitLab AI Gateway enables secure AI model access; versions before 18.6.2 allow crafted templates to cause denial of service or code execution.
More Info....
CVSS Score v3 - 9.9
Microsoft
Patch
Microsoft Semantic Kernel builds and manages AI agents; versions before 1.70.0 allow arbitrary file write via SessionsPythonPlugin, risking file compromise.
More info....
CVSS Score v3 - 9.9
IBM
Patch
Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1.
More Info....
CVSS Score v4 - Multiple
Patch
Google Cloud Gemini Enterprise manages cloud data and AI. Predictable bucket names let attackers access logs via bucket squatting before user setup.
More Info....
CVSS Score v4 - 9.1
GNU
Patch
Multiple NetApp products incorporate GNU Internet Utilities. Versions through 2.7 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service.
More Info....
CVSS Score v3 - Multiple
Microsoft
Monthly
Microsoft Azure Arc: Hybrid cloud management platform. Elevation of privilege flaw lets attackers gain higher access in Microsoft Azure Arc.
More Info...
CVSS Score v3 - 8.6
IBM
Patch
IBM Aspera Console manages file transfers for enterprises. Versions 3.4.0–3.4.8 allow remote SQL injection, risking database data exposure or change.
More Info....
CVSS Score v3 - 8.6
IBM CCA
Security
IBM CCA secures cryptographic operations on mainframes; flaw lets unauthenticated users run commands with elevated privileges on the system.
More Info....
CVSS Score v3 - 9.8
F5 WAF
Security
F5 BIG-IP Advanced WAF secures web apps; certain requests may cause bd process termination, leading to denial of service under specific conditions.
More Info...
CVSS Score v4 - 8.2
Zenitel
Patch
Zenitel TCIS-3+ is an IP intercom device. Authenticated users can execute arbitrary system commands via uploaded file names in versions before 9.2.3.3.
More Info....
CVSS Score v3 - 10
HubSpot
Patch
HubSpot JinJava renders Jinja templates in Java; versions before 2.8.3 contain a sandbox bypass vulnerability that allows for arbitrary code execution and file access.
More info....
CVSS Score v3 - 8.8
n8n-io
Patch
n8n-io n8n automates workflows with custom nodes. Versions before 2.4.8 let authenticated users escape Python sandbox and run unauthorised code.
More Info....
CVSS Score v4 - 9.4
Cisco
Patch
Cisco Meeting Management manages video meetings for enterprises. Improper input validation lets authenticated users upload files, execute commands as root.
More Info....
CVSS Score v3 - 8.8
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating. This is also used where the CVSS value is 10.
Security
Vendors of cyber security products should know better and given their importance they are highlighted when vulnerable, often combined with critival severity
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours.
Patch
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.
Exploit
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.
OT
This bottom descriptor indicates that the vulnerable product is Operational Technology (OT) such as an Industrial Control System (ICS). OT is not to be confused with Information Technology (IT)
ZERO
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.
LOCAL
Whilst vulnerabilities reported are remotely exploitable, there are rare occasions when we will report on a vulnerability with a locally exploitable attack vector (AV:L)
Monthly
Several vendors release multiple patches on or around the same day each month.
The severity level will reflect the highest vulnerability