Bitwarden
Security
Bitwarden Server manages password storage securely; a provider user could add any organisation, risking takeover via a POST request.
More Info...
CVSS Score v4 - 8.9
Siemens
Monthly
Monthly - Number of patches: 28
Number of critical patches: 14.
More Info....
CVSS Score v4 - 3.7-10.0
Schneider
Monthly
Monthly - Number of patches: 10
Number of critical patches: 0.
More Info....
CVSS Score v3 - 5.3-8.3
SAP
Patch
SAP S/4HANA enterprise search for ABAP enables data retrieval; SQL injection allows authenticated users to access sensitive data and crash the app.
More info....
CVSS Score v3 - 9.6
Jetbrains
Patch
JetBrains TeamCity CI server before version 2026.1 could allow authenticated users to expose server APIs to unauthorised access.
More Info....
CVSS Score v3 - 8.2
Robots
OT
Universal Robots PolyScope controls collaborative robots; OS command injection in Dashboard Server allows unauthenticated code execution on robot OS.
More Info...
CVSS Score v4 - 9.8
PHP
Patch
PHP Group PHP: Server-side scripting language; SOAP extension use-after-free flaw in object deduplication allows remote code execution via crafted request.
More Info....
CVSS Score v4 - 9.5
Sentry
Patch
Sentry monitors errors and performance; versions 21.12.0 to <26.4.1 have a SAML SSO flaw allowing account takeover via malicious IdP with known email address.
More Info....
CVSS Score v3 - 9.1
Angular
Patch
Angular is a web app platform using TypeScript/JavaScript. SSRF in @angular/platform-server misleads URL origin, exposing internal APIs; fixed in 21.2.9.
More info....
CVSS Score v4 - 8.7
Dirty Frag
Patch
Dirty Frag" lets local Linux users manipulate page cache and gain root across many kernel versions. No Sophos products are affected.
More Info....
CVSS Score v4 - -
Palo Alto
Security
Palo Alto Networks Prisma Access firewall management system; buffer overflow in User-ID Authentication Portal allows unauthenticated root code execution via crafted packets.
More Info...
CVSS Score v4 - 9.3
gotenburg
Patch
Gotenberg Docker API for PDF processing; vuln allows injection via metadata values, enabling file rename, overwrite, or link creation in container.
More Info....
CVSS Score v3 - 10.0
Apache
Patch
Apache Wicket is a Java web application framework; it has a session fixation vulnerability due to missing changeSessionId call.
More Info....
CVSS Score v3 - 9.1
Cisco
Patch
Cisco Unity Connection is a unified messaging system; an authenticated attacker can execute root code via crafted API requests.
More info....
CVSS Score v3 - 8.8
jupyter
Patch
JupyterLab and Notebook provide interactive computing; XSS in help command linker lets attackers steal tokens, hijack sessions, run code.
More Info....
CVSS Score v4 - 8.4
OWASP
Security
ModSecurity WAF engine for Apache, IIS, Nginx; libModSecurity3 <3.0.15 crashes on t:hexDecode with single char, causing denial of service.
More Info...
CVSS Score v4 - 8.2
OpenClaw
Patch
OpenClaw event management system; input validation flaw allows malicious hooks to escalate untrusted input to higher-trust agent context.
More Info....
CVSS Score v3 - 9.6
PHPOffice
Patch
PHPOffice PhpSpreadsheet reads/writes spreadsheet files; user-controlled filename in IOFactory::load() allows remote code execution or SSRF via PHP stream wrappers.
More Info....
CVSS Score v4 - 9.2
OpenEMR
Patch
OpenEMR 7.0.1 is an electronic medical records system; it has a brute force flaw allowing unlimited login attempts bypassing rate limits.
More info....
CVSS Score v4 - 8.7
pi-hole
Patch
Pi-hole Faster than Light blocks ads and trackers at network level; versions before 6.6.1 allow command execution via config injection without admin password.
More Info....
CVSS Score v4 - 8.7
Qualcomm
Monthly
Monthly -
Number of patches: 10
Number of critical patches: 3
More Info...
CVSS Score v3 - 5.5-9.8
Android
Monthly
Monthly -
Number of patches: 1
Number of critical patches: 1
More Info....
CVSS Score v3 - 8.8
Apache
Patch
Apache Polaris manages cloud data storage; altering write.metadata.path bypasses checks, risking metadata writes to attacker-chosen locations.
More Info....
CVSS Score v4 - 9.9
n8n
Patch
n8n-io n8n automates workflows; versions before 1.123.32, 2.17.4 allow prototype pollution via XML, enabling remote code execution.
More info....
CVSS Score v4 - 9.4
Ollama
Patch
Ollama AI model management tool; heap out-of-bounds read in GGUF loader leaks sensitive data via unauthenticated /api/create and /api/push endpoints.
More Info....
CVSS Score v4 - 9.1
RedHat
Patch
Red Hat Ansible Automation Platform automates IT tasks; flaw in auto-linking IDP emails allows attackers to hijack or access accounts without verification.
More Info....
CVSS Score v3 - 8.3
Synway
ZERO DAY
Synway SMG Gateway Management Software manages gateway devices; it has an OS command injection in RADIUS config allowing remote code execution via crafted POST requests. NO PATCH
More Info...
CVSS Score v4 - 9.8
bitwarden
Security
Bitwarden CLI manages password vaults via command line; version 2026.4.0 from npm contained embedded malicious code in a supply chain attack.
More Info....
CVSS Score v3 - 8.8
IBM
Patch
IBM Langflow Desktop is a workflow automation tool; versions 1.0.0 to 1.8.4 allow arbitrary command execution risking data exposure and attacks.
More Info....
CVSS Score v3 - 8.8
MeWare
Patch
MeWare PDKS is an access control system; it has an authorization bypass via user-controlled key allowing privilege abuse in versions before VMYR_3.5.2025117.
More info....
CVSS Score v3 - 8.1
Fortinet
Security
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
More Info....
CVSS Score v3 - 9.1
NVIDIA
Patch
NVIDIA FLARE SDK manages federated learning; NVFlare Dashboard flaw allows unauthenticated users to bypass authorization, risking data and code.
More Info...
CVSS Score v3 - 9.8
Apache
Patch
Apache Pony Mail is an email list management tool; HTTP request smuggling flaw allows admin takeover in unsupported Lua versions.
More Info....
CVSS Score v3 - 9.8
Cisco
Patch
Nutanix Cisco Intersight Device Connector links Nutanix Prism Central to Cisco Intersight; improper access control on API port 7373 allows unauthenticated attackers to disrupt workloads by invoking cluster maintenance, risking service availability.
More info....
CVSS Score v4 - 8.2
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
CVSS Score 7.1-8.0
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
CVSS Score 8.1-9.0
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.
CVSS Score 9.1-10.
Security
Vendors of cyber security products should know better and given their importance they are highlighted when vulnerable, often combined with critival severity
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours.
Patch
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.
Exploit
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.
OT
This bottom descriptor indicates that the vulnerable product is Operational Technology (OT) such as an Industrial Control System (ICS). OT is not to be confused with Information Technology (IT)
ZERO
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.
LOCAL
Whilst vulnerabilities reported are remotely exploitable, there are rare occasions when we will report on a vulnerability with a locally exploitable attack vector (AV:L)
Monthly
Several vendors release multiple patches on or around the same day each month.
The severity level will reflect the highest vulnerability