WatchGuard
Security
Security Product - Firewall - Multiple Vulnerabilities (10).
More Info....
CVSS Score - Multi
Cisco
Patch
Remote Code Execution Vulnerability in React and Next.js Frameworks, Cisco investigating effected products.
More Info....
CVSS Score v3 - 10
Advantech
Patch
WebAccess/VPN - command injection vulnerability that allows an authenticated system administrator to execute arbitrary commands as the web server user.
More info....
CVSS Score v4 - 8.6
MAXHUB
OT
MAXHUB Pivot is a cloud-based device management platform. Successful exploitation of this vulnerability could allow an attacker to request a password reset and gain unauthorized access to the account.
More Info....
CVSS Score v4 - 8.7
Synology
Patch
Published 27 Nov. Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC) allows remote attackers to execute arbitrary code via unspecified vectors.
More Info....
CVSS Score v3 - 9.6
Apache
Patch
Content analysis toolkit for extracting metadata; XXE flaw in PDF parsing lets attackers inject XML via crafted XFA files in multiple Tika modules.
More Info....
CVSS Score v4 - 10
Amazon
Patch
AWS: This issue may permit unauthorized remote code execution on React Server Components.
More Info....
CVSS Score v3 - 10
Anthropics
Patch
Claude Code. It was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window.
More info....
CVSS Score v4 - 8.7
AVTECH
Patch
Network video recorder for surveillance systems – Authenticated command injection in Machine.cgi lets attackers run arbitrary commands via crafted input.
More Info....
CVSS Score v4 - 8.7
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating. This is also used where the CVSS value is 10.
Security
Vendors of cyber security products should know better and given their importance they are highlighted when vulnerable, often combined with critival severity
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours.
Patch
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.
Exploit
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.
OT
This bottom descriptor indicates that the vulnerable product is Operational Technology (OT) such as an Industrial Control System (ICS). OT is not to be confused with Information Technology (IT)
ZERO
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.