diff --git a/.github/workflows/site.yml b/.github/workflows/site.yml index c5e1a6537e..1c8c0dab42 100644 --- a/.github/workflows/site.yml +++ b/.github/workflows/site.yml @@ -11,6 +11,7 @@ on: - 'scripts/**' - 'templates/**' - 'docs/assets/**' + - 'README.md' - 'requirements.txt' - '.github/workflows/site.yml' diff --git a/docs/api/v1/diff/2025-12-17.json b/docs/api/v1/diff/2025-12-17.json index 7fe151f2b7..291183f746 100644 --- a/docs/api/v1/diff/2025-12-17.json +++ b/docs/api/v1/diff/2025-12-17.json @@ -2,156 +2,50 @@ "epss_movers": [], "generated": "2025-12-17", "new_high_epss": [ - { - "cve": "CVE-2025-9316", - "epss": 0.78706, - "percentile": 0.98995, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8943", "epss": 0.6583, - "percentile": 0.9843, + "percentile": 0.98431, "poc_count": 1, "summary": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro..." }, - { - "cve": "CVE-2025-8489", - "epss": 0.43315, - "percentile": 0.97363, - "poc_count": 0, - "summary": "" - }, - { - "cve": "CVE-2025-8426", - "epss": 0.3937, - "percentile": 0.97134, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8518", "epss": 0.33903, - "percentile": 0.96792, + "percentile": 0.96794, "poc_count": 1, "summary": "A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l..." }, - { - "cve": "CVE-2025-8868", - "epss": 0.17119, - "percentile": 0.94767, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8730", "epss": 0.11861, - "percentile": 0.93477, + "percentile": 0.93482, "poc_count": 2, "summary": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c..." }, { "cve": "CVE-2025-7795", "epss": 0.096, - "percentile": 0.92596, + "percentile": 0.926, "poc_count": 3, "summary": "A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa..." }, { "cve": "CVE-2025-9090", - "epss": 0.08297, - "percentile": 0.91936, + "epss": 0.0924, + "percentile": 0.92438, "poc_count": 4, "summary": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible..." }, { "cve": "CVE-2025-8085", "epss": 0.07832, - "percentile": 0.91659, + "percentile": 0.91666, "poc_count": 1, "summary": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs." } ], "new_kev_entries": [ - { - "cve": "CVE-2025-59718", - "date_added": "2025-12-16", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ; https://docs.fortinet.com/upgrade-tool/fortigate ; https://nvd.nist.gov/vuln/detail/CVE-2025-59718", - "percentile": null, - "poc_count": 0, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.", - "vendor": "Fortinet" - }, - { - "cve": "CVE-2025-14611", - "date_added": "2025-12-15", - "due_date": "2026-01-05", - "epss": null, - "notes": "https://www.centrestack.com/p/gce_latest_release.html ; https://access.triofox.com/releases_history/; https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h_01JQRV57T37HJFQZKBZH9NBXQP ; https://nvd.nist.gov/vuln/detail/CVE-2025-14611", - "percentile": null, - "poc_count": 0, - "product": "CentreStack and Triofox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.", - "vendor": "Gladinet" - }, - { - "cve": "CVE-2025-43529", - "date_added": "2025-12-15", - "due_date": "2026-01-05", - "epss": null, - "notes": "https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529", - "percentile": null, - "poc_count": 0, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.", - "vendor": "Apple" - }, - { - "cve": "CVE-2018-4063", - "date_added": "2025-12-12", - "due_date": "2026-01-02", - "epss": null, - "notes": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03 ; https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003 ; https://source.sierrawireless.com/resources/airlink/hardware_reference_docs/airlink_es450_eol ; https://nvd.nist.gov/vuln/detail/CVE-2018-4063", - "percentile": null, - "poc_count": 2, - "product": "AirLink ALEOS", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "vendor": "Sierra Wireless" - }, - { - "cve": "CVE-2025-14174", - "date_added": "2025-12-12", - "due_date": "2026-01-02", - "epss": null, - "notes": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html ; https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security ; https://nvd.nist.gov/vuln/detail/CVE-2025-14174", - "percentile": null, - "poc_count": 0, - "product": "Chromium", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2025-58360", - "date_added": "2025-12-11", - "due_date": "2026-01-01", - "epss": null, - "notes": "This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525 ; https://osgeo-org.atlassian.net/browse/GEOS-11922 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58360", - "percentile": null, - "poc_count": 0, - "product": "GeoServer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.", - "vendor": "OSGeo" - }, { "cve": "CVE-2025-6218", "date_added": "2025-12-09", @@ -164,149 +58,6 @@ "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "short_description": "RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.", "vendor": "RARLAB" - }, - { - "cve": "CVE-2025-62221", - "date_added": "2025-12-09", - "due_date": "2025-12-30", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62221", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2022-37055", - "date_added": "2025-12-08", - "due_date": "2025-12-29", - "epss": null, - "notes": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 ; https://nvd.nist.gov/vuln/detail/CVE-2022-37055", - "percentile": null, - "poc_count": 2, - "product": "Routers", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2025-66644", - "date_added": "2025-12-08", - "due_date": "2025-12-29", - "epss": null, - "notes": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644", - "percentile": null, - "poc_count": 0, - "product": "ArrayOS AG", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.", - "vendor": "Array Networks" - }, - { - "cve": "CVE-2025-55182", - "date_added": "2025-12-05", - "due_date": "2025-12-12", - "epss": null, - "notes": "Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, please see: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://github.com/vercel-labs/fix-react2shell-next?tab=readme-ov-file ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182", - "percentile": null, - "poc_count": 0, - "product": "React Server Components", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.", - "vendor": "Meta" - }, - { - "cve": "CVE-2021-26828", - "date_added": "2025-12-03", - "due_date": "2025-12-24", - "epss": null, - "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828", - "percentile": null, - "poc_count": 16, - "product": "ScadaBR", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.", - "vendor": "OpenPLC" - }, - { - "cve": "CVE-2025-48572", - "date_added": "2025-12-02", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572", - "percentile": null, - "poc_count": 0, - "product": "Framework", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Android Framework contains an unspecified vulnerability that allows for privilege escalation.", - "vendor": "Android" - }, - { - "cve": "CVE-2025-48633", - "date_added": "2025-12-02", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633", - "percentile": null, - "poc_count": 0, - "product": "Framework", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Android Framework contains an unspecified vulnerability that allows for information disclosure.", - "vendor": "Android" - }, - { - "cve": "CVE-2021-26829", - "date_added": "2025-11-28", - "due_date": "2025-12-19", - "epss": null, - "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/3211 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26829", - "percentile": null, - "poc_count": 1, - "product": "ScadaBR", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.", - "vendor": "OpenPLC" - }, - { - "cve": "CVE-2025-61757", - "date_added": "2025-11-21", - "due_date": "2025-12-12", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757", - "percentile": null, - "poc_count": 0, - "product": "Fusion Middleware", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2025-13223", - "date_added": "2025-11-19", - "due_date": "2025-12-10", - "epss": null, - "notes": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-13223", - "percentile": null, - "poc_count": 0, - "product": "Chromium V8", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.", - "vendor": "Google" - }, - { - "cve": "CVE-2025-58034", - "date_added": "2025-11-18", - "due_date": "2025-11-25", - "epss": null, - "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034", - "percentile": null, - "poc_count": 0, - "product": "FortiWeb", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.", - "vendor": "Fortinet" } ], "removed_high_epss": [], diff --git a/docs/api/v1/diff/latest.json b/docs/api/v1/diff/latest.json index 7fe151f2b7..291183f746 100644 --- a/docs/api/v1/diff/latest.json +++ b/docs/api/v1/diff/latest.json @@ -2,156 +2,50 @@ "epss_movers": [], "generated": "2025-12-17", "new_high_epss": [ - { - "cve": "CVE-2025-9316", - "epss": 0.78706, - "percentile": 0.98995, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8943", "epss": 0.6583, - "percentile": 0.9843, + "percentile": 0.98431, "poc_count": 1, "summary": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro..." }, - { - "cve": "CVE-2025-8489", - "epss": 0.43315, - "percentile": 0.97363, - "poc_count": 0, - "summary": "" - }, - { - "cve": "CVE-2025-8426", - "epss": 0.3937, - "percentile": 0.97134, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8518", "epss": 0.33903, - "percentile": 0.96792, + "percentile": 0.96794, "poc_count": 1, "summary": "A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l..." }, - { - "cve": "CVE-2025-8868", - "epss": 0.17119, - "percentile": 0.94767, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8730", "epss": 0.11861, - "percentile": 0.93477, + "percentile": 0.93482, "poc_count": 2, "summary": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c..." }, { "cve": "CVE-2025-7795", "epss": 0.096, - "percentile": 0.92596, + "percentile": 0.926, "poc_count": 3, "summary": "A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa..." }, { "cve": "CVE-2025-9090", - "epss": 0.08297, - "percentile": 0.91936, + "epss": 0.0924, + "percentile": 0.92438, "poc_count": 4, "summary": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible..." }, { "cve": "CVE-2025-8085", "epss": 0.07832, - "percentile": 0.91659, + "percentile": 0.91666, "poc_count": 1, "summary": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs." } ], "new_kev_entries": [ - { - "cve": "CVE-2025-59718", - "date_added": "2025-12-16", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ; https://docs.fortinet.com/upgrade-tool/fortigate ; https://nvd.nist.gov/vuln/detail/CVE-2025-59718", - "percentile": null, - "poc_count": 0, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.", - "vendor": "Fortinet" - }, - { - "cve": "CVE-2025-14611", - "date_added": "2025-12-15", - "due_date": "2026-01-05", - "epss": null, - "notes": "https://www.centrestack.com/p/gce_latest_release.html ; https://access.triofox.com/releases_history/; https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h_01JQRV57T37HJFQZKBZH9NBXQP ; https://nvd.nist.gov/vuln/detail/CVE-2025-14611", - "percentile": null, - "poc_count": 0, - "product": "CentreStack and Triofox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.", - "vendor": "Gladinet" - }, - { - "cve": "CVE-2025-43529", - "date_added": "2025-12-15", - "due_date": "2026-01-05", - "epss": null, - "notes": "https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529", - "percentile": null, - "poc_count": 0, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.", - "vendor": "Apple" - }, - { - "cve": "CVE-2018-4063", - "date_added": "2025-12-12", - "due_date": "2026-01-02", - "epss": null, - "notes": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03 ; https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003 ; https://source.sierrawireless.com/resources/airlink/hardware_reference_docs/airlink_es450_eol ; https://nvd.nist.gov/vuln/detail/CVE-2018-4063", - "percentile": null, - "poc_count": 2, - "product": "AirLink ALEOS", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "vendor": "Sierra Wireless" - }, - { - "cve": "CVE-2025-14174", - "date_added": "2025-12-12", - "due_date": "2026-01-02", - "epss": null, - "notes": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html ; https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security ; https://nvd.nist.gov/vuln/detail/CVE-2025-14174", - "percentile": null, - "poc_count": 0, - "product": "Chromium", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2025-58360", - "date_added": "2025-12-11", - "due_date": "2026-01-01", - "epss": null, - "notes": "This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525 ; https://osgeo-org.atlassian.net/browse/GEOS-11922 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58360", - "percentile": null, - "poc_count": 0, - "product": "GeoServer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.", - "vendor": "OSGeo" - }, { "cve": "CVE-2025-6218", "date_added": "2025-12-09", @@ -164,149 +58,6 @@ "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "short_description": "RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.", "vendor": "RARLAB" - }, - { - "cve": "CVE-2025-62221", - "date_added": "2025-12-09", - "due_date": "2025-12-30", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62221", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2022-37055", - "date_added": "2025-12-08", - "due_date": "2025-12-29", - "epss": null, - "notes": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 ; https://nvd.nist.gov/vuln/detail/CVE-2022-37055", - "percentile": null, - "poc_count": 2, - "product": "Routers", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2025-66644", - "date_added": "2025-12-08", - "due_date": "2025-12-29", - "epss": null, - "notes": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644", - "percentile": null, - "poc_count": 0, - "product": "ArrayOS AG", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.", - "vendor": "Array Networks" - }, - { - "cve": "CVE-2025-55182", - "date_added": "2025-12-05", - "due_date": "2025-12-12", - "epss": null, - "notes": "Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, please see: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://github.com/vercel-labs/fix-react2shell-next?tab=readme-ov-file ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182", - "percentile": null, - "poc_count": 0, - "product": "React Server Components", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.", - "vendor": "Meta" - }, - { - "cve": "CVE-2021-26828", - "date_added": "2025-12-03", - "due_date": "2025-12-24", - "epss": null, - "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828", - "percentile": null, - "poc_count": 16, - "product": "ScadaBR", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.", - "vendor": "OpenPLC" - }, - { - "cve": "CVE-2025-48572", - "date_added": "2025-12-02", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572", - "percentile": null, - "poc_count": 0, - "product": "Framework", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Android Framework contains an unspecified vulnerability that allows for privilege escalation.", - "vendor": "Android" - }, - { - "cve": "CVE-2025-48633", - "date_added": "2025-12-02", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633", - "percentile": null, - "poc_count": 0, - "product": "Framework", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Android Framework contains an unspecified vulnerability that allows for information disclosure.", - "vendor": "Android" - }, - { - "cve": "CVE-2021-26829", - "date_added": "2025-11-28", - "due_date": "2025-12-19", - "epss": null, - "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/3211 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26829", - "percentile": null, - "poc_count": 1, - "product": "ScadaBR", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.", - "vendor": "OpenPLC" - }, - { - "cve": "CVE-2025-61757", - "date_added": "2025-11-21", - "due_date": "2025-12-12", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757", - "percentile": null, - "poc_count": 0, - "product": "Fusion Middleware", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2025-13223", - "date_added": "2025-11-19", - "due_date": "2025-12-10", - "epss": null, - "notes": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-13223", - "percentile": null, - "poc_count": 0, - "product": "Chromium V8", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.", - "vendor": "Google" - }, - { - "cve": "CVE-2025-58034", - "date_added": "2025-11-18", - "due_date": "2025-11-25", - "epss": null, - "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034", - "percentile": null, - "poc_count": 0, - "product": "FortiWeb", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.", - "vendor": "Fortinet" } ], "removed_high_epss": [], diff --git a/docs/api/v1/epss_top.json b/docs/api/v1/epss_top.json index c42ccecaae..547aba9c12 100644 --- a/docs/api/v1/epss_top.json +++ b/docs/api/v1/epss_top.json @@ -1,73 +1,45 @@ { "generated": "2025-12-17", "items": [ - { - "cve": "CVE-2025-9316", - "epss": 0.78706, - "percentile": 0.98995, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8943", "epss": 0.6583, - "percentile": 0.9843, + "percentile": 0.98431, "poc_count": 1, "summary": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro..." }, - { - "cve": "CVE-2025-8489", - "epss": 0.43315, - "percentile": 0.97363, - "poc_count": 0, - "summary": "" - }, - { - "cve": "CVE-2025-8426", - "epss": 0.3937, - "percentile": 0.97134, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8518", "epss": 0.33903, - "percentile": 0.96792, + "percentile": 0.96794, "poc_count": 1, "summary": "A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l..." }, - { - "cve": "CVE-2025-8868", - "epss": 0.17119, - "percentile": 0.94767, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8730", "epss": 0.11861, - "percentile": 0.93477, + "percentile": 0.93482, "poc_count": 2, "summary": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c..." }, { "cve": "CVE-2025-7795", "epss": 0.096, - "percentile": 0.92596, + "percentile": 0.926, "poc_count": 3, "summary": "A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa..." }, { "cve": "CVE-2025-9090", - "epss": 0.08297, - "percentile": 0.91936, + "epss": 0.0924, + "percentile": 0.92438, "poc_count": 4, "summary": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible..." }, { "cve": "CVE-2025-8085", "epss": 0.07832, - "percentile": 0.91659, + "percentile": 0.91666, "poc_count": 1, "summary": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs." } diff --git a/docs/api/v1/joined_top.json b/docs/api/v1/joined_top.json index 43a142a2a0..2a10ef6c6b 100644 --- a/docs/api/v1/joined_top.json +++ b/docs/api/v1/joined_top.json @@ -1,99 +1,57 @@ { "generated": "2025-12-17", "high_epss": [ - { - "cve": "CVE-2025-9316", - "epss": 0.78706, - "percentile": 0.98995, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8943", "epss": 0.6583, - "percentile": 0.9843, + "percentile": 0.98431, "poc_count": 1, "summary": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro..." }, - { - "cve": "CVE-2025-8489", - "epss": 0.43315, - "percentile": 0.97363, - "poc_count": 0, - "summary": "" - }, - { - "cve": "CVE-2025-8426", - "epss": 0.3937, - "percentile": 0.97134, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8518", "epss": 0.33903, - "percentile": 0.96792, + "percentile": 0.96794, "poc_count": 1, "summary": "A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l..." }, - { - "cve": "CVE-2025-8868", - "epss": 0.17119, - "percentile": 0.94767, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8730", "epss": 0.11861, - "percentile": 0.93477, + "percentile": 0.93482, "poc_count": 2, "summary": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c..." }, { "cve": "CVE-2025-7795", "epss": 0.096, - "percentile": 0.92596, + "percentile": 0.926, "poc_count": 3, "summary": "A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa..." }, { "cve": "CVE-2025-9090", - "epss": 0.08297, - "percentile": 0.91936, + "epss": 0.0924, + "percentile": 0.92438, "poc_count": 4, "summary": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible..." }, { "cve": "CVE-2025-8085", "epss": 0.07832, - "percentile": 0.91659, + "percentile": 0.91666, "poc_count": 1, "summary": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs." } ], "kev_top": [ - { - "cve": "CVE-2025-9242", - "date_added": "2025-11-12", - "due_date": "2025-12-03", - "epss": 0.7437, - "notes": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242", - "percentile": 0.98786, - "poc_count": 0, - "product": "Firebox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.", - "summary": "", - "vendor": "WatchGuard" - }, { "cve": "CVE-2025-7775", "date_added": "2025-08-26", "due_date": "2025-08-28", "epss": 0.17354, "notes": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775", - "percentile": 0.94817, + "percentile": 0.9482, "poc_count": 15, "product": "NetScaler", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -107,7 +65,7 @@ "due_date": "2025-09-24", "epss": 0.14589, "notes": "https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-9377", - "percentile": 0.94217, + "percentile": 0.94221, "poc_count": 4, "product": "Multiple Routers", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -121,7 +79,7 @@ "due_date": "2025-08-20", "epss": 0.13881, "notes": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876", - "percentile": 0.94059, + "percentile": 0.94063, "poc_count": 6, "product": "N-Central", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -135,7 +93,7 @@ "due_date": "2025-08-20", "epss": 0.05085, "notes": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875", - "percentile": 0.89424, + "percentile": 0.89429, "poc_count": 7, "product": "N-Central", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -149,7 +107,7 @@ "due_date": "2025-09-02", "epss": 0.03156, "notes": "https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088", - "percentile": 0.8647, + "percentile": 0.86473, "poc_count": 45, "product": "WinRAR", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -158,970 +116,984 @@ "vendor": "RARLAB" }, { - "cve": "CVE-2002-0367", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-0012", + "date_added": "2024-11-18", + "due_date": "2024-12-09", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2002-0367", + "notes": "https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012", "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.", - "summary": "smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a...", - "vendor": "Microsoft" + "poc_count": 29, + "product": "PAN-OS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.", + "short_description": "Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.", + "summary": "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative...", + "vendor": "Palo Alto Networks" }, { - "cve": "CVE-2004-0210", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-0519", + "date_added": "2024-01-17", + "due_date": "2024-02-07", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2004-0210", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.", - "summary": "The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2004-1464", - "date_added": "2023-05-19", - "due_date": "2023-06-09", - "epss": null, - "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040827-telnet; https://nvd.nist.gov/vuln/detail/CVE-2004-1464", - "percentile": null, - "poc_count": 2, - "product": "IOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.", - "summary": "Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2005-2773", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2005-2773", - "percentile": null, - "poc_count": 1, - "product": "OpenView Network Node Manager", - "required_action": "Apply updates per vendor instructions.", - "short_description": "HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.", - "summary": "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl...", - "vendor": "Hewlett Packard (HP)" - }, - { - "cve": "CVE-2006-1547", - "date_added": "2022-01-21", - "due_date": "2022-07-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2006-1547", - "percentile": null, - "poc_count": 2, - "product": "Struts 1", - "required_action": "Apply updates per vendor instructions.", - "short_description": "ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).", - "summary": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references t...", - "vendor": "Apache" - }, - { - "cve": "CVE-2006-2492", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2006-2492", - "percentile": null, - "poc_count": 3, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.", - "summary": "Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object po...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2007-0671", - "date_added": "2025-08-12", - "due_date": "2025-09-02", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671", + "notes": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html; https://nvd.nist.gov/vuln/detail/CVE-2024-0519", "percentile": null, "poc_count": 5, - "product": "Office", + "product": "Chromium V8", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", + "summary": "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "vendor": "Google" + }, + { + "cve": "CVE-2024-0769", + "date_added": "2025-06-25", + "due_date": "2025-07-16", + "epss": null, + "notes": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0769", + "percentile": null, + "poc_count": 4, + "product": "DIR-859 Router", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.", - "summary": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonst...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2007-3010", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2007-3010", - "percentile": null, - "poc_count": 3, - "product": "OmniPCX Enterprise", - "required_action": "Apply updates per vendor instructions.", - "short_description": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.", - "summary": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during...", - "vendor": "Alcatel" - }, - { - "cve": "CVE-2007-5659", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2007-5659", - "percentile": null, - "poc_count": 4, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.", - "summary": "Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-0655", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-0655", - "percentile": null, - "poc_count": 3, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.", - "summary": "Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-2992", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992", - "percentile": null, - "poc_count": 7, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.", - "summary": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string ar...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-3431", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-3431", - "percentile": null, - "poc_count": 5, - "product": "VirtualBox", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.", - "summary": "The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, whi...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2009-0557", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0557", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.", - "summary": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel V...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-0563", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0563", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.", - "summary": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Mic...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-0927", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927", - "percentile": null, - "poc_count": 4, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.", - "summary": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Colla...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-1123", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1123", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.", - "summary": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to ga...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-1151", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1151", - "percentile": null, - "poc_count": 19, - "product": "phpMyAdmin", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.", - "summary": "Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.", - "vendor": "phpMyAdmin" - }, - { - "cve": "CVE-2009-1862", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1862", - "percentile": null, - "poc_count": 3, - "product": "Acrobat and Reader, Flash Player", - "required_action": "For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-2055", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-2055", - "percentile": null, - "poc_count": 2, - "product": "IOS XR", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).", - "summary": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2009-3129", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3129", - "percentile": null, - "poc_count": 2, - "product": "Excel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.", - "summary": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatib...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-3953", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953", - "percentile": null, - "poc_count": 1, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.", - "summary": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF documen...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-3960", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3960", - "percentile": null, - "poc_count": 2, - "product": "BlazeDS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.", - "summary": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, all...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-4324", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324", - "percentile": null, - "poc_count": 6, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.", - "summary": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary cod...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-0188", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0188", - "percentile": null, - "poc_count": 3, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.", - "summary": "Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-0232", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0232", - "percentile": null, - "poc_count": 17, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.", - "summary": "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when acces...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-0738", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738", - "percentile": null, - "poc_count": 21, - "product": "JBoss", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.", - "summary": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST me...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-0840", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", - "percentile": null, - "poc_count": 8, - "product": "Java Runtime Environment (JRE)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.", - "summary": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and av...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2010-1297", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297", - "percentile": null, - "poc_count": 5, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to exec...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-1428", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428", - "percentile": null, - "poc_count": 3, - "product": "JBoss", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.", - "summary": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-1871", - "date_added": "2021-12-10", - "due_date": "2022-06-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1871", - "percentile": null, - "poc_count": 17, - "product": "JBoss Seam 2", - "required_action": "Apply updates per vendor instructions.", - "short_description": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.", - "summary": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-2568", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568", - "percentile": null, - "poc_count": 22, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.", - "summary": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-2572", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2572", - "percentile": null, - "poc_count": 1, - "product": "PowerPoint", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.", - "summary": "Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka \"PowerPoint Parsing Buffer Overflow Vulnerability.\"", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-2861", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2861", - "percentile": null, - "poc_count": 64, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.", - "summary": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settin...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-2883", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2883", - "percentile": null, - "poc_count": 9, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (app...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-3035", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3035", - "percentile": null, - "poc_count": 2, - "product": "IOS XR", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).", - "summary": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix annou...", - "vendor": "Cisco" - }, - { - "cve": "CVE-2010-3333", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3333", - "percentile": null, - "poc_count": 33, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.", - "summary": "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attack...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-3765", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765", - "percentile": null, - "poc_count": 4, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.", - "summary": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute ar...", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2010-3904", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904", - "percentile": null, - "poc_count": 125, - "product": "Kernel", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.", - "summary": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which a...", - "vendor": "Linux" - }, - { - "cve": "CVE-2010-3962", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962", - "percentile": null, - "poc_count": 3, - "product": "Internet Explorer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "summary": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-4344", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4344", - "percentile": null, - "poc_count": 9, - "product": "Exim", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.", - "summary": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a lar...", - "vendor": "Exim" - }, - { - "cve": "CVE-2010-4345", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4345", - "percentile": null, - "poc_count": 4, - "product": "Exim", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.", - "summary": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstra...", - "vendor": "Exim" - }, - { - "cve": "CVE-2010-4398", - "date_added": "2022-03-28", - "due_date": "2022-04-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4398", - "percentile": null, - "poc_count": 9, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.", - "summary": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Wind...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-5326", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-5326", - "percentile": null, - "poc_count": 1, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.", - "summary": "The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as ex...", - "vendor": "SAP" - }, - { - "cve": "CVE-2010-5330", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-5330", - "percentile": null, - "poc_count": 2, - "product": "AirOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.", - "summary": "On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4....", - "vendor": "Ubiquiti" - }, - { - "cve": "CVE-2011-0609", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0609", - "percentile": null, - "poc_count": 4, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bund...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-0611", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611", - "percentile": null, - "poc_count": 8, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.", - "summary": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-1823", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823", - "percentile": null, - "poc_count": 3, - "product": "Android OS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.", - "summary": "The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative...", - "vendor": "Android" - }, - { - "cve": "CVE-2011-1889", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-1889", - "percentile": null, - "poc_count": 1, - "product": "Forefront Threat Management Gateway (TMG)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.", - "summary": "The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka \"TMG Firewa...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-2005", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2005", - "percentile": null, - "poc_count": 18, - "product": "Ancillary Function Driver (afd.sys)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.", - "summary": "afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a craf...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-2462", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462", - "percentile": null, - "poc_count": 7, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or c...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-3402", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402", - "percentile": null, - "poc_count": 3, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.", - "summary": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-3544", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-3544", - "percentile": null, - "poc_count": 5, - "product": "Java SE JDK and JRE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", - "summary": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2011-4723", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723", - "percentile": null, - "poc_count": 1, - "product": "DIR-300 Router", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.", - "summary": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.", + "short_description": "D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", + "summary": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP PO...", "vendor": "D-Link" }, { - "cve": "CVE-2012-0151", - "date_added": "2022-06-08", - "due_date": "2022-06-22", + "cve": "CVE-2024-1086", + "date_added": "2024-05-30", + "due_date": "2024-06-20", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0151", + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660; https://nvd.nist.gov/vuln/detail/CVE-2024-1086", + "percentile": null, + "poc_count": 86, + "product": "Kernel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.", + "summary": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within th...", + "vendor": "Linux" + }, + { + "cve": "CVE-2024-11120", + "date_added": "2025-05-07", + "due_date": "2025-05-28", + "epss": null, + "notes": "https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-11120", + "percentile": null, + "poc_count": 3, + "product": "Multiple Devices", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", + "summary": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this v...", + "vendor": "GeoVision" + }, + { + "cve": "CVE-2024-11182", + "date_added": "2025-05-19", + "due_date": "2025-06-09", + "epss": null, + "notes": "https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182", + "percentile": null, + "poc_count": 4, + "product": "Email Server", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.", + "summary": "An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attackerto load arbitrary JavaScript cod...", + "vendor": "MDaemon" + }, + { + "cve": "CVE-2024-11667", + "date_added": "2024-12-03", + "due_date": "2024-12-24", + "epss": null, + "notes": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667", + "percentile": null, + "poc_count": 3, + "product": "Multiple Firewalls", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.", + "summary": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware vers...", + "vendor": "Zyxel" + }, + { + "cve": "CVE-2024-11680", + "date_added": "2024-12-03", + "due_date": "2024-12-24", + "epss": null, + "notes": "https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11680", + "percentile": null, + "poc_count": 10, + "product": "ProjectSend", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.", + "summary": "ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthori...", + "vendor": "ProjectSend" + }, + { + "cve": "CVE-2024-1212", + "date_added": "2024-11-18", + "due_date": "2024-12-09", + "epss": null, + "notes": "https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1212", + "percentile": null, + "poc_count": 10, + "product": "Kemp LoadMaster", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.", + "summary": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.", + "vendor": "Progress" + }, + { + "cve": "CVE-2024-12356", + "date_added": "2024-12-19", + "due_date": "2024-12-27", + "epss": null, + "notes": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356", + "percentile": null, + "poc_count": 6, + "product": "Privileged Remote Access (PRA) and Remote Support (RS)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.", + "summary": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.", + "vendor": "BeyondTrust" + }, + { + "cve": "CVE-2024-12686", + "date_added": "2025-01-13", + "due_date": "2025-02-03", + "epss": null, + "notes": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12686", + "percentile": null, + "poc_count": 4, + "product": "Privileged Remote Access (PRA) and Remote Support (RS)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.", + "summary": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.", + "vendor": "BeyondTrust" + }, + { + "cve": "CVE-2024-12987", + "date_added": "2025-05-15", + "due_date": "2025-06-05", + "epss": null, + "notes": "https://fw.draytek.com.tw/Vigor2960/Firmware/v1.5.1.5/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor300B/Firmware/v1.5.1.5/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor3900/Firmware/v1.5.1.5/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-12987", + "percentile": null, + "poc_count": 3, + "product": "Vigor Routers", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.", + "summary": "A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Manageme...", + "vendor": "DrayTek" + }, + { + "cve": "CVE-2024-13159", + "date_added": "2025-03-10", + "due_date": "2025-03-31", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13159", + "percentile": null, + "poc_count": 9, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.", + "summary": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-13160", + "date_added": "2025-03-10", + "due_date": "2025-03-31", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13160", + "percentile": null, + "poc_count": 8, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.", + "summary": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-13161", + "date_added": "2025-03-10", + "due_date": "2025-03-31", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13161", + "percentile": null, + "poc_count": 8, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.", + "summary": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-1709", + "date_added": "2024-02-22", + "due_date": "2024-02-29", + "epss": null, + "notes": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8; https://nvd.nist.gov/vuln/detail/CVE-2024-1709", + "percentile": null, + "poc_count": 35, + "product": "ScreenConnect", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.", + "summary": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical s...", + "vendor": "ConnectWise" + }, + { + "cve": "CVE-2024-20353", + "date_added": "2024-04-24", + "due_date": "2024-05-01", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2; https://nvd.nist.gov/vuln/detail/CVE-2024-20353", + "percentile": null, + "poc_count": 5, + "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.", + "summary": "A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20359", + "date_added": "2024-04-24", + "due_date": "2024-05-01", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h; https://nvd.nist.gov/vuln/detail/CVE-2024-20359", + "percentile": null, + "poc_count": 4, + "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.", + "summary": "A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FT...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20399", + "date_added": "2024-07-02", + "due_date": "2024-07-23", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP; https://nvd.nist.gov/vuln/detail/CVE-2024-20399", + "percentile": null, + "poc_count": 2, + "product": "NX-OS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.", + "summary": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected d...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20439", + "date_added": "2025-03-31", + "due_date": "2025-04-21", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw ; https://nvd.nist.gov/vuln/detail/CVE-2024-20439", + "percentile": null, + "poc_count": 7, + "product": "Smart Licensing Utility", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.", + "summary": "A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undoc...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20481", + "date_added": "2024-10-24", + "due_date": "2024-11-14", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481", + "percentile": null, + "poc_count": 1, + "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.", + "summary": "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20767", + "date_added": "2024-12-16", + "due_date": "2025-01-06", + "epss": null, + "notes": "https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767", + "percentile": null, + "poc_count": 30, + "product": "ColdFusion", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.", + "summary": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modi...", + "vendor": "Adobe" + }, + { + "cve": "CVE-2024-20953", + "date_added": "2025-02-24", + "due_date": "2025-03-17", + "epss": null, + "notes": "https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953", + "percentile": null, + "poc_count": 2, + "product": "Agile Product Lifecycle Management (PLM)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.", + "summary": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network a...", + "vendor": "Oracle" + }, + { + "cve": "CVE-2024-21287", + "date_added": "2024-11-21", + "due_date": "2024-12-12", + "epss": null, + "notes": "https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287", + "percentile": null, + "poc_count": 2, + "product": "Agile Product Lifecycle Management (PLM)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.", + "summary": "Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerabilit...", + "vendor": "Oracle" + }, + { + "cve": "CVE-2024-21338", + "date_added": "2024-03-04", + "due_date": "2024-03-25", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338", + "percentile": null, + "poc_count": 28, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.", + "summary": "Windows Kernel Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21351", + "date_added": "2024-02-13", + "due_date": "2024-03-05", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351", "percentile": null, "poc_count": 1, "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.", - "summary": "The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer...", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.", + "summary": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft" }, { - "cve": "CVE-2012-0158", - "date_added": "2021-11-03", - "due_date": "2022-05-03", + "cve": "CVE-2024-21410", + "date_added": "2024-02-15", + "due_date": "2024-03-07", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0158", + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410", + "percentile": null, + "poc_count": 3, + "product": "Exchange Server", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.", + "summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21412", + "date_added": "2024-02-13", + "due_date": "2024-03-05", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412; https://nvd.nist.gov/vuln/detail/CVE-2024-21412", + "percentile": null, + "poc_count": 7, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.", + "summary": "Internet Shortcut Files Security Feature Bypass Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21413", + "date_added": "2025-02-06", + "due_date": "2025-02-27", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21413", + "percentile": null, + "poc_count": 104, + "product": "Office Outlook", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.", + "summary": "Microsoft Outlook Remote Code Execution Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21762", + "date_added": "2024-02-09", + "due_date": "2024-02-16", + "epss": null, + "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-24-015 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21762", + "percentile": null, + "poc_count": 60, + "product": "FortiOS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.", + "summary": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7....", + "vendor": "Fortinet" + }, + { + "cve": "CVE-2024-21887", + "date_added": "2024-01-10", + "due_date": "2024-01-22", + "epss": null, + "notes": "Please apply mitigations per vendor instructions. For more information, please see: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-21887", + "percentile": null, + "poc_count": 54, + "product": "Connect Secure and Policy Secure", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.", + "summary": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitr...", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-21893", + "date_added": "2024-01-31", + "due_date": "2024-02-02", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-21893", + "percentile": null, + "poc_count": 17, + "product": "Connect Secure, Policy Secure, and Neurons", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.", + "summary": "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted re...", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-23113", + "date_added": "2024-10-09", + "due_date": "2024-10-30", + "epss": null, + "notes": "https://www.fortiguard.com/psirt/FG-IR-24-029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23113", + "percentile": null, + "poc_count": 28, + "product": "Multiple Products", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.", + "summary": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0...", + "vendor": "Fortinet" + }, + { + "cve": "CVE-2024-23222", + "date_added": "2024-01-23", + "due_date": "2024-02-13", + "epss": null, + "notes": "https://support.apple.com/en-us/HT214055, https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23222", + "percentile": null, + "poc_count": 2, + "product": "Multiple Products", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.", + "summary": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution...", + "vendor": "Apple" + }, + { + "cve": "CVE-2024-23296", + "date_added": "2024-03-06", + "due_date": "2024-03-27", + "epss": null, + "notes": "https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23296", + "percentile": null, + "poc_count": 1, + "product": "Multiple Products", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.", + "summary": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protec...", + "vendor": "Apple" + }, + { + "cve": "CVE-2024-23692", + "date_added": "2024-07-09", + "due_date": "2024-07-30", + "epss": null, + "notes": "The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-23692", + "percentile": null, + "poc_count": 43, + "product": "HTTP File Server", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.", + "summary": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affect...", + "vendor": "Rejetto" + }, + { + "cve": "CVE-2024-23897", + "date_added": "2024-08-19", + "due_date": "2024-09-09", + "epss": null, + "notes": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897", + "percentile": null, + "poc_count": 137, + "product": "Jenkins Command Line Interface (CLI)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.", + "summary": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthen...", + "vendor": "Jenkins" + }, + { + "cve": "CVE-2024-24919", + "date_added": "2024-05-30", + "due_date": "2024-06-20", + "epss": null, + "notes": "https://support.checkpoint.com/results/sk/sk182336 ; https://nvd.nist.gov/vuln/detail/CVE-2024-24919", + "percentile": null, + "poc_count": 116, + "product": "Quantum Security Gateways", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.", + "summary": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mit...", + "vendor": "Check Point" + }, + { + "cve": "CVE-2024-26169", + "date_added": "2024-06-13", + "due_date": "2024-07-04", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "short_description": "Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.", + "summary": "Windows Error Reporting Service Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-27198", + "date_added": "2024-03-07", + "due_date": "2024-03-28", + "epss": null, + "notes": "https://www.jetbrains.com/help/teamcity/teamcity-2023-11-4-release-notes.html; https://nvd.nist.gov/vuln/detail/CVE-2024-27198", + "percentile": null, + "poc_count": 69, + "product": "TeamCity", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.", + "summary": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible", + "vendor": "JetBrains" + }, + { + "cve": "CVE-2024-27348", + "date_added": "2024-09-18", + "due_date": "2024-10-09", + "epss": null, + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-27348", "percentile": null, "poc_count": 29, - "product": "MSCOMCTL.OCX", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.", - "summary": "The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Component...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-0391", - "date_added": "2022-01-21", - "due_date": "2022-07-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0391", - "percentile": null, - "poc_count": 6, - "product": "Struts 2", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.", - "summary": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers...", + "product": "HugeGraph-Server", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.", + "summary": "RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11Users are recommended to upgrade to version 1.3.0 with Java11...", "vendor": "Apache" }, { - "cve": "CVE-2012-0507", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-27443", + "date_added": "2025-05-19", + "due_date": "2025-06-09", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0507", - "percentile": null, - "poc_count": 6, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", - "summary": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidential...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-0518", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0518", - "percentile": null, - "poc_count": 4, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors", - "summary": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a differ...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-0754", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0754", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute ar...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-0767", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0767", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.", - "summary": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 o...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-1535", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1535", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.", - "summary": "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-1710", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1710", + "notes": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443", "percentile": null, "poc_count": 3, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.", - "summary": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel...", - "vendor": "Oracle" + "product": "Zimbra Collaboration Suite (ZCS)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.", + "summary": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper inp...", + "vendor": "Synacor" }, { - "cve": "CVE-2012-1723", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-28986", + "date_added": "2024-08-15", + "due_date": "2024-09-05", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1723", - "percentile": null, - "poc_count": 5, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.", - "summary": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-1823", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1823", - "percentile": null, - "poc_count": 71, - "product": "PHP", - "required_action": "Apply updates per vendor instructions.", - "short_description": "sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.", - "summary": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attack...", - "vendor": "PHP" - }, - { - "cve": "CVE-2012-1856", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1856", - "percentile": null, - "poc_count": 5, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.", - "summary": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-1889", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1889", - "percentile": null, - "poc_count": 9, - "product": "XML Core Services", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.", - "summary": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-2034", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-2034", + "notes": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986; https://nvd.nist.gov/vuln/detail/CVE-2024-28986", "percentile": null, "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).", - "summary": "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on...", + "product": "Web Help Desk", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.", + "summary": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported...", + "vendor": "SolarWinds" + }, + { + "cve": "CVE-2024-28987", + "date_added": "2024-10-15", + "due_date": "2024-11-05", + "epss": null, + "notes": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 ; https://nvd.nist.gov/vuln/detail/CVE-2024-28987", + "percentile": null, + "poc_count": 9, + "product": "Web Help Desk", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.", + "summary": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.", + "vendor": "SolarWinds" + }, + { + "cve": "CVE-2024-28995", + "date_added": "2024-07-17", + "due_date": "2024-08-07", + "epss": null, + "notes": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995; https://nvd.nist.gov/vuln/detail/CVE-2024-28995", + "percentile": null, + "poc_count": 36, + "product": "Serv-U", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.", + "summary": "SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.", + "vendor": "SolarWinds" + }, + { + "cve": "CVE-2024-29059", + "date_added": "2025-02-04", + "due_date": "2025-02-25", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29059", + "percentile": null, + "poc_count": 7, + "product": ".NET Framework", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.", + "summary": ".NET Framework Information Disclosure Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-29745", + "date_added": "2024-04-04", + "due_date": "2024-04-25", + "epss": null, + "notes": "https://source.android.com/docs/security/bulletin/pixel/2024-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29745", + "percentile": null, + "poc_count": 2, + "product": "Pixel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.", + "summary": "there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "vendor": "Android" + }, + { + "cve": "CVE-2024-29748", + "date_added": "2024-04-04", + "due_date": "2024-04-25", + "epss": null, + "notes": "https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://nvd.nist.gov/vuln/detail/CVE-2024-29748", + "percentile": null, + "poc_count": 2, + "product": "Pixel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.", + "summary": "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", + "vendor": "Android" + }, + { + "cve": "CVE-2024-29824", + "date_added": "2024-10-02", + "due_date": "2024-10-23", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824", + "percentile": null, + "poc_count": 32, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.", + "summary": "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-29988", + "date_added": "2024-04-30", + "due_date": "2024-05-21", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988; https://nvd.nist.gov/vuln/detail/CVE-2024-29988", + "percentile": null, + "poc_count": 5, + "product": "SmartScreen Prompt", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.", + "summary": "SmartScreen Prompt Security Feature Bypass Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-30040", + "date_added": "2024-05-14", + "due_date": "2024-06-04", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040; https://nvd.nist.gov/vuln/detail/CVE-2024-30040", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.", + "summary": "Windows MSHTML Platform Security Feature Bypass Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-30051", + "date_added": "2024-05-14", + "due_date": "2024-06-04", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051; https://nvd.nist.gov/vuln/detail/CVE-2024-30051", + "percentile": null, + "poc_count": 8, + "product": "DWM Core Library", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.", + "summary": "Windows DWM Core Library Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-30088", + "date_added": "2024-10-15", + "due_date": "2024-11-05", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-30088", + "percentile": null, + "poc_count": 24, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.", + "summary": "Windows Kernel Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-32113", + "date_added": "2024-08-07", + "due_date": "2024-08-28", + "epss": null, + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd; https://nvd.nist.gov/vuln/detail/CVE-2024-32113", + "percentile": null, + "poc_count": 12, + "product": "OFBiz", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.", + "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.Users are recommended to upgrade to version 18.12.13, which...", + "vendor": "Apache" + }, + { + "cve": "CVE-2024-3272", + "date_added": "2024-04-11", + "due_date": "2024-05-02", + "epss": null, + "notes": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3272", + "percentile": null, + "poc_count": 21, + "product": "Multiple NAS Devices", + "required_action": "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", + "short_description": "D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.", + "summary": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of t...", + "vendor": "D-Link" + }, + { + "cve": "CVE-2024-3273", + "date_added": "2024-04-11", + "due_date": "2024-05-02", + "epss": null, + "notes": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3273", + "percentile": null, + "poc_count": 37, + "product": "Multiple NAS Devices", + "required_action": "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", + "short_description": "D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.", + "summary": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_...", + "vendor": "D-Link" + }, + { + "cve": "CVE-2024-32896", + "date_added": "2024-06-13", + "due_date": "2024-07-04", + "epss": null, + "notes": "https://source.android.com/docs/security/bulletin/pixel/2024-06-01; https://nvd.nist.gov/vuln/detail/CVE-2024-32896", + "percentile": null, + "poc_count": 1, + "product": "Pixel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.", + "summary": "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", + "vendor": "Android" + }, + { + "cve": "CVE-2024-3393", + "date_added": "2024-12-30", + "due_date": "2025-01-20", + "epss": null, + "notes": "https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393", + "percentile": null, + "poc_count": 4, + "product": "PAN-OS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.", + "summary": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the...", + "vendor": "Palo Alto Networks" + }, + { + "cve": "CVE-2024-3400", + "date_added": "2024-04-12", + "due_date": "2024-04-19", + "epss": null, + "notes": "https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400", + "percentile": null, + "poc_count": 108, + "product": "PAN-OS", + "required_action": "Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.", + "short_description": "Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.", + "summary": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable a...", + "vendor": "Palo Alto Networks" + }, + { + "cve": "CVE-2024-34102", + "date_added": "2024-07-17", + "due_date": "2024-08-07", + "epss": null, + "notes": "https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102", + "percentile": null, + "poc_count": 53, + "product": "Commerce and Magento Open Source", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.", + "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An...", "vendor": "Adobe" }, { - "cve": "CVE-2012-2539", - "date_added": "2022-03-28", - "due_date": "2022-04-18", + "cve": "CVE-2024-35250", + "date_added": "2024-12-16", + "due_date": "2025-01-06", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-2539", + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 ; https://nvd.nist.gov/vuln/detail/CVE-2024-35250", "percentile": null, - "poc_count": 1, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.", - "summary": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (...", + "poc_count": 22, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.", + "summary": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft" }, { - "cve": "CVE-2012-3152", - "date_added": "2021-11-03", - "due_date": "2022-05-03", + "cve": "CVE-2024-36401", + "date_added": "2024-07-15", + "due_date": "2024-08-05", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-3152", + "notes": "This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv, https://github.com/geotools/geotools/pull/4797 ; https://nvd.nist.gov/vuln/detail/CVE-2024-36401", "percentile": null, - "poc_count": 9, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.", - "summary": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors rela...", - "vendor": "Oracle" + "poc_count": 74, + "product": "GeoServer", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.", + "summary": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauth...", + "vendor": "OSGeo" + }, + { + "cve": "CVE-2024-36971", + "date_added": "2024-08-07", + "due_date": "2024-08-28", + "epss": null, + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2024-08-01, https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u ; https://nvd.nist.gov/vuln/detail/CVE-2024-36971", + "percentile": null, + "poc_count": 2, + "product": "Kernel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.", + "summary": "In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible...", + "vendor": "Android" + }, + { + "cve": "CVE-2024-37085", + "date_added": "2024-07-30", + "due_date": "2024-08-20", + "epss": null, + "notes": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505; https://nvd.nist.gov/vuln/detail/CVE-2024-37085", + "percentile": null, + "poc_count": 6, + "product": "ESXi", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.", + "summary": "VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user m...", + "vendor": "VMware" + }, + { + "cve": "CVE-2024-37383", + "date_added": "2024-10-24", + "due_date": "2024-11-14", + "epss": null, + "notes": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383", + "percentile": null, + "poc_count": 2, + "product": "Webmail", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.", + "summary": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.", + "vendor": "Roundcube" + }, + { + "cve": "CVE-2024-38014", + "date_added": "2024-09-10", + "due_date": "2024-10-01", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.", + "summary": "Windows Installer Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38080", + "date_added": "2024-07-09", + "due_date": "2024-07-30", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080; https://nvd.nist.gov/vuln/detail/CVE-2024-38080", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.", + "summary": "Windows Hyper-V Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38094", + "date_added": "2024-10-22", + "due_date": "2024-11-12", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094", + "percentile": null, + "poc_count": 3, + "product": "SharePoint", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.", + "summary": "Microsoft SharePoint Remote Code Execution Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38112", + "date_added": "2024-07-09", + "due_date": "2024-07-30", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112", + "percentile": null, + "poc_count": 6, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.", + "summary": "Windows MSHTML Platform Spoofing Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38178", + "date_added": "2024-08-13", + "due_date": "2024-09-03", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178; https://nvd.nist.gov/vuln/detail/CVE-2024-38178", + "percentile": null, + "poc_count": 1, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.", + "summary": "Scripting Engine Memory Corruption Vulnerability", + "vendor": "Microsoft" } ] } \ No newline at end of file diff --git a/docs/api/v1/kev.json b/docs/api/v1/kev.json index 18fa506266..18375799c5 100644 --- a/docs/api/v1/kev.json +++ b/docs/api/v1/kev.json @@ -1,27 +1,13 @@ { "generated": "2025-12-17", "items": [ - { - "cve": "CVE-2025-9242", - "date_added": "2025-11-12", - "due_date": "2025-12-03", - "epss": 0.7437, - "notes": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242", - "percentile": 0.98786, - "poc_count": 0, - "product": "Firebox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.", - "summary": "", - "vendor": "WatchGuard" - }, { "cve": "CVE-2025-7775", "date_added": "2025-08-26", "due_date": "2025-08-28", "epss": 0.17354, "notes": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775", - "percentile": 0.94817, + "percentile": 0.9482, "poc_count": 15, "product": "NetScaler", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -35,7 +21,7 @@ "due_date": "2025-09-24", "epss": 0.14589, "notes": "https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-9377", - "percentile": 0.94217, + "percentile": 0.94221, "poc_count": 4, "product": "Multiple Routers", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -49,7 +35,7 @@ "due_date": "2025-08-20", "epss": 0.13881, "notes": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876", - "percentile": 0.94059, + "percentile": 0.94063, "poc_count": 6, "product": "N-Central", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -63,7 +49,7 @@ "due_date": "2025-08-20", "epss": 0.05085, "notes": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875", - "percentile": 0.89424, + "percentile": 0.89429, "poc_count": 7, "product": "N-Central", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -77,7 +63,7 @@ "due_date": "2025-09-02", "epss": 0.03156, "notes": "https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088", - "percentile": 0.8647, + "percentile": 0.86473, "poc_count": 45, "product": "WinRAR", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -85,15376 +71,6 @@ "summary": "A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovere...", "vendor": "RARLAB" }, - { - "cve": "CVE-2002-0367", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2002-0367", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.", - "summary": "smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2004-0210", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2004-0210", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.", - "summary": "The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2004-1464", - "date_added": "2023-05-19", - "due_date": "2023-06-09", - "epss": null, - "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040827-telnet; https://nvd.nist.gov/vuln/detail/CVE-2004-1464", - "percentile": null, - "poc_count": 2, - "product": "IOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.", - "summary": "Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2005-2773", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2005-2773", - "percentile": null, - "poc_count": 1, - "product": "OpenView Network Node Manager", - "required_action": "Apply updates per vendor instructions.", - "short_description": "HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.", - "summary": "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl...", - "vendor": "Hewlett Packard (HP)" - }, - { - "cve": "CVE-2006-1547", - "date_added": "2022-01-21", - "due_date": "2022-07-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2006-1547", - "percentile": null, - "poc_count": 2, - "product": "Struts 1", - "required_action": "Apply updates per vendor instructions.", - "short_description": "ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).", - "summary": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references t...", - "vendor": "Apache" - }, - { - "cve": "CVE-2006-2492", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2006-2492", - "percentile": null, - "poc_count": 3, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.", - "summary": "Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object po...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2007-0671", - "date_added": "2025-08-12", - "due_date": "2025-09-02", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671", - "percentile": null, - "poc_count": 5, - "product": "Office", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.", - "summary": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonst...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2007-3010", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2007-3010", - "percentile": null, - "poc_count": 3, - "product": "OmniPCX Enterprise", - "required_action": "Apply updates per vendor instructions.", - "short_description": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.", - "summary": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during...", - "vendor": "Alcatel" - }, - { - "cve": "CVE-2007-5659", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2007-5659", - "percentile": null, - "poc_count": 4, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.", - "summary": "Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-0655", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-0655", - "percentile": null, - "poc_count": 3, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.", - "summary": "Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-2992", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992", - "percentile": null, - "poc_count": 7, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.", - "summary": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string ar...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-3431", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-3431", - "percentile": null, - "poc_count": 5, - "product": "VirtualBox", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.", - "summary": "The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, whi...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2009-0557", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0557", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.", - "summary": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel V...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-0563", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0563", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.", - "summary": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Mic...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-0927", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927", - "percentile": null, - "poc_count": 4, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.", - "summary": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Colla...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-1123", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1123", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.", - "summary": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to ga...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-1151", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1151", - "percentile": null, - "poc_count": 19, - "product": "phpMyAdmin", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.", - "summary": "Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.", - "vendor": "phpMyAdmin" - }, - { - "cve": "CVE-2009-1862", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1862", - "percentile": null, - "poc_count": 3, - "product": "Acrobat and Reader, Flash Player", - "required_action": "For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-2055", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-2055", - "percentile": null, - "poc_count": 2, - "product": "IOS XR", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).", - "summary": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2009-3129", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3129", - "percentile": null, - "poc_count": 2, - "product": "Excel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.", - "summary": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatib...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-3953", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953", - "percentile": null, - "poc_count": 1, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.", - "summary": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF documen...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-3960", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3960", - "percentile": null, - "poc_count": 2, - "product": "BlazeDS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.", - "summary": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, all...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-4324", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324", - "percentile": null, - "poc_count": 6, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.", - "summary": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary cod...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-0188", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0188", - "percentile": null, - "poc_count": 3, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.", - "summary": "Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-0232", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0232", - "percentile": null, - "poc_count": 17, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.", - "summary": "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when acces...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-0738", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738", - "percentile": null, - "poc_count": 21, - "product": "JBoss", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.", - "summary": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST me...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-0840", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", - "percentile": null, - "poc_count": 8, - "product": "Java Runtime Environment (JRE)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.", - "summary": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and av...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2010-1297", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297", - "percentile": null, - "poc_count": 5, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to exec...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-1428", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428", - "percentile": null, - "poc_count": 3, - "product": "JBoss", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.", - "summary": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-1871", - "date_added": "2021-12-10", - "due_date": "2022-06-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1871", - "percentile": null, - "poc_count": 17, - "product": "JBoss Seam 2", - "required_action": "Apply updates per vendor instructions.", - "short_description": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.", - "summary": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-2568", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568", - "percentile": null, - "poc_count": 22, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.", - "summary": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-2572", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2572", - "percentile": null, - "poc_count": 1, - "product": "PowerPoint", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.", - "summary": "Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka \"PowerPoint Parsing Buffer Overflow Vulnerability.\"", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-2861", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2861", - "percentile": null, - "poc_count": 64, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.", - "summary": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settin...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-2883", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2883", - "percentile": null, - "poc_count": 9, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (app...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-3035", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3035", - "percentile": null, - "poc_count": 2, - "product": "IOS XR", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).", - "summary": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix annou...", - "vendor": "Cisco" - }, - { - "cve": "CVE-2010-3333", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3333", - "percentile": null, - "poc_count": 33, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.", - "summary": "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attack...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-3765", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765", - "percentile": null, - "poc_count": 4, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.", - "summary": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute ar...", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2010-3904", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904", - "percentile": null, - "poc_count": 125, - "product": "Kernel", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.", - "summary": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which a...", - "vendor": "Linux" - }, - { - "cve": "CVE-2010-3962", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962", - "percentile": null, - "poc_count": 3, - "product": "Internet Explorer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "summary": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-4344", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4344", - "percentile": null, - "poc_count": 9, - "product": "Exim", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.", - "summary": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a lar...", - "vendor": "Exim" - }, - { - "cve": "CVE-2010-4345", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4345", - "percentile": null, - "poc_count": 4, - "product": "Exim", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.", - "summary": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstra...", - "vendor": "Exim" - }, - { - "cve": "CVE-2010-4398", - "date_added": "2022-03-28", - "due_date": "2022-04-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4398", - "percentile": null, - "poc_count": 9, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.", - "summary": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Wind...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-5326", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-5326", - "percentile": null, - "poc_count": 1, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.", - "summary": "The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as ex...", - "vendor": "SAP" - }, - { - "cve": "CVE-2010-5330", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-5330", - "percentile": null, - "poc_count": 2, - "product": "AirOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.", - "summary": "On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4....", - "vendor": "Ubiquiti" - }, - { - "cve": "CVE-2011-0609", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0609", - "percentile": null, - "poc_count": 4, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bund...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-0611", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611", - "percentile": null, - "poc_count": 8, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.", - "summary": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-1823", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823", - "percentile": null, - "poc_count": 3, - "product": "Android OS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.", - "summary": "The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative...", - "vendor": "Android" - }, - { - "cve": "CVE-2011-1889", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-1889", - "percentile": null, - "poc_count": 1, - "product": "Forefront Threat Management Gateway (TMG)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.", - "summary": "The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka \"TMG Firewa...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-2005", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2005", - "percentile": null, - "poc_count": 18, - "product": "Ancillary Function Driver (afd.sys)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.", - "summary": "afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a craf...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-2462", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462", - "percentile": null, - "poc_count": 7, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or c...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-3402", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402", - "percentile": null, - "poc_count": 3, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.", - "summary": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-3544", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-3544", - "percentile": null, - "poc_count": 5, - "product": "Java SE JDK and JRE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", - "summary": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2011-4723", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723", - "percentile": null, - "poc_count": 1, - "product": "DIR-300 Router", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.", - "summary": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2012-0151", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0151", - "percentile": null, - "poc_count": 1, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.", - "summary": "The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-0158", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0158", - "percentile": null, - "poc_count": 29, - "product": "MSCOMCTL.OCX", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.", - "summary": "The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Component...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-0391", - "date_added": "2022-01-21", - "due_date": "2022-07-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0391", - "percentile": null, - "poc_count": 6, - "product": "Struts 2", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.", - "summary": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers...", - "vendor": "Apache" - }, - { - "cve": "CVE-2012-0507", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0507", - "percentile": null, - "poc_count": 6, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", - "summary": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidential...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-0518", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0518", - "percentile": null, - "poc_count": 4, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors", - "summary": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a differ...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-0754", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0754", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute ar...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-0767", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0767", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.", - "summary": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 o...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-1535", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1535", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.", - "summary": "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-1710", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1710", - "percentile": null, - "poc_count": 3, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.", - "summary": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-1723", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1723", - "percentile": null, - "poc_count": 5, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.", - "summary": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-1823", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1823", - "percentile": null, - "poc_count": 71, - "product": "PHP", - "required_action": "Apply updates per vendor instructions.", - "short_description": "sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.", - "summary": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attack...", - "vendor": "PHP" - }, - { - "cve": "CVE-2012-1856", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1856", - "percentile": null, - "poc_count": 5, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.", - "summary": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-1889", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1889", - "percentile": null, - "poc_count": 9, - "product": "XML Core Services", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.", - "summary": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-2034", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-2034", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).", - "summary": "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-2539", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-2539", - "percentile": null, - "poc_count": 1, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.", - "summary": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-3152", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-3152", - "percentile": null, - "poc_count": 9, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.", - "summary": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors rela...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-4681", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-4681", - "percentile": null, - "poc_count": 12, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-4792", - "date_added": "2024-07-23", - "due_date": "2024-08-13", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792", - "percentile": null, - "poc_count": 5, - "product": "Internet Explorer", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-4969", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-4969", - "percentile": null, - "poc_count": 2, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-5054", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-5054", - "percentile": null, - "poc_count": 2, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-5076", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-5076", - "percentile": null, - "poc_count": 3, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2013-0074", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0074", - "percentile": null, - "poc_count": 6, - "product": "Silverlight", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-0422", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0422", - "percentile": null, - "poc_count": 44, - "product": "Java Runtime Environment (JRE)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2013-0431", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0431", - "percentile": null, - "poc_count": 13, - "product": "Java Runtime Environment (JRE)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2013-0625", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0625", - "percentile": null, - "poc_count": 1, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0629", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0629", - "percentile": null, - "poc_count": 1, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0631", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0631", - "percentile": null, - "poc_count": 1, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0632", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0632", - "percentile": null, - "poc_count": 4, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0640", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0640", - "percentile": null, - "poc_count": 4, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0641", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0641", - "percentile": null, - "poc_count": 4, - "product": "Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0643", - "date_added": "2024-09-17", - "due_date": "2024-10-08", - "epss": null, - "notes": "https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643", - "percentile": null, - "poc_count": 0, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.", - "short_description": "Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-0648", - "date_added": "2024-09-17", - "due_date": "2024-10-08", - "epss": null, - "notes": "https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0648", - "percentile": null, - "poc_count": 0, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.", - "short_description": "Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-1331", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-1331", - "percentile": null, - "poc_count": 1, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-1347", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-1347", - "percentile": null, - "poc_count": 4, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-1675", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-1675", - "percentile": null, - "poc_count": 1, - "product": "Firefox", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2013-1690", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-1690", - "percentile": null, - "poc_count": 8, - "product": "Firefox and Thunderbird", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2013-2094", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094", - "percentile": null, - "poc_count": 100, - "product": "Kernel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.", - "vendor": "Linux" - }, - { - "cve": "CVE-2013-2251", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-2251", - "percentile": null, - "poc_count": 73, - "product": "Struts", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.", - "vendor": "Apache" - }, - { - "cve": "CVE-2013-2423", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-2423", - "percentile": null, - "poc_count": 4, - "product": "Java Runtime Environment (JRE)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2013-2465", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-2465", - "percentile": null, - "poc_count": 6, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D", - "vendor": "Oracle" - }, - { - "cve": "CVE-2013-2551", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-2551", - "percentile": null, - "poc_count": 5, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-2596", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc9bbca8f650e5f738af8806317c0a041a48ae4a; https://nvd.nist.gov/vuln/detail/CVE-2013-2596", - "percentile": null, - "poc_count": 11, - "product": "Kernel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.", - "vendor": "Linux" - }, - { - "cve": "CVE-2013-2597", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597; https://nvd.nist.gov/vuln/detail/CVE-2013-2597", - "percentile": null, - "poc_count": 8, - "product": "ACDB Audio Driver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android.", - "vendor": "Code Aurora" - }, - { - "cve": "CVE-2013-2729", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-2729", - "percentile": null, - "poc_count": 14, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-3163", - "date_added": "2023-03-30", - "due_date": "2023-04-20", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3346", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3346", - "percentile": null, - "poc_count": 1, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2013-3660", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3660", - "percentile": null, - "poc_count": 8, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3893", - "date_added": "2025-08-12", - "due_date": "2025-09-02", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3893", - "percentile": null, - "poc_count": 29, - "product": "Internet Explorer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3896", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3896", - "percentile": null, - "poc_count": 1, - "product": "Silverlight", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3897", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3897", - "percentile": null, - "poc_count": 2, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3900", - "date_added": "2022-01-10", - "due_date": "2022-07-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3900", - "percentile": null, - "poc_count": 84, - "product": "WinVerifyTrust function", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3906", - "date_added": "2022-02-15", - "due_date": "2022-08-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3906", - "percentile": null, - "poc_count": 7, - "product": "Graphics Component", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3918", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3918", - "percentile": null, - "poc_count": 4, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-3993", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-3993", - "percentile": null, - "poc_count": 1, - "product": "InfoSphere BigInsights", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.", - "vendor": "IBM" - }, - { - "cve": "CVE-2013-4810", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-4810", - "percentile": null, - "poc_count": 14, - "product": "ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management", - "required_action": "Apply updates per vendor instructions.", - "short_description": "HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.", - "vendor": "Hewlett Packard (HP)" - }, - { - "cve": "CVE-2013-5065", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-5065", - "percentile": null, - "poc_count": 8, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2013-5223", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-5223", - "percentile": null, - "poc_count": 3, - "product": "DSL-2760U", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2013-6282", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04; https://nvd.nist.gov/vuln/detail/CVE-2013-6282", - "percentile": null, - "poc_count": 21, - "product": "Kernel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.", - "vendor": "Linux" - }, - { - "cve": "CVE-2013-7331", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-7331", - "percentile": null, - "poc_count": 4, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-0130", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130", - "percentile": null, - "poc_count": 14, - "product": "Ruby on Rails", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.", - "vendor": "Rails" - }, - { - "cve": "CVE-2014-0160", - "date_added": "2022-05-04", - "due_date": "2022-05-25", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160", - "percentile": null, - "poc_count": 710, - "product": "OpenSSL", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.", - "vendor": "OpenSSL" - }, - { - "cve": "CVE-2014-0196", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://lkml.iu.edu/hypermail/linux/kernel/1609.1/02103.html; https://nvd.nist.gov/vuln/detail/CVE-2014-0196", - "percentile": null, - "poc_count": 71, - "product": "Kernel", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.", - "vendor": "Linux" - }, - { - "cve": "CVE-2014-0322", - "date_added": "2022-05-04", - "due_date": "2022-05-25", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-0322", - "percentile": null, - "poc_count": 19, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-0496", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-0496", - "percentile": null, - "poc_count": 1, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2014-0497", - "date_added": "2024-09-17", - "due_date": "2024-10-08", - "epss": null, - "notes": "https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2014-0497", - "percentile": null, - "poc_count": 0, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.", - "short_description": "Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2014-0502", - "date_added": "2024-09-17", - "due_date": "2024-10-08", - "epss": null, - "notes": "https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2014-0502", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.", - "short_description": "Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2014-0546", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-0546", - "percentile": null, - "poc_count": 1, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2014-0780", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-0780", - "percentile": null, - "poc_count": 2, - "product": "Web Studio", - "required_action": "Apply updates per vendor instructions.", - "short_description": "InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.", - "vendor": "InduSoft" - }, - { - "cve": "CVE-2014-100005", - "date_added": "2024-05-16", - "due_date": "2024-06-06", - "epss": null, - "notes": "https://legacy.us.dlink.com/pages/product.aspx?id=4587b63118524aec911191cc81605283; https://nvd.nist.gov/vuln/detail/CVE-2014-100005", - "percentile": null, - "poc_count": 1, - "product": "DIR-600 Router", - "required_action": "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", - "short_description": "D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2014-1761", - "date_added": "2022-02-15", - "due_date": "2022-08-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-1761", - "percentile": null, - "poc_count": 6, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-1776", - "date_added": "2022-01-28", - "due_date": "2022-07-28", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-021?redirectedfrom=MSDN; https://nvd.nist.gov/vuln/detail/CVE-2014-1776", - "percentile": null, - "poc_count": 17, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-1812", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-1812", - "percentile": null, - "poc_count": 23, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-2120", - "date_added": "2024-11-12", - "due_date": "2024-12-03", - "epss": null, - "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120", - "percentile": null, - "poc_count": 2, - "product": "Adaptive Security Appliance (ASA)", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2014-2817", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-2817", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-3120", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-3120", - "percentile": null, - "poc_count": 95, - "product": "Elasticsearch", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.", - "vendor": "Elastic" - }, - { - "cve": "CVE-2014-3153", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-3153", - "percentile": null, - "poc_count": 96, - "product": "Kernel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.", - "vendor": "Linux" - }, - { - "cve": "CVE-2014-3931", - "date_added": "2025-07-07", - "due_date": "2025-07-28", - "epss": null, - "notes": "https://mrlg.op-sec.us/ ; https://nvd.nist.gov/vuln/detail/CVE-2014-3931", - "percentile": null, - "poc_count": 3, - "product": "Multi-Router Looking Glass (MRLG)", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.", - "vendor": "Looking Glass" - }, - { - "cve": "CVE-2014-4077", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-4077", - "percentile": null, - "poc_count": 2, - "product": "Input Method Editor (IME) Japanese", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-4113", - "date_added": "2022-05-04", - "due_date": "2022-05-25", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-4113", - "percentile": null, - "poc_count": 93, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-4114", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-4114", - "percentile": null, - "poc_count": 27, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-4123", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-4123", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-4148", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-4148", - "percentile": null, - "poc_count": 1, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-4404", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-4404", - "percentile": null, - "poc_count": 1, - "product": "OS X", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.", - "vendor": "Apple" - }, - { - "cve": "CVE-2014-6271", - "date_added": "2022-01-28", - "due_date": "2022-07-28", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-6271", - "percentile": null, - "poc_count": 803, - "product": "Bourne-Again Shell (Bash)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.", - "vendor": "GNU" - }, - { - "cve": "CVE-2014-6278", - "date_added": "2025-10-02", - "due_date": "2025-10-23", - "epss": null, - "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 ; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23467 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash ; https://www.ibm.com/support/pages/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187 ; https://nvd.nist.gov/vuln/detail/CVE-2014-6278", - "percentile": null, - "poc_count": 45, - "product": "GNU Bash", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.", - "vendor": "GNU" - }, - { - "cve": "CVE-2014-6287", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-6287", - "percentile": null, - "poc_count": 50, - "product": "HTTP File Server (HFS)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.", - "vendor": "Rejetto" - }, - { - "cve": "CVE-2014-6324", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-6324", - "percentile": null, - "poc_count": 44, - "product": "Kerberos Key Distribution Center (KDC)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-6332", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-6332", - "percentile": null, - "poc_count": 34, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-6352", - "date_added": "2022-02-25", - "due_date": "2022-08-25", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-6352", - "percentile": null, - "poc_count": 5, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2014-7169", - "date_added": "2022-01-28", - "due_date": "2022-07-28", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-7169", - "percentile": null, - "poc_count": 89, - "product": "Bourne-Again Shell (Bash)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.", - "vendor": "GNU" - }, - { - "cve": "CVE-2014-8361", - "date_added": "2023-09-18", - "due_date": "2023-10-09", - "epss": null, - "notes": "https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361", - "percentile": null, - "poc_count": 8, - "product": "SDK", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.", - "vendor": "Realtek" - }, - { - "cve": "CVE-2014-8439", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-8439", - "percentile": null, - "poc_count": 3, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2014-9163", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-9163", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-0016", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-0016", - "percentile": null, - "poc_count": 5, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-0071", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-0071", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-0310", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-0310", - "percentile": null, - "poc_count": 2, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-0311", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-0311", - "percentile": null, - "poc_count": 8, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-0313", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-0313", - "percentile": null, - "poc_count": 12, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-0666", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-0666", - "percentile": null, - "poc_count": 1, - "product": "Prime Data Center Network Manager (DCNM)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2015-1130", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1130", - "percentile": null, - "poc_count": 10, - "product": "OS X", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.", - "vendor": "Apple" - }, - { - "cve": "CVE-2015-1187", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1187", - "percentile": null, - "poc_count": 3, - "product": "Multiple Devices", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.", - "vendor": "D-Link and TRENDnet" - }, - { - "cve": "CVE-2015-1427", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", - "percentile": null, - "poc_count": 93, - "product": "Elasticsearch", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.", - "vendor": "Elastic" - }, - { - "cve": "CVE-2015-1635", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1635", - "percentile": null, - "poc_count": 69, - "product": "HTTP.sys", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-1641", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1641", - "percentile": null, - "poc_count": 7, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-1642", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1642", - "percentile": null, - "poc_count": 1, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-1671", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1671", - "percentile": null, - "poc_count": 1, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-1701", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1701", - "percentile": null, - "poc_count": 74, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-1769", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1769", - "percentile": null, - "poc_count": 4, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-1770", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1770", - "percentile": null, - "poc_count": 1, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2051", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2051", - "percentile": null, - "poc_count": 4, - "product": "DIR-645 Router", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2015-2291", - "date_added": "2023-02-10", - "due_date": "2023-03-03", - "epss": null, - "notes": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html; https://nvd.nist.gov/vuln/detail/CVE-2015-2291", - "percentile": null, - "poc_count": 17, - "product": "Ethernet Diagnostics Driver for Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).", - "vendor": "Intel" - }, - { - "cve": "CVE-2015-2360", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2360", - "percentile": null, - "poc_count": 1, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2387", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2387", - "percentile": null, - "poc_count": 10, - "product": "ATM Font Driver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2419", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2419", - "percentile": null, - "poc_count": 4, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2424", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2424", - "percentile": null, - "poc_count": 1, - "product": "PowerPoint", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2425", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2425", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2426", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2426", - "percentile": null, - "poc_count": 34, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2502", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2502", - "percentile": null, - "poc_count": 2, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2545", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2545", - "percentile": null, - "poc_count": 21, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2546", - "date_added": "2022-03-15", - "due_date": "2022-04-05", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2546", - "percentile": null, - "poc_count": 24, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-2590", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-2590", - "percentile": null, - "poc_count": 3, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2015-3035", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-3035", - "percentile": null, - "poc_count": 4, - "product": "Multiple Archer Devices", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.", - "vendor": "TP-Link" - }, - { - "cve": "CVE-2015-3043", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-3043", - "percentile": null, - "poc_count": 3, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-3113", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-3113", - "percentile": null, - "poc_count": 2, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-4068", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-4068", - "percentile": null, - "poc_count": 1, - "product": "Unified Data Protection (UDP)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.", - "vendor": "Arcserve" - }, - { - "cve": "CVE-2015-4495", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-4495", - "percentile": null, - "poc_count": 4, - "product": "Firefox", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2015-4852", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-4852", - "percentile": null, - "poc_count": 71, - "product": "WebLogic Server", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2015-4902", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-4902", - "percentile": null, - "poc_count": 2, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2015-5119", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-5119", - "percentile": null, - "poc_count": 32, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-5122", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-5122", - "percentile": null, - "poc_count": 20, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-5123", - "date_added": "2022-04-13", - "due_date": "2022-05-04", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-5123", - "percentile": null, - "poc_count": 3, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-5317", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317", - "percentile": null, - "poc_count": 10, - "product": "Jenkins User Interface (UI)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the \"Fingerprints\" pages.", - "vendor": "Jenkins" - }, - { - "cve": "CVE-2015-6175", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-6175", - "percentile": null, - "poc_count": 1, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2015-7450", - "date_added": "2022-01-10", - "due_date": "2022-07-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-7450", - "percentile": null, - "poc_count": 54, - "product": "WebSphere Application Server and Server Hypervisor Edition", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands", - "vendor": "IBM" - }, - { - "cve": "CVE-2015-7645", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-7645", - "percentile": null, - "poc_count": 8, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2015-7755", - "date_added": "2025-10-02", - "due_date": "2025-10-23", - "epss": null, - "notes": "https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https://nvd.nist.gov/vuln/detail/CVE-2015-7755", - "percentile": null, - "poc_count": 18, - "product": "ScreenOS", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.", - "vendor": "Juniper" - }, - { - "cve": "CVE-2015-8651", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-8651", - "percentile": null, - "poc_count": 5, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Integer overflow in Adobe Flash Player allows attackers to execute code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-0034", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0034", - "percentile": null, - "poc_count": 3, - "product": "Silverlight", - "required_action": "The impacted products are end-of-life and should be disconnected if still in use.", - "short_description": "Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0040", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0040", - "percentile": null, - "poc_count": 24, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0099", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0099", - "percentile": null, - "poc_count": 24, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0151", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0151", - "percentile": null, - "poc_count": 2, - "product": "Client-Server Run-time Subsystem (CSRSS)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0162", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0162", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0165", - "date_added": "2023-06-22", - "due_date": "2023-07-13", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039; https://nvd.nist.gov/vuln/detail/CVE-2016-0165", - "percentile": null, - "poc_count": 6, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0167", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0167", - "percentile": null, - "poc_count": 5, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0185", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0185", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0189", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0189", - "percentile": null, - "poc_count": 17, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-0752", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", - "percentile": null, - "poc_count": 21, - "product": "Ruby on Rails", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.", - "vendor": "Rails" - }, - { - "cve": "CVE-2016-0984", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0984", - "percentile": null, - "poc_count": 2, - "product": "Flash Player and AIR", - "required_action": "The impacted products are end-of-life and should be disconnected if still in use.", - "short_description": "Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-10033", - "date_added": "2025-07-07", - "due_date": "2025-07-28", - "epss": null, - "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033", - "percentile": null, - "poc_count": 227, - "product": "PHPMailer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.", - "vendor": "PHP" - }, - { - "cve": "CVE-2016-1010", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-1010", - "percentile": null, - "poc_count": 4, - "product": "Flash Player and AIR", - "required_action": "The impacted products are end-of-life and should be disconnected if still in use.", - "short_description": "Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-10174", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-10174", - "percentile": null, - "poc_count": 4, - "product": "WNR2000v5 Router", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2016-1019", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-1019", - "percentile": null, - "poc_count": 7, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-11021", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-11021", - "percentile": null, - "poc_count": 3, - "product": "DCS-930L Devices", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2016-1555", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-1555", - "percentile": null, - "poc_count": 14, - "product": "Wireless Access Point (WAP) Devices", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2016-1646", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-1646", - "percentile": null, - "poc_count": 7, - "product": "Chromium V8", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2016-20017", - "date_added": "2024-01-08", - "due_date": "2024-01-29", - "epss": null, - "notes": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088; https://nvd.nist.gov/vuln/detail/CVE-2016-20017", - "percentile": null, - "poc_count": 2, - "product": "DSL-2750B Devices", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.", - "vendor": "D-Link" - }, - { - "cve": "CVE-2016-2386", - "date_added": "2022-06-09", - "due_date": "2022-06-30", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-2386", - "percentile": null, - "poc_count": 10, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", - "vendor": "SAP" - }, - { - "cve": "CVE-2016-2388", - "date_added": "2022-06-09", - "due_date": "2022-06-30", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-2388", - "percentile": null, - "poc_count": 8, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.", - "vendor": "SAP" - }, - { - "cve": "CVE-2016-3088", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", - "percentile": null, - "poc_count": 61, - "product": "ActiveMQ", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request", - "vendor": "Apache" - }, - { - "cve": "CVE-2016-3235", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3235", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-3298", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3298", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-3309", - "date_added": "2022-03-15", - "due_date": "2022-04-05", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3309", - "percentile": null, - "poc_count": 46, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-3351", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3351", - "percentile": null, - "poc_count": 3, - "product": "Internet Explorer and Edge", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-3393", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3393", - "percentile": null, - "poc_count": 1, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-3427", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/cpuapr2016v3.html; https://nvd.nist.gov/vuln/detail/CVE-2016-3427", - "percentile": null, - "poc_count": 25, - "product": "Java SE and JRockit", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2016-3643", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3643", - "percentile": null, - "poc_count": 4, - "product": "Virtualization Manager", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.", - "vendor": "SolarWinds" - }, - { - "cve": "CVE-2016-3714", - "date_added": "2024-09-09", - "due_date": "2024-09-30", - "epss": null, - "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714", - "percentile": null, - "poc_count": 102, - "product": "ImageMagick", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.", - "vendor": "ImageMagick" - }, - { - "cve": "CVE-2016-3715", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3715", - "percentile": null, - "poc_count": 8, - "product": "ImageMagick", - "required_action": "Apply updates per vendor instructions.", - "short_description": "ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.", - "vendor": "ImageMagick" - }, - { - "cve": "CVE-2016-3718", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3718", - "percentile": null, - "poc_count": 20, - "product": "ImageMagick", - "required_action": "Apply updates per vendor instructions.", - "short_description": "ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.", - "vendor": "ImageMagick" - }, - { - "cve": "CVE-2016-3976", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-3976", - "percentile": null, - "poc_count": 6, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.", - "vendor": "SAP" - }, - { - "cve": "CVE-2016-4117", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4117", - "percentile": null, - "poc_count": 8, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-4171", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4171", - "percentile": null, - "poc_count": 2, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Unspecified vulnerability in Adobe Flash Player allows for remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-4437", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", - "percentile": null, - "poc_count": 71, - "product": "Shiro", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the \"remember me\" feature.", - "vendor": "Apache" - }, - { - "cve": "CVE-2016-4523", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4523", - "percentile": null, - "poc_count": 1, - "product": "VTScada (formerly VTS)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).", - "vendor": "Trihedral" - }, - { - "cve": "CVE-2016-4655", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4655", - "percentile": null, - "poc_count": 27, - "product": "iOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.", - "vendor": "Apple" - }, - { - "cve": "CVE-2016-4656", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4656", - "percentile": null, - "poc_count": 23, - "product": "iOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.", - "vendor": "Apple" - }, - { - "cve": "CVE-2016-4657", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-4657", - "percentile": null, - "poc_count": 18, - "product": "iOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.", - "vendor": "Apple" - }, - { - "cve": "CVE-2016-5195", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-5195", - "percentile": null, - "poc_count": 551, - "product": "Kernel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.", - "vendor": "Linux" - }, - { - "cve": "CVE-2016-5198", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-5198", - "percentile": null, - "poc_count": 6, - "product": "Chromium V8", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2016-6277", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-6277", - "percentile": null, - "poc_count": 19, - "product": "Multiple Routers", - "required_action": "Apply updates per vendor instructions.", - "short_description": "NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2016-6366", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-6366", - "percentile": null, - "poc_count": 22, - "product": "Adaptive Security Appliance (ASA)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2016-6367", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-6367", - "percentile": null, - "poc_count": 2, - "product": "Adaptive Security Appliance (ASA)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2016-6415", - "date_added": "2023-05-19", - "due_date": "2023-06-09", - "epss": null, - "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1; https://nvd.nist.gov/vuln/detail/CVE-2016-6415", - "percentile": null, - "poc_count": 8, - "product": "IOS, IOS XR, and IOS XE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2016-7193", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7193", - "percentile": null, - "poc_count": 3, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-7200", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7200", - "percentile": null, - "poc_count": 23, - "product": "Edge", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-7201", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7201", - "percentile": null, - "poc_count": 22, - "product": "Edge", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-7255", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7255", - "percentile": null, - "poc_count": 69, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-7256", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7256", - "percentile": null, - "poc_count": 1, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-7262", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7262", - "percentile": null, - "poc_count": 1, - "product": "Excel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2016-7836", - "date_added": "2025-10-14", - "due_date": "2025-11-04", - "epss": null, - "notes": "https://www.skyseaclientview.net/news/161221/ ; https://nvd.nist.gov/vuln/detail/CVE-2016-7836", - "percentile": null, - "poc_count": 0, - "product": "Client View", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.", - "vendor": "SKYSEA" - }, - { - "cve": "CVE-2016-7855", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855", - "percentile": null, - "poc_count": 4, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-7892", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7892", - "percentile": null, - "poc_count": 2, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2016-8562", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-8562", - "percentile": null, - "poc_count": 1, - "product": "SIMATIC CP", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.", - "vendor": "Siemens" - }, - { - "cve": "CVE-2016-8735", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735", - "percentile": null, - "poc_count": 42, - "product": "Tomcat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.", - "vendor": "Apache" - }, - { - "cve": "CVE-2016-9079", - "date_added": "2023-06-22", - "due_date": "2023-07-13", - "epss": null, - "notes": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079", - "percentile": null, - "poc_count": 13, - "product": "Firefox, Firefox ESR, and Thunderbird", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2016-9563", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-9563", - "percentile": null, - "poc_count": 2, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.", - "vendor": "SAP" - }, - { - "cve": "CVE-2017-0001", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0001", - "percentile": null, - "poc_count": 5, - "product": "Graphics Device Interface (GDI)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0005", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0005", - "percentile": null, - "poc_count": 17, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0022", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0022", - "percentile": null, - "poc_count": 3, - "product": "XML Core Services", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0037", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0037", - "percentile": null, - "poc_count": 18, - "product": "Edge and Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0059", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0059", - "percentile": null, - "poc_count": 13, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0101", - "date_added": "2022-03-15", - "due_date": "2022-04-05", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0101", - "percentile": null, - "poc_count": 9, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0143", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0143", - "percentile": null, - "poc_count": 206, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0144", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0144", - "percentile": null, - "poc_count": 323, - "product": "SMBv1", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0145", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0145", - "percentile": null, - "poc_count": 101, - "product": "SMBv1", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0146", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0146", - "percentile": null, - "poc_count": 64, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0147", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0147", - "percentile": null, - "poc_count": 42, - "product": "SMBv1 server", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0148", - "date_added": "2022-04-06", - "due_date": "2022-04-27", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0148", - "percentile": null, - "poc_count": 62, - "product": "SMBv1 server", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0149", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0149", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0199", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0199", - "percentile": null, - "poc_count": 233, - "product": "Office and WordPad", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0210", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0210", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0213", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0213", - "percentile": null, - "poc_count": 108, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0222", - "date_added": "2022-02-25", - "due_date": "2022-08-25", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0222", - "percentile": null, - "poc_count": 1, - "product": "Internet Explorer", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0261", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0261", - "percentile": null, - "poc_count": 9, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0262", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0262", - "percentile": null, - "poc_count": 6, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in Microsoft Office.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-0263", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-0263", - "percentile": null, - "poc_count": 13, - "product": "Win32k", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-1000253", - "date_added": "2024-09-09", - "due_date": "2024-09-30", - "epss": null, - "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253", - "percentile": null, - "poc_count": 8, - "product": "Kernel", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.", - "vendor": "Linux" - }, - { - "cve": "CVE-2017-1000353", - "date_added": "2025-10-02", - "due_date": "2025-10-23", - "epss": null, - "notes": "https://www.jenkins.io/security/advisory/2017-04-26/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-1000353", - "percentile": null, - "poc_count": 62, - "product": "Jenkins", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.", - "vendor": "Jenkins" - }, - { - "cve": "CVE-2017-1000486", - "date_added": "2022-01-10", - "due_date": "2022-07-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000486", - "percentile": null, - "poc_count": 21, - "product": "Primefaces Application", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution", - "vendor": "Primetek" - }, - { - "cve": "CVE-2017-10271", - "date_added": "2022-02-10", - "due_date": "2022-08-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-10271", - "percentile": null, - "poc_count": 270, - "product": "WebLogic Server", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2017-11292", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292", - "percentile": null, - "poc_count": 3, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2017-11317", - "date_added": "2022-04-11", - "due_date": "2022-05-02", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-11317", - "percentile": null, - "poc_count": 19, - "product": "User Interface (UI) for ASP.NET AJAX", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.", - "vendor": "Telerik" - }, - { - "cve": "CVE-2017-11357", - "date_added": "2023-01-26", - "due_date": "2023-02-16", - "epss": null, - "notes": "https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357", - "percentile": null, - "poc_count": 13, - "product": "User Interface (UI) for ASP.NET AJAX", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.", - "vendor": "Telerik" - }, - { - "cve": "CVE-2017-11774", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-11774", - "percentile": null, - "poc_count": 6, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-11826", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-11826", - "percentile": null, - "poc_count": 10, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-11882", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-11882", - "percentile": null, - "poc_count": 231, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2017-12149", - "date_added": "2021-12-10", - "due_date": "2022-06-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12149", - "percentile": null, - "poc_count": 128, - "product": "JBoss Application Server", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2017-12231", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12231", - "percentile": null, - "poc_count": 1, - "product": "IOS software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12232", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12232", - "percentile": null, - "poc_count": 1, - "product": "IOS software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12233", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12233", - "percentile": null, - "poc_count": 1, - "product": "IOS software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12234", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12234", - "percentile": null, - "poc_count": 1, - "product": "IOS software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12235", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12235", - "percentile": null, - "poc_count": 1, - "product": "IOS software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12237", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12237", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12238", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12238", - "percentile": null, - "poc_count": 1, - "product": "Catalyst 6800 Series Switches", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12240", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12240", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12319", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12319", - "percentile": null, - "poc_count": 1, - "product": "IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-12615", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615", - "percentile": null, - "poc_count": 132, - "product": "Tomcat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", - "vendor": "Apache" - }, - { - "cve": "CVE-2017-12617", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617", - "percentile": null, - "poc_count": 119, - "product": "Tomcat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", - "vendor": "Apache" - }, - { - "cve": "CVE-2017-12637", - "date_added": "2025-03-19", - "due_date": "2025-04-09", - "epss": null, - "notes": "SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3476549 ; https://nvd.nist.gov/vuln/detail/CVE-2017-12637", - "percentile": null, - "poc_count": 11, - "product": "NetWeaver", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.", - "vendor": "SAP" - }, - { - "cve": "CVE-2017-15944", - "date_added": "2022-08-18", - "due_date": "2022-09-08", - "epss": null, - "notes": "https://security.paloaltonetworks.com/CVE-2017-15944; https://nvd.nist.gov/vuln/detail/CVE-2017-15944", - "percentile": null, - "poc_count": 14, - "product": "PAN-OS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.", - "vendor": "Palo Alto Networks" - }, - { - "cve": "CVE-2017-16651", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-16651", - "percentile": null, - "poc_count": 4, - "product": "Roundcube Webmail", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.", - "vendor": "Roundcube" - }, - { - "cve": "CVE-2017-17562", - "date_added": "2021-12-10", - "due_date": "2022-06-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-17562", - "percentile": null, - "poc_count": 45, - "product": "GoAhead", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.", - "vendor": "Embedthis" - }, - { - "cve": "CVE-2017-18362", - "date_added": "2022-05-24", - "due_date": "2022-06-14", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-18362", - "percentile": null, - "poc_count": 4, - "product": "Virtual System/Server Administrator (VSA)", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.", - "vendor": "Kaseya" - }, - { - "cve": "CVE-2017-18368", - "date_added": "2023-08-07", - "due_date": "2023-08-28", - "epss": null, - "notes": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware; https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe; https://nvd.nist.gov/vuln/detail/CVE-2017-18368", - "percentile": null, - "poc_count": 4, - "product": "P660HN-T1A Routers", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.", - "vendor": "Zyxel" - }, - { - "cve": "CVE-2017-3066", - "date_added": "2025-02-24", - "due_date": "2025-03-17", - "epss": null, - "notes": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2017-3066", - "percentile": null, - "poc_count": 31, - "product": "ColdFusion", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2017-3506", - "date_added": "2024-06-03", - "due_date": "2024-06-24", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/cpuapr2017.html; https://nvd.nist.gov/vuln/detail/CVE-2017-3506", - "percentile": null, - "poc_count": 98, - "product": "WebLogic Server", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2017-3881", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-3881", - "percentile": null, - "poc_count": 17, - "product": "IOS and IOS XE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-5030", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-5030", - "percentile": null, - "poc_count": 9, - "product": "Chromium V8", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2017-5070", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-5070", - "percentile": null, - "poc_count": 9, - "product": "Chromium V8", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2017-5521", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability; https://nvd.nist.gov/vuln/detail/CVE-2017-5521", - "percentile": null, - "poc_count": 5, - "product": "Multiple Devices", - "required_action": "Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.", - "short_description": "Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2017-5638", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638", - "percentile": null, - "poc_count": 399, - "product": "Struts", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.", - "vendor": "Apache" - }, - { - "cve": "CVE-2017-5689", - "date_added": "2022-01-28", - "due_date": "2022-07-28", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-5689", - "percentile": null, - "poc_count": 75, - "product": "Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Intel products contain a vulnerability which can allow attackers to perform privilege escalation.", - "vendor": "Intel" - }, - { - "cve": "CVE-2017-6077", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6077", - "percentile": null, - "poc_count": 3, - "product": "Wireless Router DGN2200", - "required_action": "Apply updates per vendor instructions.", - "short_description": "NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2017-6316", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6316", - "percentile": null, - "poc_count": 3, - "product": "NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.", - "vendor": "Citrix" - }, - { - "cve": "CVE-2017-6327", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6327", - "percentile": null, - "poc_count": 5, - "product": "Symantec Messaging Gateway", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.", - "vendor": "Symantec" - }, - { - "cve": "CVE-2017-6334", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6334", - "percentile": null, - "poc_count": 5, - "product": "DGN2200 Devices", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2017-6627", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6627", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6663", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6663", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6736", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6736", - "percentile": null, - "poc_count": 10, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6737", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6737", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6738", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6738", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6739", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6739", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6740", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6740", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6742", - "date_added": "2023-04-19", - "due_date": "2023-05-10", - "epss": null, - "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp; https://nvd.nist.gov/vuln/detail/CVE-2017-6742", - "percentile": null, - "poc_count": 3, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6743", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6743", - "percentile": null, - "poc_count": 1, - "product": "IOS and IOS XE Software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6744", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6744", - "percentile": null, - "poc_count": 1, - "product": "IOS software", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2017-6862", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-6862", - "percentile": null, - "poc_count": 2, - "product": "Multiple Devices", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.", - "vendor": "NETGEAR" - }, - { - "cve": "CVE-2017-6884", - "date_added": "2023-09-18", - "due_date": "2023-10-09", - "epss": null, - "notes": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https://www.zyxelguard.com/Zyxel-EOL.asp; https://nvd.nist.gov/vuln/detail/CVE-2017-6884", - "percentile": null, - "poc_count": 6, - "product": "EMG2926 Routers", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.", - "vendor": "Zyxel" - }, - { - "cve": "CVE-2017-7269", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-7269", - "percentile": null, - "poc_count": 115, - "product": "Internet Information Services (IIS)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with \"If: dst_cache must be cleared, leading to possible...", "vendor": "Android" }, { @@ -16298,6 +964,7 @@ "product": "ESXi", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.", + "summary": "VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user m...", "vendor": "VMware" }, { @@ -16311,6 +978,7 @@ "product": "Webmail", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.", + "summary": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.", "vendor": "Roundcube" }, { @@ -16324,6 +992,7 @@ "product": "Windows", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.", + "summary": "Windows Installer Elevation of Privilege Vulnerability", "vendor": "Microsoft" }, { @@ -16337,6 +1006,7 @@ "product": "Windows", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.", + "summary": "Windows Hyper-V Elevation of Privilege Vulnerability", "vendor": "Microsoft" }, { @@ -16350,32 +1020,7 @@ "product": "SharePoint", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2024-38106", - "date_added": "2024-08-13", - "due_date": "2024-09-03", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106; https://nvd.nist.gov/vuln/detail/CVE-2024-38106", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2024-38107", - "date_added": "2024-08-13", - "due_date": "2024-09-03", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107; https://nvd.nist.gov/vuln/detail/CVE-2024-38107", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.", + "summary": "Microsoft SharePoint Remote Code Execution Vulnerability", "vendor": "Microsoft" }, { @@ -16389,6 +1034,7 @@ "product": "Windows", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.", + "summary": "Windows MSHTML Platform Spoofing Vulnerability", "vendor": "Microsoft" }, { @@ -16402,6 +1048,7 @@ "product": "Windows", "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "short_description": "Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.", + "summary": "Scripting Engine Memory Corruption Vulnerability", "vendor": "Microsoft" }, { @@ -16456,19 +1103,6 @@ "short_description": "Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.", "vendor": "Microsoft" }, - { - "cve": "CVE-2024-38226", - "date_added": "2024-09-10", - "due_date": "2024-10-01", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226", - "percentile": null, - "poc_count": 0, - "product": "Publisher", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.", - "vendor": "Microsoft" - }, { "cve": "CVE-2024-38475", "date_added": "2025-05-01", @@ -16534,19 +1168,6 @@ "short_description": "The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.", "vendor": "Versa" }, - { - "cve": "CVE-2024-39891", - "date_added": "2024-07-23", - "due_date": "2024-08-13", - "epss": null, - "notes": "https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891", - "percentile": null, - "poc_count": 0, - "product": "Authy", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.", - "vendor": "Twilio" - }, { "cve": "CVE-2024-4040", "date_added": "2024-04-24", @@ -16690,19 +1311,6 @@ "short_description": "Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.", "vendor": "Microsoft" }, - { - "cve": "CVE-2024-43461", - "date_added": "2024-09-16", - "due_date": "2024-10-07", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43461", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.", - "vendor": "Microsoft" - }, { "cve": "CVE-2024-43572", "date_added": "2024-10-08", @@ -16716,19 +1324,6 @@ "short_description": "Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.", "vendor": "Microsoft" }, - { - "cve": "CVE-2024-43573", - "date_added": "2024-10-08", - "due_date": "2024-10-29", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43573", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.", - "vendor": "Microsoft" - }, { "cve": "CVE-2024-4358", "date_added": "2024-06-13", @@ -16950,19 +1545,6 @@ "short_description": "Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.", "vendor": "Google" }, - { - "cve": "CVE-2024-4978", - "date_added": "2024-05-29", - "due_date": "2024-06-19", - "epss": null, - "notes": "Please follow the vendor’s instructions as outlined in the public statements at https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack#remediation and https://www.javs.com/downloads; https://nvd.nist.gov/vuln/detail/CVE-2024-4978", - "percentile": null, - "poc_count": 0, - "product": "Viewer", - "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "short_description": "Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.", - "vendor": "Justice AV Solutions" - }, { "cve": "CVE-2024-50302", "date_added": "2025-03-04", @@ -17561,32 +2143,6 @@ "short_description": "Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.", "vendor": "Google" }, - { - "cve": "CVE-2025-11371", - "date_added": "2025-11-04", - "due_date": "2025-11-25", - "epss": null, - "notes": "https://www.centrestack.com/p/gce_latest_release.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-11371", - "percentile": null, - "poc_count": 0, - "product": "CentreStack and Triofox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.", - "vendor": "Gladinet" - }, - { - "cve": "CVE-2025-12480", - "date_added": "2025-11-12", - "due_date": "2025-12-03", - "epss": null, - "notes": "https://access.triofox.com/releases_history ; https://nvd.nist.gov/vuln/detail/CVE-2025-12480", - "percentile": null, - "poc_count": 0, - "product": "Triofox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.", - "vendor": "Gladinet" - }, { "cve": "CVE-2025-1316", "date_added": "2025-03-19", @@ -17600,45 +2156,6 @@ "short_description": "Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", "vendor": "Edimax" }, - { - "cve": "CVE-2025-13223", - "date_added": "2025-11-19", - "due_date": "2025-12-10", - "epss": null, - "notes": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-13223", - "percentile": null, - "poc_count": 0, - "product": "Chromium V8", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.", - "vendor": "Google" - }, - { - "cve": "CVE-2025-14174", - "date_added": "2025-12-12", - "due_date": "2026-01-02", - "epss": null, - "notes": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html ; https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security ; https://nvd.nist.gov/vuln/detail/CVE-2025-14174", - "percentile": null, - "poc_count": 0, - "product": "Chromium", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", - "vendor": "Google" - }, - { - "cve": "CVE-2025-14611", - "date_added": "2025-12-15", - "due_date": "2026-01-05", - "epss": null, - "notes": "https://www.centrestack.com/p/gce_latest_release.html ; https://access.triofox.com/releases_history/; https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h_01JQRV57T37HJFQZKBZH9NBXQP ; https://nvd.nist.gov/vuln/detail/CVE-2025-14611", - "percentile": null, - "poc_count": 0, - "product": "CentreStack and Triofox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.", - "vendor": "Gladinet" - }, { "cve": "CVE-2025-1976", "date_added": "2025-04-28", @@ -17717,19 +2234,6 @@ "short_description": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333.", "vendor": "Cisco" }, - { - "cve": "CVE-2025-21042", - "date_added": "2025-11-10", - "due_date": "2025-12-01", - "epss": null, - "notes": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042", - "percentile": null, - "poc_count": 0, - "product": "Mobile Devices", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.", - "vendor": "Samsung" - }, { "cve": "CVE-2025-21043", "date_added": "2025-10-02", @@ -18081,19 +2585,6 @@ "short_description": "Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.", "vendor": "Microsoft" }, - { - "cve": "CVE-2025-24990", - "date_added": "2025-10-14", - "due_date": "2025-11-04", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24990", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.", - "vendor": "Microsoft" - }, { "cve": "CVE-2025-24991", "date_added": "2025-03-11", @@ -18601,19 +3092,6 @@ "short_description": "Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.", "vendor": "Smartbedded" }, - { - "cve": "CVE-2025-41244", - "date_added": "2025-10-30", - "due_date": "2025-11-20", - "epss": null, - "notes": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244", - "percentile": null, - "poc_count": 0, - "product": "VMware Aria Operations and VMware Tools", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.", - "vendor": "Broadcom" - }, { "cve": "CVE-2025-42599", "date_added": "2025-04-28", @@ -18666,19 +3144,6 @@ "short_description": "Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.", "vendor": "Apple" }, - { - "cve": "CVE-2025-43529", - "date_added": "2025-12-15", - "due_date": "2026-01-05", - "epss": null, - "notes": "https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529", - "percentile": null, - "poc_count": 0, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.", - "vendor": "Apple" - }, { "cve": "CVE-2025-4427", "date_added": "2025-05-19", @@ -18783,32 +3248,6 @@ "short_description": "Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.", "vendor": "Android" }, - { - "cve": "CVE-2025-48572", - "date_added": "2025-12-02", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572", - "percentile": null, - "poc_count": 0, - "product": "Framework", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Android Framework contains an unspecified vulnerability that allows for privilege escalation.", - "vendor": "Android" - }, - { - "cve": "CVE-2025-48633", - "date_added": "2025-12-02", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633", - "percentile": null, - "poc_count": 0, - "product": "Framework", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Android Framework contains an unspecified vulnerability that allows for information disclosure.", - "vendor": "Android" - }, { "cve": "CVE-2025-48703", "date_added": "2025-11-04", @@ -18991,19 +3430,6 @@ "short_description": "Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.", "vendor": "Meta Platforms" }, - { - "cve": "CVE-2025-55182", - "date_added": "2025-12-05", - "due_date": "2025-12-12", - "epss": null, - "notes": "Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, please see: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://github.com/vercel-labs/fix-react2shell-next?tab=readme-ov-file ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182", - "percentile": null, - "poc_count": 0, - "product": "React Server Components", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.", - "vendor": "Meta" - }, { "cve": "CVE-2025-5777", "date_added": "2025-07-10", @@ -19030,162 +3456,6 @@ "short_description": "Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.", "vendor": "Sangoma" }, - { - "cve": "CVE-2025-58034", - "date_added": "2025-11-18", - "due_date": "2025-11-25", - "epss": null, - "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034", - "percentile": null, - "poc_count": 0, - "product": "FortiWeb", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.", - "vendor": "Fortinet" - }, - { - "cve": "CVE-2025-58360", - "date_added": "2025-12-11", - "due_date": "2026-01-01", - "epss": null, - "notes": "This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525 ; https://osgeo-org.atlassian.net/browse/GEOS-11922 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58360", - "percentile": null, - "poc_count": 0, - "product": "GeoServer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.", - "vendor": "OSGeo" - }, - { - "cve": "CVE-2025-59230", - "date_added": "2025-10-14", - "due_date": "2025-11-04", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59230", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2025-59287", - "date_added": "2025-10-24", - "due_date": "2025-11-14", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2025-59689", - "date_added": "2025-09-29", - "due_date": "2025-10-20", - "epss": null, - "notes": "https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59689", - "percentile": null, - "poc_count": 0, - "product": "Email Security Gateway", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.", - "vendor": "Libraesva" - }, - { - "cve": "CVE-2025-59718", - "date_added": "2025-12-16", - "due_date": "2025-12-23", - "epss": null, - "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ; https://docs.fortinet.com/upgrade-tool/fortigate ; https://nvd.nist.gov/vuln/detail/CVE-2025-59718", - "percentile": null, - "poc_count": 0, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.", - "vendor": "Fortinet" - }, - { - "cve": "CVE-2025-61757", - "date_added": "2025-11-21", - "due_date": "2025-12-12", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757", - "percentile": null, - "poc_count": 0, - "product": "Fusion Middleware", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2025-61882", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61882", - "percentile": null, - "poc_count": 0, - "product": "E-Business Suite", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2025-61884", - "date_added": "2025-10-20", - "due_date": "2025-11-10", - "epss": null, - "notes": "https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884", - "percentile": null, - "poc_count": 0, - "product": "E-Business Suite", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.", - "vendor": "Oracle" - }, - { - "cve": "CVE-2025-61932", - "date_added": "2025-10-22", - "due_date": "2025-11-12", - "epss": null, - "notes": "https://www.motex.co.jp/news/notice/2025/release251020/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-61932", - "percentile": null, - "poc_count": 0, - "product": "LANSCOPE Endpoint Manager", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.", - "vendor": "Motex" - }, - { - "cve": "CVE-2025-6204", - "date_added": "2025-10-28", - "due_date": "2025-11-18", - "epss": null, - "notes": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6204", - "percentile": null, - "poc_count": 0, - "product": "DELMIA Apriso", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.", - "vendor": "Dassault Systèmes" - }, - { - "cve": "CVE-2025-6205", - "date_added": "2025-10-28", - "due_date": "2025-11-18", - "epss": null, - "notes": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6205", - "percentile": null, - "poc_count": 0, - "product": "DELMIA Apriso", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.", - "vendor": "Dassault Systèmes" - }, { "cve": "CVE-2025-6218", "date_added": "2025-12-09", @@ -19199,45 +3469,6 @@ "short_description": "RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.", "vendor": "RARLAB" }, - { - "cve": "CVE-2025-62215", - "date_added": "2025-11-12", - "due_date": "2025-12-03", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62215", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2025-62221", - "date_added": "2025-12-09", - "due_date": "2025-12-30", - "epss": null, - "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62221", - "percentile": null, - "poc_count": 0, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2025-64446", - "date_added": "2025-11-14", - "due_date": "2025-11-21", - "epss": null, - "notes": "https://www.fortiguard.com/psirt/FG-IR-25-910 ; https://nvd.nist.gov/vuln/detail/CVE-2025-64446", - "percentile": null, - "poc_count": 0, - "product": "FortiWeb", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.", - "vendor": "Fortinet" - }, { "cve": "CVE-2025-6543", "date_added": "2025-06-30", @@ -19276,19 +3507,6 @@ "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "short_description": "Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", "vendor": "Google" - }, - { - "cve": "CVE-2025-66644", - "date_added": "2025-12-08", - "due_date": "2025-12-29", - "epss": null, - "notes": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644", - "percentile": null, - "poc_count": 0, - "product": "ArrayOS AG", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.", - "vendor": "Array Networks" } ] } \ No newline at end of file diff --git a/docs/api/v1/snapshots/2025-12-17.json b/docs/api/v1/snapshots/2025-12-17.json index 43a142a2a0..2a10ef6c6b 100644 --- a/docs/api/v1/snapshots/2025-12-17.json +++ b/docs/api/v1/snapshots/2025-12-17.json @@ -1,99 +1,57 @@ { "generated": "2025-12-17", "high_epss": [ - { - "cve": "CVE-2025-9316", - "epss": 0.78706, - "percentile": 0.98995, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8943", "epss": 0.6583, - "percentile": 0.9843, + "percentile": 0.98431, "poc_count": 1, "summary": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro..." }, - { - "cve": "CVE-2025-8489", - "epss": 0.43315, - "percentile": 0.97363, - "poc_count": 0, - "summary": "" - }, - { - "cve": "CVE-2025-8426", - "epss": 0.3937, - "percentile": 0.97134, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8518", "epss": 0.33903, - "percentile": 0.96792, + "percentile": 0.96794, "poc_count": 1, "summary": "A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l..." }, - { - "cve": "CVE-2025-8868", - "epss": 0.17119, - "percentile": 0.94767, - "poc_count": 0, - "summary": "" - }, { "cve": "CVE-2025-8730", "epss": 0.11861, - "percentile": 0.93477, + "percentile": 0.93482, "poc_count": 2, "summary": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c..." }, { "cve": "CVE-2025-7795", "epss": 0.096, - "percentile": 0.92596, + "percentile": 0.926, "poc_count": 3, "summary": "A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa..." }, { "cve": "CVE-2025-9090", - "epss": 0.08297, - "percentile": 0.91936, + "epss": 0.0924, + "percentile": 0.92438, "poc_count": 4, "summary": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible..." }, { "cve": "CVE-2025-8085", "epss": 0.07832, - "percentile": 0.91659, + "percentile": 0.91666, "poc_count": 1, "summary": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs." } ], "kev_top": [ - { - "cve": "CVE-2025-9242", - "date_added": "2025-11-12", - "due_date": "2025-12-03", - "epss": 0.7437, - "notes": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242", - "percentile": 0.98786, - "poc_count": 0, - "product": "Firebox", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.", - "summary": "", - "vendor": "WatchGuard" - }, { "cve": "CVE-2025-7775", "date_added": "2025-08-26", "due_date": "2025-08-28", "epss": 0.17354, "notes": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775", - "percentile": 0.94817, + "percentile": 0.9482, "poc_count": 15, "product": "NetScaler", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -107,7 +65,7 @@ "due_date": "2025-09-24", "epss": 0.14589, "notes": "https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-9377", - "percentile": 0.94217, + "percentile": 0.94221, "poc_count": 4, "product": "Multiple Routers", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -121,7 +79,7 @@ "due_date": "2025-08-20", "epss": 0.13881, "notes": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876", - "percentile": 0.94059, + "percentile": 0.94063, "poc_count": 6, "product": "N-Central", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -135,7 +93,7 @@ "due_date": "2025-08-20", "epss": 0.05085, "notes": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875", - "percentile": 0.89424, + "percentile": 0.89429, "poc_count": 7, "product": "N-Central", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -149,7 +107,7 @@ "due_date": "2025-09-02", "epss": 0.03156, "notes": "https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088", - "percentile": 0.8647, + "percentile": 0.86473, "poc_count": 45, "product": "WinRAR", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", @@ -158,970 +116,984 @@ "vendor": "RARLAB" }, { - "cve": "CVE-2002-0367", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-0012", + "date_added": "2024-11-18", + "due_date": "2024-12-09", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2002-0367", + "notes": "https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012", "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.", - "summary": "smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a...", - "vendor": "Microsoft" + "poc_count": 29, + "product": "PAN-OS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.", + "short_description": "Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.", + "summary": "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative...", + "vendor": "Palo Alto Networks" }, { - "cve": "CVE-2004-0210", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-0519", + "date_added": "2024-01-17", + "due_date": "2024-02-07", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2004-0210", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.", - "summary": "The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2004-1464", - "date_added": "2023-05-19", - "due_date": "2023-06-09", - "epss": null, - "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040827-telnet; https://nvd.nist.gov/vuln/detail/CVE-2004-1464", - "percentile": null, - "poc_count": 2, - "product": "IOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.", - "summary": "Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2005-2773", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2005-2773", - "percentile": null, - "poc_count": 1, - "product": "OpenView Network Node Manager", - "required_action": "Apply updates per vendor instructions.", - "short_description": "HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.", - "summary": "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl...", - "vendor": "Hewlett Packard (HP)" - }, - { - "cve": "CVE-2006-1547", - "date_added": "2022-01-21", - "due_date": "2022-07-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2006-1547", - "percentile": null, - "poc_count": 2, - "product": "Struts 1", - "required_action": "Apply updates per vendor instructions.", - "short_description": "ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).", - "summary": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references t...", - "vendor": "Apache" - }, - { - "cve": "CVE-2006-2492", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2006-2492", - "percentile": null, - "poc_count": 3, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.", - "summary": "Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object po...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2007-0671", - "date_added": "2025-08-12", - "due_date": "2025-09-02", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671", + "notes": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html; https://nvd.nist.gov/vuln/detail/CVE-2024-0519", "percentile": null, "poc_count": 5, - "product": "Office", + "product": "Chromium V8", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.", + "summary": "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "vendor": "Google" + }, + { + "cve": "CVE-2024-0769", + "date_added": "2025-06-25", + "due_date": "2025-07-16", + "epss": null, + "notes": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0769", + "percentile": null, + "poc_count": 4, + "product": "DIR-859 Router", "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.", - "summary": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonst...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2007-3010", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2007-3010", - "percentile": null, - "poc_count": 3, - "product": "OmniPCX Enterprise", - "required_action": "Apply updates per vendor instructions.", - "short_description": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.", - "summary": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during...", - "vendor": "Alcatel" - }, - { - "cve": "CVE-2007-5659", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2007-5659", - "percentile": null, - "poc_count": 4, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.", - "summary": "Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-0655", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-0655", - "percentile": null, - "poc_count": 3, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.", - "summary": "Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-2992", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992", - "percentile": null, - "poc_count": 7, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.", - "summary": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string ar...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2008-3431", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2008-3431", - "percentile": null, - "poc_count": 5, - "product": "VirtualBox", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.", - "summary": "The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, whi...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2009-0557", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0557", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.", - "summary": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel V...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-0563", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0563", - "percentile": null, - "poc_count": 2, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.", - "summary": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Mic...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-0927", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927", - "percentile": null, - "poc_count": 4, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.", - "summary": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Colla...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-1123", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1123", - "percentile": null, - "poc_count": 2, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.", - "summary": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to ga...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-1151", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1151", - "percentile": null, - "poc_count": 19, - "product": "phpMyAdmin", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.", - "summary": "Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.", - "vendor": "phpMyAdmin" - }, - { - "cve": "CVE-2009-1862", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-1862", - "percentile": null, - "poc_count": 3, - "product": "Acrobat and Reader, Flash Player", - "required_action": "For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-2055", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-2055", - "percentile": null, - "poc_count": 2, - "product": "IOS XR", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).", - "summary": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.", - "vendor": "Cisco" - }, - { - "cve": "CVE-2009-3129", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3129", - "percentile": null, - "poc_count": 2, - "product": "Excel", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.", - "summary": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatib...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2009-3953", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953", - "percentile": null, - "poc_count": 1, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.", - "summary": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF documen...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-3960", - "date_added": "2022-03-07", - "due_date": "2022-09-07", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-3960", - "percentile": null, - "poc_count": 2, - "product": "BlazeDS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.", - "summary": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, all...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2009-4324", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324", - "percentile": null, - "poc_count": 6, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.", - "summary": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary cod...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-0188", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0188", - "percentile": null, - "poc_count": 3, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.", - "summary": "Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-0232", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0232", - "percentile": null, - "poc_count": 17, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.", - "summary": "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when acces...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-0738", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738", - "percentile": null, - "poc_count": 21, - "product": "JBoss", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.", - "summary": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST me...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-0840", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0840", - "percentile": null, - "poc_count": 8, - "product": "Java Runtime Environment (JRE)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.", - "summary": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and av...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2010-1297", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1297", - "percentile": null, - "poc_count": 5, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to exec...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-1428", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428", - "percentile": null, - "poc_count": 3, - "product": "JBoss", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.", - "summary": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-1871", - "date_added": "2021-12-10", - "due_date": "2022-06-10", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-1871", - "percentile": null, - "poc_count": 17, - "product": "JBoss Seam 2", - "required_action": "Apply updates per vendor instructions.", - "short_description": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.", - "summary": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to...", - "vendor": "Red Hat" - }, - { - "cve": "CVE-2010-2568", - "date_added": "2022-09-15", - "due_date": "2022-10-06", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568", - "percentile": null, - "poc_count": 22, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.", - "summary": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-2572", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2572", - "percentile": null, - "poc_count": 1, - "product": "PowerPoint", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.", - "summary": "Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka \"PowerPoint Parsing Buffer Overflow Vulnerability.\"", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-2861", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2861", - "percentile": null, - "poc_count": 64, - "product": "ColdFusion", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.", - "summary": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settin...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-2883", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2883", - "percentile": null, - "poc_count": 9, - "product": "Acrobat and Reader", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (app...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2010-3035", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3035", - "percentile": null, - "poc_count": 2, - "product": "IOS XR", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).", - "summary": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix annou...", - "vendor": "Cisco" - }, - { - "cve": "CVE-2010-3333", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3333", - "percentile": null, - "poc_count": 33, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.", - "summary": "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attack...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-3765", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765", - "percentile": null, - "poc_count": 4, - "product": "Multiple Products", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.", - "summary": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute ar...", - "vendor": "Mozilla" - }, - { - "cve": "CVE-2010-3904", - "date_added": "2023-05-12", - "due_date": "2023-06-02", - "epss": null, - "notes": "https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904", - "percentile": null, - "poc_count": 125, - "product": "Kernel", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.", - "summary": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which a...", - "vendor": "Linux" - }, - { - "cve": "CVE-2010-3962", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962", - "percentile": null, - "poc_count": 3, - "product": "Internet Explorer", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", - "summary": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-4344", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4344", - "percentile": null, - "poc_count": 9, - "product": "Exim", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.", - "summary": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a lar...", - "vendor": "Exim" - }, - { - "cve": "CVE-2010-4345", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4345", - "percentile": null, - "poc_count": 4, - "product": "Exim", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.", - "summary": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstra...", - "vendor": "Exim" - }, - { - "cve": "CVE-2010-4398", - "date_added": "2022-03-28", - "due_date": "2022-04-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4398", - "percentile": null, - "poc_count": 9, - "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.", - "summary": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Wind...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2010-5326", - "date_added": "2021-11-03", - "due_date": "2022-05-03", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-5326", - "percentile": null, - "poc_count": 1, - "product": "NetWeaver", - "required_action": "Apply updates per vendor instructions.", - "short_description": "SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.", - "summary": "The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as ex...", - "vendor": "SAP" - }, - { - "cve": "CVE-2010-5330", - "date_added": "2022-04-15", - "due_date": "2022-05-06", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-5330", - "percentile": null, - "poc_count": 2, - "product": "AirOS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.", - "summary": "On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4....", - "vendor": "Ubiquiti" - }, - { - "cve": "CVE-2011-0609", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0609", - "percentile": null, - "poc_count": 4, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bund...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-0611", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611", - "percentile": null, - "poc_count": 8, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.", - "summary": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-1823", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823", - "percentile": null, - "poc_count": 3, - "product": "Android OS", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.", - "summary": "The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative...", - "vendor": "Android" - }, - { - "cve": "CVE-2011-1889", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-1889", - "percentile": null, - "poc_count": 1, - "product": "Forefront Threat Management Gateway (TMG)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.", - "summary": "The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka \"TMG Firewa...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-2005", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2005", - "percentile": null, - "poc_count": 18, - "product": "Ancillary Function Driver (afd.sys)", - "required_action": "Apply updates per vendor instructions.", - "short_description": "afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.", - "summary": "afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a craf...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-2462", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462", - "percentile": null, - "poc_count": 7, - "product": "Reader and Acrobat", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or c...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2011-3402", - "date_added": "2025-10-06", - "due_date": "2025-10-27", - "epss": null, - "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402", - "percentile": null, - "poc_count": 3, - "product": "Windows", - "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", - "short_description": "Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.", - "summary": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2011-3544", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-3544", - "percentile": null, - "poc_count": 5, - "product": "Java SE JDK and JRE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", - "summary": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2011-4723", - "date_added": "2022-09-08", - "due_date": "2022-09-29", - "epss": null, - "notes": "https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723", - "percentile": null, - "poc_count": 1, - "product": "DIR-300 Router", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.", - "summary": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.", + "short_description": "D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", + "summary": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP PO...", "vendor": "D-Link" }, { - "cve": "CVE-2012-0151", - "date_added": "2022-06-08", - "due_date": "2022-06-22", + "cve": "CVE-2024-1086", + "date_added": "2024-05-30", + "due_date": "2024-06-20", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0151", + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660; https://nvd.nist.gov/vuln/detail/CVE-2024-1086", + "percentile": null, + "poc_count": 86, + "product": "Kernel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.", + "summary": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within th...", + "vendor": "Linux" + }, + { + "cve": "CVE-2024-11120", + "date_added": "2025-05-07", + "due_date": "2025-05-28", + "epss": null, + "notes": "https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-11120", + "percentile": null, + "poc_count": 3, + "product": "Multiple Devices", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.", + "summary": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this v...", + "vendor": "GeoVision" + }, + { + "cve": "CVE-2024-11182", + "date_added": "2025-05-19", + "due_date": "2025-06-09", + "epss": null, + "notes": "https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182", + "percentile": null, + "poc_count": 4, + "product": "Email Server", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.", + "summary": "An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attackerto load arbitrary JavaScript cod...", + "vendor": "MDaemon" + }, + { + "cve": "CVE-2024-11667", + "date_added": "2024-12-03", + "due_date": "2024-12-24", + "epss": null, + "notes": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667", + "percentile": null, + "poc_count": 3, + "product": "Multiple Firewalls", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.", + "summary": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware vers...", + "vendor": "Zyxel" + }, + { + "cve": "CVE-2024-11680", + "date_added": "2024-12-03", + "due_date": "2024-12-24", + "epss": null, + "notes": "https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11680", + "percentile": null, + "poc_count": 10, + "product": "ProjectSend", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.", + "summary": "ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthori...", + "vendor": "ProjectSend" + }, + { + "cve": "CVE-2024-1212", + "date_added": "2024-11-18", + "due_date": "2024-12-09", + "epss": null, + "notes": "https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1212", + "percentile": null, + "poc_count": 10, + "product": "Kemp LoadMaster", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.", + "summary": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.", + "vendor": "Progress" + }, + { + "cve": "CVE-2024-12356", + "date_added": "2024-12-19", + "due_date": "2024-12-27", + "epss": null, + "notes": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356", + "percentile": null, + "poc_count": 6, + "product": "Privileged Remote Access (PRA) and Remote Support (RS)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.", + "summary": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.", + "vendor": "BeyondTrust" + }, + { + "cve": "CVE-2024-12686", + "date_added": "2025-01-13", + "due_date": "2025-02-03", + "epss": null, + "notes": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12686", + "percentile": null, + "poc_count": 4, + "product": "Privileged Remote Access (PRA) and Remote Support (RS)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.", + "summary": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.", + "vendor": "BeyondTrust" + }, + { + "cve": "CVE-2024-12987", + "date_added": "2025-05-15", + "due_date": "2025-06-05", + "epss": null, + "notes": "https://fw.draytek.com.tw/Vigor2960/Firmware/v1.5.1.5/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor300B/Firmware/v1.5.1.5/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor3900/Firmware/v1.5.1.5/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-12987", + "percentile": null, + "poc_count": 3, + "product": "Vigor Routers", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.", + "summary": "A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Manageme...", + "vendor": "DrayTek" + }, + { + "cve": "CVE-2024-13159", + "date_added": "2025-03-10", + "due_date": "2025-03-31", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13159", + "percentile": null, + "poc_count": 9, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.", + "summary": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-13160", + "date_added": "2025-03-10", + "due_date": "2025-03-31", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13160", + "percentile": null, + "poc_count": 8, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.", + "summary": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-13161", + "date_added": "2025-03-10", + "due_date": "2025-03-31", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13161", + "percentile": null, + "poc_count": 8, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.", + "summary": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-1709", + "date_added": "2024-02-22", + "due_date": "2024-02-29", + "epss": null, + "notes": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8; https://nvd.nist.gov/vuln/detail/CVE-2024-1709", + "percentile": null, + "poc_count": 35, + "product": "ScreenConnect", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.", + "summary": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical s...", + "vendor": "ConnectWise" + }, + { + "cve": "CVE-2024-20353", + "date_added": "2024-04-24", + "due_date": "2024-05-01", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2; https://nvd.nist.gov/vuln/detail/CVE-2024-20353", + "percentile": null, + "poc_count": 5, + "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.", + "summary": "A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20359", + "date_added": "2024-04-24", + "due_date": "2024-05-01", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h; https://nvd.nist.gov/vuln/detail/CVE-2024-20359", + "percentile": null, + "poc_count": 4, + "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.", + "summary": "A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FT...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20399", + "date_added": "2024-07-02", + "due_date": "2024-07-23", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP; https://nvd.nist.gov/vuln/detail/CVE-2024-20399", + "percentile": null, + "poc_count": 2, + "product": "NX-OS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.", + "summary": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected d...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20439", + "date_added": "2025-03-31", + "due_date": "2025-04-21", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw ; https://nvd.nist.gov/vuln/detail/CVE-2024-20439", + "percentile": null, + "poc_count": 7, + "product": "Smart Licensing Utility", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.", + "summary": "A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undoc...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20481", + "date_added": "2024-10-24", + "due_date": "2024-11-14", + "epss": null, + "notes": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481", + "percentile": null, + "poc_count": 1, + "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.", + "summary": "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a...", + "vendor": "Cisco" + }, + { + "cve": "CVE-2024-20767", + "date_added": "2024-12-16", + "due_date": "2025-01-06", + "epss": null, + "notes": "https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767", + "percentile": null, + "poc_count": 30, + "product": "ColdFusion", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.", + "summary": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modi...", + "vendor": "Adobe" + }, + { + "cve": "CVE-2024-20953", + "date_added": "2025-02-24", + "due_date": "2025-03-17", + "epss": null, + "notes": "https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953", + "percentile": null, + "poc_count": 2, + "product": "Agile Product Lifecycle Management (PLM)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.", + "summary": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network a...", + "vendor": "Oracle" + }, + { + "cve": "CVE-2024-21287", + "date_added": "2024-11-21", + "due_date": "2024-12-12", + "epss": null, + "notes": "https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287", + "percentile": null, + "poc_count": 2, + "product": "Agile Product Lifecycle Management (PLM)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.", + "summary": "Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerabilit...", + "vendor": "Oracle" + }, + { + "cve": "CVE-2024-21338", + "date_added": "2024-03-04", + "due_date": "2024-03-25", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338", + "percentile": null, + "poc_count": 28, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.", + "summary": "Windows Kernel Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21351", + "date_added": "2024-02-13", + "due_date": "2024-03-05", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351", "percentile": null, "poc_count": 1, "product": "Windows", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.", - "summary": "The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer...", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.", + "summary": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft" }, { - "cve": "CVE-2012-0158", - "date_added": "2021-11-03", - "due_date": "2022-05-03", + "cve": "CVE-2024-21410", + "date_added": "2024-02-15", + "due_date": "2024-03-07", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0158", + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410", + "percentile": null, + "poc_count": 3, + "product": "Exchange Server", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.", + "summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21412", + "date_added": "2024-02-13", + "due_date": "2024-03-05", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412; https://nvd.nist.gov/vuln/detail/CVE-2024-21412", + "percentile": null, + "poc_count": 7, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.", + "summary": "Internet Shortcut Files Security Feature Bypass Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21413", + "date_added": "2025-02-06", + "due_date": "2025-02-27", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21413", + "percentile": null, + "poc_count": 104, + "product": "Office Outlook", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.", + "summary": "Microsoft Outlook Remote Code Execution Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-21762", + "date_added": "2024-02-09", + "due_date": "2024-02-16", + "epss": null, + "notes": "https://fortiguard.fortinet.com/psirt/FG-IR-24-015 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21762", + "percentile": null, + "poc_count": 60, + "product": "FortiOS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.", + "summary": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7....", + "vendor": "Fortinet" + }, + { + "cve": "CVE-2024-21887", + "date_added": "2024-01-10", + "due_date": "2024-01-22", + "epss": null, + "notes": "Please apply mitigations per vendor instructions. For more information, please see: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-21887", + "percentile": null, + "poc_count": 54, + "product": "Connect Secure and Policy Secure", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.", + "summary": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitr...", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-21893", + "date_added": "2024-01-31", + "due_date": "2024-02-02", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-21893", + "percentile": null, + "poc_count": 17, + "product": "Connect Secure, Policy Secure, and Neurons", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.", + "summary": "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted re...", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-23113", + "date_added": "2024-10-09", + "due_date": "2024-10-30", + "epss": null, + "notes": "https://www.fortiguard.com/psirt/FG-IR-24-029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23113", + "percentile": null, + "poc_count": 28, + "product": "Multiple Products", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.", + "summary": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0...", + "vendor": "Fortinet" + }, + { + "cve": "CVE-2024-23222", + "date_added": "2024-01-23", + "due_date": "2024-02-13", + "epss": null, + "notes": "https://support.apple.com/en-us/HT214055, https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23222", + "percentile": null, + "poc_count": 2, + "product": "Multiple Products", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.", + "summary": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution...", + "vendor": "Apple" + }, + { + "cve": "CVE-2024-23296", + "date_added": "2024-03-06", + "due_date": "2024-03-27", + "epss": null, + "notes": "https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23296", + "percentile": null, + "poc_count": 1, + "product": "Multiple Products", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.", + "summary": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protec...", + "vendor": "Apple" + }, + { + "cve": "CVE-2024-23692", + "date_added": "2024-07-09", + "due_date": "2024-07-30", + "epss": null, + "notes": "The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-23692", + "percentile": null, + "poc_count": 43, + "product": "HTTP File Server", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.", + "summary": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affect...", + "vendor": "Rejetto" + }, + { + "cve": "CVE-2024-23897", + "date_added": "2024-08-19", + "due_date": "2024-09-09", + "epss": null, + "notes": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897", + "percentile": null, + "poc_count": 137, + "product": "Jenkins Command Line Interface (CLI)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.", + "summary": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthen...", + "vendor": "Jenkins" + }, + { + "cve": "CVE-2024-24919", + "date_added": "2024-05-30", + "due_date": "2024-06-20", + "epss": null, + "notes": "https://support.checkpoint.com/results/sk/sk182336 ; https://nvd.nist.gov/vuln/detail/CVE-2024-24919", + "percentile": null, + "poc_count": 116, + "product": "Quantum Security Gateways", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.", + "summary": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mit...", + "vendor": "Check Point" + }, + { + "cve": "CVE-2024-26169", + "date_added": "2024-06-13", + "due_date": "2024-07-04", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "short_description": "Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.", + "summary": "Windows Error Reporting Service Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-27198", + "date_added": "2024-03-07", + "due_date": "2024-03-28", + "epss": null, + "notes": "https://www.jetbrains.com/help/teamcity/teamcity-2023-11-4-release-notes.html; https://nvd.nist.gov/vuln/detail/CVE-2024-27198", + "percentile": null, + "poc_count": 69, + "product": "TeamCity", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.", + "summary": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible", + "vendor": "JetBrains" + }, + { + "cve": "CVE-2024-27348", + "date_added": "2024-09-18", + "due_date": "2024-10-09", + "epss": null, + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-27348", "percentile": null, "poc_count": 29, - "product": "MSCOMCTL.OCX", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.", - "summary": "The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Component...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-0391", - "date_added": "2022-01-21", - "due_date": "2022-07-21", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0391", - "percentile": null, - "poc_count": 6, - "product": "Struts 2", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.", - "summary": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers...", + "product": "HugeGraph-Server", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.", + "summary": "RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11Users are recommended to upgrade to version 1.3.0 with Java11...", "vendor": "Apache" }, { - "cve": "CVE-2012-0507", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-27443", + "date_added": "2025-05-19", + "due_date": "2025-06-09", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0507", - "percentile": null, - "poc_count": 6, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.", - "summary": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidential...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-0518", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0518", - "percentile": null, - "poc_count": 4, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors", - "summary": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a differ...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-0754", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0754", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).", - "summary": "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute ar...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-0767", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-0767", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.", - "summary": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 o...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-1535", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1535", - "percentile": null, - "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.", - "summary": "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application...", - "vendor": "Adobe" - }, - { - "cve": "CVE-2012-1710", - "date_added": "2022-05-25", - "due_date": "2022-06-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1710", + "notes": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443", "percentile": null, "poc_count": 3, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.", - "summary": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel...", - "vendor": "Oracle" + "product": "Zimbra Collaboration Suite (ZCS)", + "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "short_description": "Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.", + "summary": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper inp...", + "vendor": "Synacor" }, { - "cve": "CVE-2012-1723", - "date_added": "2022-03-03", - "due_date": "2022-03-24", + "cve": "CVE-2024-28986", + "date_added": "2024-08-15", + "due_date": "2024-09-05", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1723", - "percentile": null, - "poc_count": 5, - "product": "Java SE", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.", - "summary": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to...", - "vendor": "Oracle" - }, - { - "cve": "CVE-2012-1823", - "date_added": "2022-03-25", - "due_date": "2022-04-15", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1823", - "percentile": null, - "poc_count": 71, - "product": "PHP", - "required_action": "Apply updates per vendor instructions.", - "short_description": "sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.", - "summary": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attack...", - "vendor": "PHP" - }, - { - "cve": "CVE-2012-1856", - "date_added": "2022-03-03", - "due_date": "2022-03-24", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1856", - "percentile": null, - "poc_count": 5, - "product": "Office", - "required_action": "Apply updates per vendor instructions.", - "short_description": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.", - "summary": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL...", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-1889", - "date_added": "2022-06-08", - "due_date": "2022-06-22", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-1889", - "percentile": null, - "poc_count": 9, - "product": "XML Core Services", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.", - "summary": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", - "vendor": "Microsoft" - }, - { - "cve": "CVE-2012-2034", - "date_added": "2022-03-28", - "due_date": "2022-04-18", - "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-2034", + "notes": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986; https://nvd.nist.gov/vuln/detail/CVE-2024-28986", "percentile": null, "poc_count": 1, - "product": "Flash Player", - "required_action": "The impacted product is end-of-life and should be disconnected if still in use.", - "short_description": "Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).", - "summary": "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on...", + "product": "Web Help Desk", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.", + "summary": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported...", + "vendor": "SolarWinds" + }, + { + "cve": "CVE-2024-28987", + "date_added": "2024-10-15", + "due_date": "2024-11-05", + "epss": null, + "notes": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 ; https://nvd.nist.gov/vuln/detail/CVE-2024-28987", + "percentile": null, + "poc_count": 9, + "product": "Web Help Desk", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.", + "summary": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.", + "vendor": "SolarWinds" + }, + { + "cve": "CVE-2024-28995", + "date_added": "2024-07-17", + "due_date": "2024-08-07", + "epss": null, + "notes": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995; https://nvd.nist.gov/vuln/detail/CVE-2024-28995", + "percentile": null, + "poc_count": 36, + "product": "Serv-U", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.", + "summary": "SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.", + "vendor": "SolarWinds" + }, + { + "cve": "CVE-2024-29059", + "date_added": "2025-02-04", + "due_date": "2025-02-25", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29059", + "percentile": null, + "poc_count": 7, + "product": ".NET Framework", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.", + "summary": ".NET Framework Information Disclosure Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-29745", + "date_added": "2024-04-04", + "due_date": "2024-04-25", + "epss": null, + "notes": "https://source.android.com/docs/security/bulletin/pixel/2024-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29745", + "percentile": null, + "poc_count": 2, + "product": "Pixel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.", + "summary": "there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "vendor": "Android" + }, + { + "cve": "CVE-2024-29748", + "date_added": "2024-04-04", + "due_date": "2024-04-25", + "epss": null, + "notes": "https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://nvd.nist.gov/vuln/detail/CVE-2024-29748", + "percentile": null, + "poc_count": 2, + "product": "Pixel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.", + "summary": "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", + "vendor": "Android" + }, + { + "cve": "CVE-2024-29824", + "date_added": "2024-10-02", + "due_date": "2024-10-23", + "epss": null, + "notes": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824", + "percentile": null, + "poc_count": 32, + "product": "Endpoint Manager (EPM)", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.", + "summary": "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.", + "vendor": "Ivanti" + }, + { + "cve": "CVE-2024-29988", + "date_added": "2024-04-30", + "due_date": "2024-05-21", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988; https://nvd.nist.gov/vuln/detail/CVE-2024-29988", + "percentile": null, + "poc_count": 5, + "product": "SmartScreen Prompt", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.", + "summary": "SmartScreen Prompt Security Feature Bypass Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-30040", + "date_added": "2024-05-14", + "due_date": "2024-06-04", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040; https://nvd.nist.gov/vuln/detail/CVE-2024-30040", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.", + "summary": "Windows MSHTML Platform Security Feature Bypass Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-30051", + "date_added": "2024-05-14", + "due_date": "2024-06-04", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051; https://nvd.nist.gov/vuln/detail/CVE-2024-30051", + "percentile": null, + "poc_count": 8, + "product": "DWM Core Library", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.", + "summary": "Windows DWM Core Library Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-30088", + "date_added": "2024-10-15", + "due_date": "2024-11-05", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-30088", + "percentile": null, + "poc_count": 24, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.", + "summary": "Windows Kernel Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-32113", + "date_added": "2024-08-07", + "due_date": "2024-08-28", + "epss": null, + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd; https://nvd.nist.gov/vuln/detail/CVE-2024-32113", + "percentile": null, + "poc_count": 12, + "product": "OFBiz", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.", + "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.Users are recommended to upgrade to version 18.12.13, which...", + "vendor": "Apache" + }, + { + "cve": "CVE-2024-3272", + "date_added": "2024-04-11", + "due_date": "2024-05-02", + "epss": null, + "notes": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3272", + "percentile": null, + "poc_count": 21, + "product": "Multiple NAS Devices", + "required_action": "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", + "short_description": "D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.", + "summary": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of t...", + "vendor": "D-Link" + }, + { + "cve": "CVE-2024-3273", + "date_added": "2024-04-11", + "due_date": "2024-05-02", + "epss": null, + "notes": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3273", + "percentile": null, + "poc_count": 37, + "product": "Multiple NAS Devices", + "required_action": "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", + "short_description": "D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.", + "summary": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_...", + "vendor": "D-Link" + }, + { + "cve": "CVE-2024-32896", + "date_added": "2024-06-13", + "due_date": "2024-07-04", + "epss": null, + "notes": "https://source.android.com/docs/security/bulletin/pixel/2024-06-01; https://nvd.nist.gov/vuln/detail/CVE-2024-32896", + "percentile": null, + "poc_count": 1, + "product": "Pixel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.", + "summary": "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", + "vendor": "Android" + }, + { + "cve": "CVE-2024-3393", + "date_added": "2024-12-30", + "due_date": "2025-01-20", + "epss": null, + "notes": "https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393", + "percentile": null, + "poc_count": 4, + "product": "PAN-OS", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.", + "summary": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the...", + "vendor": "Palo Alto Networks" + }, + { + "cve": "CVE-2024-3400", + "date_added": "2024-04-12", + "due_date": "2024-04-19", + "epss": null, + "notes": "https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400", + "percentile": null, + "poc_count": 108, + "product": "PAN-OS", + "required_action": "Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.", + "short_description": "Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.", + "summary": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable a...", + "vendor": "Palo Alto Networks" + }, + { + "cve": "CVE-2024-34102", + "date_added": "2024-07-17", + "due_date": "2024-08-07", + "epss": null, + "notes": "https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102", + "percentile": null, + "poc_count": 53, + "product": "Commerce and Magento Open Source", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.", + "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An...", "vendor": "Adobe" }, { - "cve": "CVE-2012-2539", - "date_added": "2022-03-28", - "due_date": "2022-04-18", + "cve": "CVE-2024-35250", + "date_added": "2024-12-16", + "due_date": "2025-01-06", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-2539", + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 ; https://nvd.nist.gov/vuln/detail/CVE-2024-35250", "percentile": null, - "poc_count": 1, - "product": "Word", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.", - "summary": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (...", + "poc_count": 22, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.", + "summary": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft" }, { - "cve": "CVE-2012-3152", - "date_added": "2021-11-03", - "due_date": "2022-05-03", + "cve": "CVE-2024-36401", + "date_added": "2024-07-15", + "due_date": "2024-08-05", "epss": null, - "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-3152", + "notes": "This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv, https://github.com/geotools/geotools/pull/4797 ; https://nvd.nist.gov/vuln/detail/CVE-2024-36401", "percentile": null, - "poc_count": 9, - "product": "Fusion Middleware", - "required_action": "Apply updates per vendor instructions.", - "short_description": "Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.", - "summary": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors rela...", - "vendor": "Oracle" + "poc_count": 74, + "product": "GeoServer", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.", + "summary": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauth...", + "vendor": "OSGeo" + }, + { + "cve": "CVE-2024-36971", + "date_added": "2024-08-07", + "due_date": "2024-08-28", + "epss": null, + "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2024-08-01, https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u ; https://nvd.nist.gov/vuln/detail/CVE-2024-36971", + "percentile": null, + "poc_count": 2, + "product": "Kernel", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.", + "summary": "In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible...", + "vendor": "Android" + }, + { + "cve": "CVE-2024-37085", + "date_added": "2024-07-30", + "due_date": "2024-08-20", + "epss": null, + "notes": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505; https://nvd.nist.gov/vuln/detail/CVE-2024-37085", + "percentile": null, + "poc_count": 6, + "product": "ESXi", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.", + "summary": "VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user m...", + "vendor": "VMware" + }, + { + "cve": "CVE-2024-37383", + "date_added": "2024-10-24", + "due_date": "2024-11-14", + "epss": null, + "notes": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383", + "percentile": null, + "poc_count": 2, + "product": "Webmail", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.", + "summary": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.", + "vendor": "Roundcube" + }, + { + "cve": "CVE-2024-38014", + "date_added": "2024-09-10", + "due_date": "2024-10-01", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.", + "summary": "Windows Installer Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38080", + "date_added": "2024-07-09", + "due_date": "2024-07-30", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080; https://nvd.nist.gov/vuln/detail/CVE-2024-38080", + "percentile": null, + "poc_count": 2, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.", + "summary": "Windows Hyper-V Elevation of Privilege Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38094", + "date_added": "2024-10-22", + "due_date": "2024-11-12", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094", + "percentile": null, + "poc_count": 3, + "product": "SharePoint", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.", + "summary": "Microsoft SharePoint Remote Code Execution Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38112", + "date_added": "2024-07-09", + "due_date": "2024-07-30", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112", + "percentile": null, + "poc_count": 6, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.", + "summary": "Windows MSHTML Platform Spoofing Vulnerability", + "vendor": "Microsoft" + }, + { + "cve": "CVE-2024-38178", + "date_added": "2024-08-13", + "due_date": "2024-09-03", + "epss": null, + "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178; https://nvd.nist.gov/vuln/detail/CVE-2024-38178", + "percentile": null, + "poc_count": 1, + "product": "Windows", + "required_action": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "short_description": "Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.", + "summary": "Scripting Engine Memory Corruption Vulnerability", + "vendor": "Microsoft" } ] } \ No newline at end of file diff --git a/docs/assets/site.js b/docs/assets/site.js index 183403c4ba..1097fc82de 100644 --- a/docs/assets/site.js +++ b/docs/assets/site.js @@ -1,161 +1,20 @@ -(function(){ - let datasetPromise = null; - let pocSet = null; - let descSet = null; - - function fetchDataset() { - if (datasetPromise) return datasetPromise; - const candidates = [ - new URL('/CVE_list.json', window.location.origin).href, - new URL('CVE_list.json', window.location.href).href, - new URL('../CVE_list.json', window.location.href).href - ]; - datasetPromise = (async () => { - for (const url of candidates) { - try { - const res = await fetch(url, { cache: 'no-store' }); - if (!res.ok) continue; - const data = await res.json(); - return Array.isArray(data) ? data : []; - } catch (err) { - console.warn('Dataset fetch failed', err); - } - } - return []; - })(); - return datasetPromise; - } - - async function ensureSets() { - if (pocSet && descSet) return { pocSet, descSet }; - const dataset = await fetchDataset(); - pocSet = new Set(); - descSet = new Set(); - dataset.forEach(item => { - const cve = (item.cve || '').toUpperCase(); - const desc = (item.desc || '').trim(); - const hasPoc = Array.isArray(item.poc) && item.poc.length > 0; - if (hasPoc) pocSet.add(cve); - if (desc) descSet.add(cve); - }); - return { pocSet, descSet }; - } - +(function () { function bindColumnFilters() { - const filterInputs = document.querySelectorAll('[data-filter-table]'); - filterInputs.forEach(input => { - const tableId = input.dataset.filterTable; - const table = document.getElementById(tableId); + const filterInputs = document.querySelectorAll("[data-filter-table]"); + filterInputs.forEach((input) => { + const table = document.getElementById(input.dataset.filterTable); if (!table) return; - input.addEventListener('input', () => { + input.addEventListener("input", () => { const term = input.value.trim().toLowerCase(); - for (const row of table.querySelectorAll('tbody tr')) { + for (const row of table.querySelectorAll("tbody tr")) { const text = row.innerText.toLowerCase(); - row.style.display = text.includes(term) ? '' : 'none'; + row.style.display = text.includes(term) ? "" : "none"; } }); }); } - async function filterTablesByData() { - const { pocSet, descSet } = await ensureSets(); - const currentYear = new Date().getUTCFullYear(); - const isRecent = (text) => { - const m = /CVE-(\d{4})-/i.exec(text || ''); - return m ? parseInt(m[1], 10) >= currentYear - 1 : false; - }; - document.querySelectorAll('table[data-require-poc], table[data-require-desc]').forEach(table => { - for (const row of Array.from(table.querySelectorAll('tbody tr'))) { - const link = row.querySelector('a'); - const idText = (link ? link.textContent : row.textContent || '').trim().toUpperCase(); - const needsPoc = table.hasAttribute('data-require-poc'); - const needsDesc = table.hasAttribute('data-require-desc'); - const hasPoc = pocSet.has(idText); - const hasDesc = descSet.has(idText); - if ((needsPoc && !hasPoc) || (needsDesc && !hasDesc) || !isRecent(idText)) { - row.remove(); - } - } - }); - } - - function truncate(text, limit = 160) { - if (!text) return ''; - return text.length > limit ? `${text.slice(0, limit - 1)}…` : text; - } - - function parseRelativeDays(label) { - if (!label) return Infinity; - const lower = label.toLowerCase(); - if (lower.includes('hour') || lower.includes('minute') || lower.includes('just')) return 0; - const match = lower.match(/(\d+)\s*day/); - return match ? parseInt(match[1], 10) : Infinity; - } - - function cveYear(text) { - const m = /cve-(\d{4})-/i.exec(text || ''); - return m ? parseInt(m[1], 10) : null; - } - - function parseTrendingMarkdown(text) { - const rows = []; - const regex = /^\|\s*(\d+)\s*⭐\s*\|\s*([^|]+)\|\s*\[([^\]]+)\]\(([^)]+)\)\s*\|\s*(.*?)\|$/; - text.split('\n').forEach(line => { - const trimmed = line.trim(); - const m = regex.exec(trimmed); - if (!m) return; - const stars = parseInt(m[1], 10); - const updated = m[2].trim(); - const name = m[3].trim(); - const url = m[4].trim(); - const desc = m[5].trim(); - const ageDays = parseRelativeDays(updated); - rows.push({ stars, updated, name, url, desc, ageDays }); - }); - return rows; - } - - async function renderTrending() { - const container = document.querySelector('[data-trending]'); - const tbody = document.getElementById('trending-body'); - if (!container || !tbody) return; - - try { - const res = await fetch('/README.md', { cache: 'no-store' }); - if (!res.ok) throw new Error('failed to load README'); - const text = await res.text(); - const entries = parseTrendingMarkdown(text) - .filter(item => item.ageDays <= 4) - .filter(item => { - const currentYear = new Date().getUTCFullYear(); - const yr = cveYear(item.name); - return yr !== null && yr >= currentYear - 1; - }) - .sort((a, b) => b.stars - a.stars) - .slice(0, 20); - - if (entries.length === 0) { - tbody.innerHTML = 'No recent PoCs with stars yet.'; - return; - } - - tbody.innerHTML = entries.map(item => { - return ` - ${item.stars}⭐ - ${item.updated} - ${item.name} - ${truncate(item.desc)} - `; - }).join(''); - } catch (err) { - console.warn('Trending render failed', err); - tbody.innerHTML = 'Unable to load trending PoCs.'; - } - } - - document.addEventListener('DOMContentLoaded', () => { + document.addEventListener("DOMContentLoaded", () => { bindColumnFilters(); - filterTablesByData(); - renderTrending(); }); })(); diff --git a/docs/diffs/index.html b/docs/diffs/index.html new file mode 100644 index 0000000000..6e3ca12ee9 --- /dev/null +++ b/docs/diffs/index.html @@ -0,0 +1,53 @@ + + + + + + CVE PoC Hub + + + + + +
+
+
CVE PoC Hub
+ +
+
+
+
+
+

New KEV entries

+ Only the recent additions +
+
+ + + + + + + + + + + + + +
CVEVendorProductEPSSPercentileDate AddedDue
CVE-2025-6218RARLABWinRAR0.000 0th2025-12-092025-12-30
+
+
+
+ + + \ No newline at end of file diff --git a/docs/epss/index.html b/docs/epss/index.html index 048d3f8df0..97e3be9827 100644 --- a/docs/epss/index.html +++ b/docs/epss/index.html @@ -4,6 +4,7 @@ CVE PoC Hub + @@ -26,16 +27,9 @@
- +
- - - - - - - @@ -43,20 +37,6 @@ - - - - - - - - - - - - - - @@ -64,13 +44,6 @@ - - - - - - - @@ -87,7 +60,7 @@ - + @@ -111,4 +84,4 @@ - + \ No newline at end of file diff --git a/docs/favicon.ico b/docs/favicon.ico new file mode 100644 index 0000000000..afb994ad33 Binary files /dev/null and b/docs/favicon.ico differ diff --git a/docs/index.html b/docs/index.html index 7bcd270b96..56049de347 100644 --- a/docs/index.html +++ b/docs/index.html @@ -4,6 +4,7 @@ CVE PoC Hub + @@ -21,17 +22,16 @@
-

Signal-first

-

Search PoCs, KEV, and EPSS without the clutter

-

Built for fast triage. One page, no badges, no filler.

+

CVE PoC Hub

+

Search PoCs, KEV, and EPSS quickly—no filler.

-
1478KEV entries tracked
-
10High-EPSS not in KEV
-
18New KEV in last 30 days
+
264KEV entries tracked
+
6High-EPSS not in KEV
+
1New KEV in last 30 days
CVEEPSSPercentilePoCsSummary
CVE-2025-93160.78799th0No public description yet.
CVE-2025-8943 0.6581 The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro...
CVE-2025-84890.43397th0No public description yet.
CVE-2025-84260.39497th0No public description yet.
CVE-2025-8518 0.3391 A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l...
CVE-2025-88680.17195th0No public description yet.
CVE-2025-8730 0.119
CVE-2025-90900.0830.092 92th 4 A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible...
- - - + - - -
StarsUpdatedNameDescription
StarsUpdatedNameDescription
Loading trending PoCs…
-
- - - -
-
-

Latest KEV additions

- Last 30 days -
-
- - - - - - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + - - - - - - - + + + + + + + + + + + + + + + +
CVEVendorProductEPSSPercentileDate AddedDue
CVE-2025-59718FortinetMultiple Products0.000 0th2025-12-162025-12-2312412 hours agoCVE-2025-55182Explanation and full RCE PoC for CVE-2025-55182
CVE-2025-14611GladinetCentreStack and Triofox0.000 0th2025-12-152026-01-057753 hours agoCVE-2025-55182-researchCVE-2025-55182 POC
CVE-2025-43529AppleMultiple Products0.000 0th2025-12-152026-01-054958 days agoCVE-2018-20250exp for https://research.checkpoint.com/extracting-code-execution-from-winrar
CVE-2018-4063Sierra WirelessAirLink ALEOS0.000 0th2025-12-122026-01-0260720 hours agoCVE-2025-33073PoC Exploit for the NTLM reflection SMB flaw.
CVE-2025-14174GoogleChromium0.000 0th2025-12-122026-01-024964 days agoCVE-2025-32463_chwootEscalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463
CVE-2025-58360OSGeoGeoServer0.000 0th2025-12-112026-01-014195 hours agoCVE-2025-32463Local Privilege Escalation to Root via Sudo chroot in Linux
CVE-2025-6218RARLABWinRAR0.000 0th2025-12-092025-12-303051 day agoCVE-2025-53770-ExploitSharePoint WebPart Injection Exploit Tool
CVE-2025-62221MicrosoftWindows0.000 0th2025-12-092025-12-302894 hours agoCVE-2025-55182RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478
CVE-2022-37055D-LinkRouters0.000 0th2025-12-082025-12-299011 hour agoReact2Shell-CVE-2025-55182-original-pocOriginal Proof-of-Concepts for React2Shell CVE-2025-55182
CVE-2025-66644Array NetworksArrayOS AG0.000 0th2025-12-082025-12-293864 days agoCVE-2025-24071_PoCCVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
CVE-2025-55182MetaReact Server Components0.000 0th2025-12-052025-12-122071 day agoCVE-2025-32023PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 "Zerodeo"
CVE-2021-26828OpenPLCScadaBR0.000 0th2025-12-032025-12-243966 days agoColorOS-CVE-2025-10184ColorOS短信漏洞,以及用户自救方案
CVE-2025-48572AndroidFramework0.000 0th2025-12-022025-12-231806 days agoPOC-CVE-2025-24813his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.
CVE-2025-48633AndroidFramework0.000 0th2025-12-022025-12-2325615 minutes agoCVE-2025-55182-advanced-scanner-
CVE-2021-26829OpenPLCScadaBR0.000 0th2025-11-282025-12-193571 hour agoNext.js-RSC-RCE-Scanner-CVE-2025-66478A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.
CVE-2025-61757OracleFusion Middleware0.000 0th2025-11-212025-12-121984 days agoCVE-2025-30208-EXPCVE-2025-30208-EXP
CVE-2025-13223GoogleChromium V80.000 0th2025-11-192025-12-10736 days agocve-2025-8088Path traversal tool based on cve-2025-8088
CVE-2025-58034FortinetFortiWeb0.000 0th2025-11-182025-11-251631 day agoCVE-2025-26125( 0day ) Local Privilege Escalation in IObit Malware Fighter
1538 days agoCVE-2025-21756Exploit for CVE-2025-21756 for Linux kernel 6.6.75. My first linux kernel exploit!
13627 days agoCVE-2025-32433CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
@@ -258,13 +196,6 @@ - - - - - - - @@ -272,20 +203,6 @@ - - - - - - - - - - - - - - @@ -293,13 +210,6 @@ - - - - - - - @@ -316,7 +226,7 @@ - + @@ -332,7 +242,6 @@
CVEEPSSPercentilePoCsSummary
CVE-2025-93160.78799th0No public description yet.
CVE-2025-8943 0.6581 The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro...
CVE-2025-84890.43397th0No public description yet.
CVE-2025-84260.39497th0No public description yet.
CVE-2025-8518 0.3391 A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l...
CVE-2025-88680.17195th0No public description yet.
CVE-2025-8730 0.119
CVE-2025-90900.0830.092 92th 4 A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible...
- - + \ No newline at end of file diff --git a/docs/kev/index.html b/docs/kev/index.html index e9e90569ea..49a4c21e1e 100644 --- a/docs/kev/index.html +++ b/docs/kev/index.html @@ -4,6 +4,7 @@ CVE PoC Hub + @@ -26,20 +27,11 @@
- +
- - - - - - - - - @@ -85,10599 +77,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10984,15 +383,6 @@ - - - - - - - - - @@ -11299,24 +689,6 @@ - - - - - - - - - - - - - - - - - - @@ -11371,15 +743,6 @@ - - - - - - - - - @@ -11425,15 +788,6 @@ - - - - - - - - - @@ -11533,15 +887,6 @@ - - - - - - - - - @@ -11551,15 +896,6 @@ - - - - - - - - - @@ -11713,15 +1049,6 @@ - - - - - - - - - @@ -12136,24 +1463,6 @@ - - - - - - - - - - - - - - - - - - @@ -12163,33 +1472,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -12244,15 +1526,6 @@ - - - - - - - - - @@ -12496,15 +1769,6 @@ - - - - - - - - - @@ -12856,15 +2120,6 @@ - - - - - - - - - @@ -12901,15 +2156,6 @@ - - - - - - - - - @@ -12982,24 +2228,6 @@ - - - - - - - - - - - - - - - - - - @@ -13126,15 +2354,6 @@ - - - - - - - - - @@ -13153,114 +2372,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -13270,33 +2381,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -13324,15 +2408,6 @@ - - - - - - - - -
CVEVendorProductEPSSPercentileDate AddedDue
CVE-2025-9242WatchGuardFirebox0.74499th2025-11-122025-12-03
CVE-2025-7775 Citrix2025-08-12 2025-09-02
CVE-2002-0367MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2004-0210MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2004-1464CiscoIOS0.000 0th2023-05-192023-06-09
CVE-2005-2773Hewlett Packard (HP)OpenView Network Node Manager0.000 0th2022-03-252022-04-15
CVE-2006-1547ApacheStruts 10.000 0th2022-01-212022-07-21
CVE-2006-2492MicrosoftWord0.000 0th2022-06-082022-06-22
CVE-2007-0671MicrosoftOffice0.000 0th2025-08-122025-09-02
CVE-2007-3010AlcatelOmniPCX Enterprise0.000 0th2022-04-152022-05-06
CVE-2007-5659AdobeAcrobat and Reader0.000 0th2022-06-082022-06-22
CVE-2008-0655AdobeAcrobat and Reader0.000 0th2022-06-082022-06-22
CVE-2008-2992AdobeAcrobat and Reader0.000 0th2022-03-032022-03-24
CVE-2008-3431OracleVirtualBox0.000 0th2022-03-032022-03-24
CVE-2009-0557MicrosoftOffice0.000 0th2022-06-082022-06-22
CVE-2009-0563MicrosoftOffice0.000 0th2022-06-082022-06-22
CVE-2009-0927AdobeReader and Acrobat0.000 0th2022-03-252022-04-15
CVE-2009-1123MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2009-1151phpMyAdminphpMyAdmin0.000 0th2022-03-252022-04-15
CVE-2009-1862AdobeAcrobat and Reader, Flash Player0.000 0th2022-06-082022-06-22
CVE-2009-2055CiscoIOS XR0.000 0th2022-03-252022-04-15
CVE-2009-3129MicrosoftExcel0.000 0th2022-03-032022-03-24
CVE-2009-3953AdobeAcrobat and Reader0.000 0th2022-06-082022-06-22
CVE-2009-3960AdobeBlazeDS0.000 0th2022-03-072022-09-07
CVE-2009-4324AdobeAcrobat and Reader0.000 0th2022-06-082022-06-22
CVE-2010-0188AdobeReader and Acrobat0.000 0th2022-03-032022-03-24
CVE-2010-0232MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2010-0738Red HatJBoss0.000 0th2022-05-252022-06-15
CVE-2010-0840OracleJava Runtime Environment (JRE)0.000 0th2022-05-252022-06-15
CVE-2010-1297AdobeFlash Player0.000 0th2022-06-082022-06-22
CVE-2010-1428Red HatJBoss0.000 0th2022-05-252022-06-15
CVE-2010-1871Red HatJBoss Seam 20.000 0th2021-12-102022-06-10
CVE-2010-2568MicrosoftWindows0.000 0th2022-09-152022-10-06
CVE-2010-2572MicrosoftPowerPoint0.000 0th2022-06-082022-06-22
CVE-2010-2861AdobeColdFusion0.000 0th2022-03-252022-04-15
CVE-2010-2883AdobeAcrobat and Reader0.000 0th2022-06-082022-06-22
CVE-2010-3035CiscoIOS XR0.000 0th2022-03-252022-04-15
CVE-2010-3333MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2010-3765MozillaMultiple Products0.000 0th2025-10-062025-10-27
CVE-2010-3904LinuxKernel0.000 0th2023-05-122023-06-02
CVE-2010-3962MicrosoftInternet Explorer0.000 0th2025-10-062025-10-27
CVE-2010-4344EximExim0.000 0th2022-03-252022-04-15
CVE-2010-4345EximExim0.000 0th2022-03-252022-04-15
CVE-2010-4398MicrosoftWindows0.000 0th2022-03-282022-04-21
CVE-2010-5326SAPNetWeaver0.000 0th2021-11-032022-05-03
CVE-2010-5330UbiquitiAirOS0.000 0th2022-04-152022-05-06
CVE-2011-0609AdobeFlash Player0.000 0th2022-06-082022-06-22
CVE-2011-0611AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2011-1823AndroidAndroid OS0.000 0th2022-09-082022-09-29
CVE-2011-1889MicrosoftForefront Threat Management Gateway (TMG)0.000 0th2022-03-032022-03-24
CVE-2011-2005MicrosoftAncillary Function Driver (afd.sys)0.000 0th2022-03-282022-04-18
CVE-2011-2462AdobeReader and Acrobat0.000 0th2022-06-082022-06-22
CVE-2011-3402MicrosoftWindows0.000 0th2025-10-062025-10-27
CVE-2011-3544OracleJava SE JDK and JRE0.000 0th2022-03-032022-03-24
CVE-2011-4723D-LinkDIR-300 Router0.000 0th2022-09-082022-09-29
CVE-2012-0151MicrosoftWindows0.000 0th2022-06-082022-06-22
CVE-2012-0158MicrosoftMSCOMCTL.OCX0.000 0th2021-11-032022-05-03
CVE-2012-0391ApacheStruts 20.000 0th2022-01-212022-07-21
CVE-2012-0507OracleJava SE0.000 0th2022-03-032022-03-24
CVE-2012-0518OracleFusion Middleware0.000 0th2022-03-282022-04-18
CVE-2012-0754AdobeFlash Player0.000 0th2022-06-082022-06-22
CVE-2012-0767AdobeFlash Player0.000 0th2022-06-082022-06-22
CVE-2012-1535AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2012-1710OracleFusion Middleware0.000 0th2022-05-252022-06-15
CVE-2012-1723OracleJava SE0.000 0th2022-03-032022-03-24
CVE-2012-1823PHPPHP0.000 0th2022-03-252022-04-15
CVE-2012-1856MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2012-1889MicrosoftXML Core Services0.000 0th2022-06-082022-06-22
CVE-2012-2034AdobeFlash Player0.000 0th2022-03-282022-04-18
CVE-2012-2539MicrosoftWord0.000 0th2022-03-282022-04-18
CVE-2012-3152OracleFusion Middleware0.000 0th2021-11-032022-05-03
CVE-2012-4681OracleJava SE0.000 0th2022-03-032022-03-24
CVE-2012-4792MicrosoftInternet Explorer0.000 0th2024-07-232024-08-13
CVE-2012-4969MicrosoftInternet Explorer0.000 0th2022-06-082022-06-22
CVE-2012-5054AdobeFlash Player0.000 0th2022-06-082022-06-22
CVE-2012-5076OracleJava SE0.000 0th2022-03-282022-04-18
CVE-2013-0074MicrosoftSilverlight0.000 0th2022-05-252022-06-15
CVE-2013-0422OracleJava Runtime Environment (JRE)0.000 0th2022-05-252022-06-15
CVE-2013-0431OracleJava Runtime Environment (JRE)0.000 0th2022-05-252022-06-15
CVE-2013-0625AdobeColdFusion0.000 0th2022-03-072022-09-07
CVE-2013-0629AdobeColdFusion0.000 0th2022-03-072022-09-07
CVE-2013-0631AdobeColdFusion0.000 0th2022-03-072022-09-07
CVE-2013-0632AdobeColdFusion0.000 0th2022-03-032022-03-24
CVE-2013-0640AdobeReader and Acrobat0.000 0th2022-03-032022-03-24
CVE-2013-0641AdobeReader0.000 0th2022-03-032022-03-24
CVE-2013-0643AdobeFlash Player0.000 0th2024-09-172024-10-08
CVE-2013-0648AdobeFlash Player0.000 0th2024-09-172024-10-08
CVE-2013-1331MicrosoftOffice0.000 0th2022-06-082022-06-22
CVE-2013-1347MicrosoftInternet Explorer0.000 0th2022-03-032022-03-24
CVE-2013-1675MozillaFirefox0.000 0th2022-03-032022-03-24
CVE-2013-1690MozillaFirefox and Thunderbird0.000 0th2022-03-282022-04-18
CVE-2013-2094LinuxKernel0.000 0th2022-09-152022-10-06
CVE-2013-2251ApacheStruts0.000 0th2022-03-252022-04-15
CVE-2013-2423OracleJava Runtime Environment (JRE)0.000 0th2022-05-252022-06-15
CVE-2013-2465OracleJava SE0.000 0th2022-03-282022-04-18
CVE-2013-2551MicrosoftInternet Explorer0.000 0th2022-03-282022-04-18
CVE-2013-2596LinuxKernel0.000 0th2022-09-152022-10-06
CVE-2013-2597Code AuroraACDB Audio Driver0.000 0th2022-09-152022-10-06
CVE-2013-2729AdobeReader and Acrobat0.000 0th2022-03-282022-04-18
CVE-2013-3163MicrosoftInternet Explorer0.000 0th2023-03-302023-04-20
CVE-2013-3346AdobeReader and Acrobat0.000 0th2022-03-032022-03-24
CVE-2013-3660MicrosoftWin32k0.000 0th2022-03-282022-04-18
CVE-2013-3893MicrosoftInternet Explorer0.000 0th2025-08-122025-09-02
CVE-2013-3896MicrosoftSilverlight0.000 0th2022-05-252022-06-15
CVE-2013-3897MicrosoftInternet Explorer0.000 0th2022-03-032022-03-24
CVE-2013-3900MicrosoftWinVerifyTrust function0.000 0th2022-01-102022-07-10
CVE-2013-3906MicrosoftGraphics Component0.000 0th2022-02-152022-08-15
CVE-2013-3918MicrosoftWindows0.000 0th2025-10-062025-10-27
CVE-2013-3993IBMInfoSphere BigInsights0.000 0th2022-05-252022-06-15
CVE-2013-4810Hewlett Packard (HP)ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management0.000 0th2022-03-252022-04-15
CVE-2013-5065MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2013-5223D-LinkDSL-2760U0.000 0th2022-03-252022-04-15
CVE-2013-6282LinuxKernel0.000 0th2022-09-152022-10-06
CVE-2013-7331MicrosoftInternet Explorer0.000 0th2022-05-252022-06-15
CVE-2014-0130RailsRuby on Rails0.000 0th2022-03-252022-04-15
CVE-2014-0160OpenSSLOpenSSL0.000 0th2022-05-042022-05-25
CVE-2014-0196LinuxKernel0.000 0th2023-05-122023-06-02
CVE-2014-0322MicrosoftInternet Explorer0.000 0th2022-05-042022-05-25
CVE-2014-0496AdobeReader and Acrobat0.000 0th2022-03-032022-03-24
CVE-2014-0497AdobeFlash Player0.000 0th2024-09-172024-10-08
CVE-2014-0502AdobeFlash Player0.000 0th2024-09-172024-10-08
CVE-2014-0546AdobeReader and Acrobat0.000 0th2022-05-252022-06-15
CVE-2014-0780InduSoftWeb Studio0.000 0th2022-04-152022-05-06
CVE-2014-100005D-LinkDIR-600 Router0.000 0th2024-05-162024-06-06
CVE-2014-1761MicrosoftWord0.000 0th2022-02-152022-08-15
CVE-2014-1776MicrosoftInternet Explorer0.000 0th2022-01-282022-07-28
CVE-2014-1812MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2014-2120CiscoAdaptive Security Appliance (ASA)0.000 0th2024-11-122024-12-03
CVE-2014-2817MicrosoftInternet Explorer0.000 0th2022-05-252022-06-15
CVE-2014-3120ElasticElasticsearch0.000 0th2022-03-252022-04-15
CVE-2014-3153LinuxKernel0.000 0th2022-05-252022-06-15
CVE-2014-3931Looking GlassMulti-Router Looking Glass (MRLG)0.000 0th2025-07-072025-07-28
CVE-2014-4077MicrosoftInput Method Editor (IME) Japanese0.000 0th2022-05-252022-06-15
CVE-2014-4113MicrosoftWin32k0.000 0th2022-05-042022-05-25
CVE-2014-4114MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2014-4123MicrosoftInternet Explorer0.000 0th2022-05-252022-06-15
CVE-2014-4148MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2014-4404AppleOS X0.000 0th2022-02-102022-08-10
CVE-2014-6271GNUBourne-Again Shell (Bash)0.000 0th2022-01-282022-07-28
CVE-2014-6278GNUGNU Bash0.000 0th2025-10-022025-10-23
CVE-2014-6287RejettoHTTP File Server (HFS)0.000 0th2022-03-252022-04-15
CVE-2014-6324MicrosoftKerberos Key Distribution Center (KDC)0.000 0th2022-03-252022-04-15
CVE-2014-6332MicrosoftWindows0.000 0th2022-03-252022-04-15
CVE-2014-6352MicrosoftWindows0.000 0th2022-02-252022-08-25
CVE-2014-7169GNUBourne-Again Shell (Bash)0.000 0th2022-01-282022-07-28
CVE-2014-8361RealtekSDK0.000 0th2023-09-182023-10-09
CVE-2014-8439AdobeFlash Player0.000 0th2022-05-252022-06-15
CVE-2014-9163AdobeFlash Player0.000 0th2022-04-132022-05-04
CVE-2015-0016MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2015-0071MicrosoftInternet Explorer0.000 0th2022-05-252022-06-15
CVE-2015-0310AdobeFlash Player0.000 0th2022-05-252022-06-15
CVE-2015-0311AdobeFlash Player0.000 0th2022-04-132022-05-04
CVE-2015-0313AdobeFlash Player0.000 0th2022-04-132022-05-04
CVE-2015-0666CiscoPrime Data Center Network Manager (DCNM)0.000 0th2022-03-252022-04-15
CVE-2015-1130AppleOS X0.000 0th2022-02-102022-08-10
CVE-2015-1187D-Link and TRENDnetMultiple Devices0.000 0th2022-03-252022-04-15
CVE-2015-1427ElasticElasticsearch0.000 0th2022-03-252022-04-15
CVE-2015-1635MicrosoftHTTP.sys0.000 0th2022-02-102022-08-10
CVE-2015-1641MicrosoftOffice0.000 0th2021-11-032022-05-03
CVE-2015-1642MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2015-1671MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2015-1701MicrosoftWin32k0.000 0th2022-03-032022-03-24
CVE-2015-1769MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2015-1770MicrosoftOffice0.000 0th2022-03-282022-04-18
CVE-2015-2051D-LinkDIR-645 Router0.000 0th2022-02-102022-08-10
CVE-2015-2291IntelEthernet Diagnostics Driver for Windows0.000 0th2023-02-102023-03-03
CVE-2015-2360MicrosoftWin32k0.000 0th2022-05-252022-06-15
CVE-2015-2387MicrosoftATM Font Driver0.000 0th2022-03-032022-03-24
CVE-2015-2419MicrosoftInternet Explorer0.000 0th2022-03-282022-04-18
CVE-2015-2424MicrosoftPowerPoint0.000 0th2022-03-032022-03-24
CVE-2015-2425MicrosoftInternet Explorer0.000 0th2022-05-252022-06-15
CVE-2015-2426MicrosoftWindows0.000 0th2022-03-282022-04-18
CVE-2015-2502MicrosoftInternet Explorer0.000 0th2022-04-132022-05-04
CVE-2015-2545MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2015-2546MicrosoftWin32k0.000 0th2022-03-152022-04-05
CVE-2015-2590OracleJava SE0.000 0th2022-03-032022-03-24
CVE-2015-3035TP-LinkMultiple Archer Devices0.000 0th2022-03-252022-04-15
CVE-2015-3043AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2015-3113AdobeFlash Player0.000 0th2022-04-132022-05-04
CVE-2015-4068ArcserveUnified Data Protection (UDP)0.000 0th2022-03-252022-04-15
CVE-2015-4495MozillaFirefox0.000 0th2022-05-252022-06-15
CVE-2015-4852OracleWebLogic Server0.000 0th2021-11-032022-05-03
CVE-2015-4902OracleJava SE0.000 0th2022-03-032022-03-24
CVE-2015-5119AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2015-5122AdobeFlash Player0.000 0th2022-04-132022-05-04
CVE-2015-5123AdobeFlash Player0.000 0th2022-04-132022-05-04
CVE-2015-5317JenkinsJenkins User Interface (UI)0.000 0th2023-05-122023-06-02
CVE-2015-6175MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2015-7450IBMWebSphere Application Server and Server Hypervisor Edition0.000 0th2022-01-102022-07-10
CVE-2015-7645AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2015-7755JuniperScreenOS0.000 0th2025-10-022025-10-23
CVE-2015-8651AdobeFlash Player0.000 0th2022-05-252022-06-15
CVE-2016-0034MicrosoftSilverlight0.000 0th2022-05-252022-06-15
CVE-2016-0040MicrosoftWindows0.000 0th2022-03-282022-04-18
CVE-2016-0099MicrosoftWindows0.000 0th2022-03-032022-03-24
CVE-2016-0151MicrosoftClient-Server Run-time Subsystem (CSRSS)0.000 0th2022-03-282022-04-18
CVE-2016-0162MicrosoftInternet Explorer0.000 0th2022-05-242022-06-14
CVE-2016-0165MicrosoftWin32k0.000 0th2023-06-222023-07-13
CVE-2016-0167MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2016-0185MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2016-0189MicrosoftInternet Explorer0.000 0th2022-03-282022-04-18
CVE-2016-0752RailsRuby on Rails0.000 0th2022-03-252022-04-15
CVE-2016-0984AdobeFlash Player and AIR0.000 0th2022-05-252022-06-15
CVE-2016-10033PHPPHPMailer0.000 0th2025-07-072025-07-28
CVE-2016-1010AdobeFlash Player and AIR0.000 0th2022-05-252022-06-15
CVE-2016-10174NETGEARWNR2000v5 Router0.000 0th2022-03-252022-04-15
CVE-2016-1019AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2016-11021D-LinkDCS-930L Devices0.000 0th2022-03-252022-04-15
CVE-2016-1555NETGEARWireless Access Point (WAP) Devices0.000 0th2022-03-252022-04-15
CVE-2016-1646GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2016-20017D-LinkDSL-2750B Devices0.000 0th2024-01-082024-01-29
CVE-2016-2386SAPNetWeaver0.000 0th2022-06-092022-06-30
CVE-2016-2388SAPNetWeaver0.000 0th2022-06-092022-06-30
CVE-2016-3088ApacheActiveMQ0.000 0th2022-02-102022-08-10
CVE-2016-3235MicrosoftOffice0.000 0th2021-11-032022-05-03
CVE-2016-3298MicrosoftInternet Explorer0.000 0th2022-05-242022-06-14
CVE-2016-3309MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2016-3351MicrosoftInternet Explorer and Edge0.000 0th2022-05-242022-06-14
CVE-2016-3393MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2016-3427OracleJava SE and JRockit0.000 0th2023-05-122023-06-02
CVE-2016-3643SolarWindsVirtualization Manager0.000 0th2021-11-032022-05-03
CVE-2016-3714ImageMagickImageMagick0.000 0th2024-09-092024-09-30
CVE-2016-3715ImageMagickImageMagick0.000 0th2021-11-032022-05-03
CVE-2016-3718ImageMagickImageMagick0.000 0th2021-11-032022-05-03
CVE-2016-3976SAPNetWeaver0.000 0th2021-11-032022-05-03
CVE-2016-4117AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2016-4171AdobeFlash Player0.000 0th2022-03-252022-04-15
CVE-2016-4437ApacheShiro0.000 0th2021-11-032022-05-03
CVE-2016-4523TrihedralVTScada (formerly VTS)0.000 0th2022-04-152022-05-06
CVE-2016-4655AppleiOS0.000 0th2022-05-242022-06-14
CVE-2016-4656AppleiOS0.000 0th2022-05-242022-06-14
CVE-2016-4657AppleiOS0.000 0th2022-05-242022-06-14
CVE-2016-5195LinuxKernel0.000 0th2022-03-032022-03-24
CVE-2016-5198GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2016-6277NETGEARMultiple Routers0.000 0th2022-03-072022-09-07
CVE-2016-6366CiscoAdaptive Security Appliance (ASA)0.000 0th2022-05-242022-06-14
CVE-2016-6367CiscoAdaptive Security Appliance (ASA)0.000 0th2022-05-242022-06-14
CVE-2016-6415CiscoIOS, IOS XR, and IOS XE0.000 0th2023-05-192023-06-09
CVE-2016-7193MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2016-7200MicrosoftEdge0.000 0th2022-03-282022-04-18
CVE-2016-7201MicrosoftEdge0.000 0th2022-03-282022-04-18
CVE-2016-7255MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2016-7256MicrosoftWindows0.000 0th2022-05-252022-06-15
CVE-2016-7262MicrosoftExcel0.000 0th2022-03-032022-03-24
CVE-2016-7836SKYSEAClient View0.000 0th2025-10-142025-11-04
CVE-2016-7855AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2016-7892AdobeFlash Player0.000 0th2022-03-252022-04-15
CVE-2016-8562SiemensSIMATIC CP0.000 0th2022-03-032022-03-24
CVE-2016-8735ApacheTomcat0.000 0th2023-05-122023-06-02
CVE-2016-9079MozillaFirefox, Firefox ESR, and Thunderbird0.000 0th2023-06-222023-07-13
CVE-2016-9563SAPNetWeaver0.000 0th2021-11-032022-05-03
CVE-2017-0001MicrosoftGraphics Device Interface (GDI)0.000 0th2022-03-032022-03-24
CVE-2017-0005MicrosoftWindows0.000 0th2022-05-242022-06-14
CVE-2017-0022MicrosoftXML Core Services0.000 0th2022-05-242022-06-14
CVE-2017-0037MicrosoftEdge and Internet Explorer0.000 0th2022-03-282022-04-18
CVE-2017-0059MicrosoftInternet Explorer0.000 0th2022-03-282022-04-18
CVE-2017-0101MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2017-0143MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2017-0144MicrosoftSMBv10.000 0th2022-02-102022-08-10
CVE-2017-0145MicrosoftSMBv10.000 0th2022-02-102022-08-10
CVE-2017-0146MicrosoftWindows0.000 0th2022-03-252022-04-15
CVE-2017-0147MicrosoftSMBv1 server0.000 0th2022-05-242022-06-14
CVE-2017-0148MicrosoftSMBv1 server0.000 0th2022-04-062022-04-27
CVE-2017-0149MicrosoftInternet Explorer0.000 0th2022-05-242022-06-14
CVE-2017-0199MicrosoftOffice and WordPad0.000 0th2021-11-032022-05-03
CVE-2017-0210MicrosoftInternet Explorer0.000 0th2022-05-242022-06-14
CVE-2017-0213MicrosoftWindows0.000 0th2022-03-282022-04-18
CVE-2017-0222MicrosoftInternet Explorer0.000 0th2022-02-252022-08-25
CVE-2017-0261MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2017-0262MicrosoftOffice0.000 0th2022-02-102022-08-10
CVE-2017-0263MicrosoftWin32k0.000 0th2022-02-102022-08-10
CVE-2017-1000253LinuxKernel0.000 0th2024-09-092024-09-30
CVE-2017-1000353JenkinsJenkins0.000 0th2025-10-022025-10-23
CVE-2017-1000486PrimetekPrimefaces Application0.000 0th2022-01-102022-07-10
CVE-2017-10271OracleWebLogic Server0.000 0th2022-02-102022-08-10
CVE-2017-11292AdobeFlash Player0.000 0th2022-03-032022-03-24
CVE-2017-11317TelerikUser Interface (UI) for ASP.NET AJAX0.000 0th2022-04-112022-05-02
CVE-2017-11357TelerikUser Interface (UI) for ASP.NET AJAX0.000 0th2023-01-262023-02-16
CVE-2017-11774MicrosoftOffice0.000 0th2021-11-032022-05-03
CVE-2017-11826MicrosoftOffice0.000 0th2022-03-032022-03-24
CVE-2017-11882MicrosoftOffice0.000 0th2021-11-032022-05-03
CVE-2017-12149Red HatJBoss Application Server0.000 0th2021-12-102022-06-10
CVE-2017-12231CiscoIOS software0.000 0th2022-03-032022-03-24
CVE-2017-12232CiscoIOS software0.000 0th2022-03-032022-03-24
CVE-2017-12233CiscoIOS software0.000 0th2022-03-032022-03-24
CVE-2017-12234CiscoIOS software0.000 0th2022-03-032022-03-24
CVE-2017-12235CiscoIOS software0.000 0th2022-03-032022-03-24
CVE-2017-12237CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-12238CiscoCatalyst 6800 Series Switches0.000 0th2022-03-032022-03-24
CVE-2017-12240CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-12319CiscoIOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-12615ApacheTomcat0.000 0th2022-03-252022-04-15
CVE-2017-12617ApacheTomcat0.000 0th2022-03-252022-04-15
CVE-2017-12637SAPNetWeaver0.000 0th2025-03-192025-04-09
CVE-2017-15944Palo Alto NetworksPAN-OS0.000 0th2022-08-182022-09-08
CVE-2017-16651RoundcubeRoundcube Webmail0.000 0th2021-11-032022-05-03
CVE-2017-17562EmbedthisGoAhead0.000 0th2021-12-102022-06-10
CVE-2017-18362KaseyaVirtual System/Server Administrator (VSA)0.000 0th2022-05-242022-06-14
CVE-2017-18368ZyxelP660HN-T1A Routers0.000 0th2023-08-072023-08-28
CVE-2017-3066AdobeColdFusion0.000 0th2025-02-242025-03-17
CVE-2017-3506OracleWebLogic Server0.000 0th2024-06-032024-06-24
CVE-2017-3881CiscoIOS and IOS XE0.000 0th2022-03-252022-04-15
CVE-2017-5030GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2017-5070GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2017-5521NETGEARMultiple Devices0.000 0th2022-09-082022-09-29
CVE-2017-5638ApacheStruts0.000 0th2021-11-032022-05-03
CVE-2017-5689IntelActive Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability0.000 0th2022-01-282022-07-28
CVE-2017-6077NETGEARWireless Router DGN22000.000 0th2022-03-072022-09-07
CVE-2017-6316CitrixNetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server0.000 0th2022-03-252022-04-15
CVE-2017-6327SymantecSymantec Messaging Gateway0.000 0th2021-11-032022-05-03
CVE-2017-6334NETGEARDGN2200 Devices0.000 0th2022-03-252022-04-15
CVE-2017-6627CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6663CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6736CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6737CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6738CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6739CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6740CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6742CiscoIOS and IOS XE Software0.000 0th2023-04-192023-05-10
CVE-2017-6743CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-24
CVE-2017-6744CiscoIOS software0.000 0th2022-03-032022-03-24
CVE-2017-6862NETGEARMultiple Devices0.000 0th2022-06-082022-06-22
CVE-2017-6884ZyxelEMG2926 Routers0.000 0th2023-09-182023-10-09
CVE-2017-7269MicrosoftInternet Information Services (IIS)0.000 0th2021-11-032022-05-03
CVE-2017-7494SambaSamba0.000 0th2023-03-302023-04-20
CVE-2017-8291ArtifexGhostscript0.000 0th2022-05-242022-06-14
CVE-2017-8464MicrosoftWindows0.000 0th2022-02-102022-08-10
CVE-2017-8540MicrosoftMalware Protection Engine0.000 0th2022-03-032022-03-24
CVE-2017-8543MicrosoftWindows0.000 0th2022-05-242022-06-14
CVE-2017-8570MicrosoftOffice0.000 0th2022-02-252022-08-25
CVE-2017-8759Microsoft.NET Framework0.000 0th2021-11-032022-05-03
CVE-2017-9248ProgressASP.NET AJAX and Sitefinity0.000 0th2021-11-032022-05-03
CVE-2017-9791ApacheStruts 10.000 0th2022-02-102022-08-10
CVE-2017-9805ApacheStruts0.000 0th2021-11-032022-05-03
CVE-2017-9822DotNetNuke (DNN)DotNetNuke (DNN)0.000 0th2021-11-032022-05-03
CVE-2017-9841PHPUnitPHPUnit0.000 0th2022-02-152022-08-15
CVE-2018-0125CiscoVPN Routers0.000 0th2022-03-252022-04-15
CVE-2018-0147CiscoSecure Access Control System (ACS)0.000 0th2022-03-252022-04-15
CVE-2018-0151CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0154CiscoIOS Software0.000 0th2022-03-032022-03-17
CVE-2018-0155CiscoCatalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches0.000 0th2022-03-032022-03-17
CVE-2018-0156CiscoIOS Software and Cisco IOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0158CiscoIOS Software and Cisco IOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0159CiscoIOS Software and Cisco IOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0161CiscoIOS Software0.000 0th2022-03-032022-03-17
CVE-2018-0167CiscoIOS, XR, and XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0171CiscoIOS and IOS XE0.000 0th2021-11-032022-05-03
CVE-2018-0172CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0173CiscoIOS and IOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0174CiscoIOS XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0175CiscoIOS, XR, and XE Software0.000 0th2022-03-032022-03-17
CVE-2018-0179CiscoIOS Software0.000 0th2022-03-032022-03-17
CVE-2018-0180CiscoIOS Software0.000 0th2022-03-032022-03-17
CVE-2018-0296CiscoAdaptive Security Appliance (ASA)0.000 0th2021-11-032022-05-03
CVE-2018-0798MicrosoftOffice0.000 0th2021-11-032022-05-03
CVE-2018-0802MicrosoftOffice0.000 0th2021-11-032022-05-03
CVE-2018-0824MicrosoftWindows0.000 0th2024-08-052024-08-26
CVE-2018-1000861JenkinsJenkins Stapler Web Framework0.000 0th2022-02-102022-08-10
CVE-2018-10561DasanGigabit Passive Optical Network (GPON) Routers0.000 0th2022-03-312022-04-21
CVE-2018-10562DasanGigabit Passive Optical Network (GPON) Routers0.000 0th2022-03-312022-04-21
CVE-2018-11138QuestKACE System Management Appliance0.000 0th2022-03-252022-04-15
CVE-2018-11776ApacheStruts0.000 0th2021-11-032022-05-03
CVE-2018-1273VMware TanzuSpring Data Commons0.000 0th2022-03-252022-04-15
CVE-2018-13374FortinetFortiOS and FortiADC0.000 0th2022-09-082022-09-29
CVE-2018-13379FortinetFortiOS0.000 0th2021-11-032022-05-03
CVE-2018-13382FortinetFortiOS and FortiProxy0.000 0th2022-01-102022-07-10
CVE-2018-13383FortinetFortiOS and FortiProxy0.000 0th2022-01-102022-07-10
CVE-2018-14558TendaAC7, AC9, and AC10 Routers0.000 0th2021-11-032022-05-03
CVE-2018-14667Red HatJBoss RichFaces Framework0.000 0th2023-09-282023-10-19
CVE-2018-14839LGN1A1 NAS0.000 0th2022-03-252022-04-15
CVE-2018-14847MikroTikRouterOS0.000 0th2021-12-012022-06-01
CVE-2018-14933NUUONVRmini Devices0.000 0th2024-12-182025-01-08
CVE-2018-15133LaravelLaravel Framework0.000 0th2024-01-162024-02-06
CVE-2018-15811DotNetNuke (DNN)DotNetNuke (DNN)0.000 0th2021-11-032022-05-03
CVE-2018-15961AdobeColdFusion0.000 0th2021-11-032022-05-03
CVE-2018-15982AdobeFlash Player0.000 0th2022-02-152022-08-15
CVE-2018-17463GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2018-17480GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2018-18325DotNetNuke (DNN)DotNetNuke (DNN)0.000 0th2021-11-032022-05-03
CVE-2018-18809TIBCOJasperReports0.000 0th2022-12-292023-01-19
CVE-2018-19320GIGABYTEMultiple Products0.000 0th2022-10-242022-11-14
CVE-2018-19321GIGABYTEMultiple Products0.000 0th2022-10-242022-11-14
CVE-2018-19322GIGABYTEMultiple Products0.000 0th2022-10-242022-11-14
CVE-2018-19323GIGABYTEMultiple Products0.000 0th2022-10-242022-11-14
CVE-2018-19410PaesslerPRTG Network Monitor0.000 0th2025-02-042025-02-25
CVE-2018-19943QNAPNetwork Attached Storage (NAS)0.000 0th2022-05-242022-06-14
CVE-2018-19949QNAPNetwork Attached Storage (NAS)0.000 0th2022-05-242022-06-14
CVE-2018-19953QNAPNetwork Attached Storage (NAS)0.000 0th2022-05-242022-06-14
CVE-2018-20062ThinkPHPnoneCms0.000 0th2021-11-032022-05-03
CVE-2018-20250RARLABWinRAR0.000 0th2022-02-152022-08-15
CVE-2018-20753KaseyaVirtual System/Server Administrator (VSA)0.000 0th2022-04-132022-05-04
CVE-2018-2380SAPCustomer Relationship Management (CRM)0.000 0th2021-11-032022-05-03
CVE-2018-2628OracleWebLogic Server0.000 0th2022-09-082022-09-29
CVE-2018-4063Sierra WirelessAirLink ALEOS0.000 0th2025-12-122026-01-02
CVE-2018-4344AppleMultiple Products0.000 0th2022-06-272022-07-18
CVE-2018-4878AdobeFlash Player0.000 0th2021-11-032022-05-03
CVE-2018-4939AdobeColdFusion0.000 0th2021-11-032022-05-03
CVE-2018-4990AdobeAcrobat and Reader0.000 0th2022-06-082022-06-22
CVE-2018-5002AdobeFlash Player0.000 0th2022-05-232022-06-13
CVE-2018-5430TIBCOJasperReports0.000 0th2022-12-292023-01-19
CVE-2018-6065GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2018-6530D-LinkMultiple Routers0.000 0th2022-09-082022-09-29
CVE-2018-6789EximExim0.000 0th2021-11-032022-05-03
CVE-2018-6882SynacorZimbra Collaboration Suite (ZCS)0.000 0th2022-04-192022-05-10
CVE-2018-6961VMwareSD-WAN Edge0.000 0th2022-03-252022-04-15
CVE-2018-7445MikroTikRouterOS0.000 0th2022-09-082022-09-29
CVE-2018-7600DrupalDrupal Core0.000 0th2021-11-032022-05-03
CVE-2018-7602DrupalCore0.000 0th2022-04-132022-05-04
CVE-2018-7841Schneider ElectricU.motion Builder0.000 0th2022-04-152022-05-06
CVE-2018-8120MicrosoftWin32k0.000 0th2022-03-152022-04-05
CVE-2018-8174MicrosoftWindows0.000 0th2022-02-152022-08-15
CVE-2018-8298ChakraCoreChakraCore scripting engine0.000 0th2022-03-032022-03-17
CVE-2018-8373MicrosoftInternet Explorer Scripting Engine0.000 0th2022-03-252022-04-15
CVE-2018-8405MicrosoftDirectX Graphics Kernel (DXGKRNL)0.000 0th2022-03-282022-04-18
CVE-2018-8406MicrosoftDirectX Graphics Kernel (DXGKRNL)0.000 0th2022-03-282022-04-18
CVE-2018-8414MicrosoftWindows0.000 0th2022-03-252022-04-15
CVE-2018-8440MicrosoftWindows0.000 0th2022-03-282022-04-18
CVE-2018-8453MicrosoftWin32k0.000 0th2022-01-212022-07-21
CVE-2018-8581MicrosoftExchange Server0.000 0th2022-03-032022-03-17
CVE-2018-8589MicrosoftWin32k0.000 0th2022-05-232022-06-13
CVE-2018-8611MicrosoftWindows0.000 0th2022-05-242022-06-14
CVE-2018-8639MicrosoftWindows0.000 0th2025-03-032025-03-24
CVE-2018-8653MicrosoftInternet Explorer0.000 0th2021-11-032022-05-03
CVE-2018-9276PaesslerPRTG Network Monitor0.000 0th2025-02-042025-02-25
CVE-2019-0193ApacheSolr0.000 0th2021-12-102022-06-10
CVE-2019-0211ApacheHTTP Server0.000 0th2021-11-032022-05-03
CVE-2019-0344SAPCommerce Cloud0.000 0th2024-09-302024-10-21
CVE-2019-0541MicrosoftMSHTML0.000 0th2021-11-032022-05-03
CVE-2019-0543MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-0604MicrosoftSharePoint0.000 0th2021-11-032022-05-03
CVE-2019-0676MicrosoftInternet Explorer0.000 0th2022-05-232022-06-13
CVE-2019-0703MicrosoftWindows0.000 0th2022-05-232022-06-13
CVE-2019-0708MicrosoftRemote Desktop Services0.000 0th2021-11-032022-05-03
CVE-2019-0752MicrosoftInternet Explorer0.000 0th2022-02-152022-08-15
CVE-2019-0797MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2019-0803MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2019-0808MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2019-0841MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-0859MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2019-0863MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2019-0880MicrosoftWindows0.000 0th2022-05-232022-06-13
CVE-2019-0903MicrosoftGraphics Device Interface (GDI)0.000 0th2022-03-252022-04-15
CVE-2019-1003029JenkinsScript Security Plugin0.000 0th2022-04-252022-05-16
CVE-2019-1003030JenkinsMatrix Project Plugin0.000 0th2022-03-252022-04-15
CVE-2019-10068KenticoXperience0.000 0th2022-03-252022-04-15
CVE-2019-10149EximMail Transfer Agent (MTA)0.000 0th2022-01-102022-07-10
CVE-2019-1064MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-1069MicrosoftTask Scheduler0.000 0th2022-03-152022-04-05
CVE-2019-10758MongoDBmongo-express0.000 0th2021-12-102022-06-10
CVE-2019-11001ReolinkMultiple IP Cameras0.000 0th2024-12-182025-01-08
CVE-2019-11043PHPFastCGI Process Manager (FPM)0.000 0th2022-03-252022-04-15
CVE-2019-1129MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-1130MicrosoftWindows0.000 0th2022-05-232022-06-13
CVE-2019-1132MicrosoftWin32k0.000 0th2022-03-152022-04-05
CVE-2019-11510IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2019-11539IvantiPulse Connect Secure and Pulse Policy Secure0.000 0th2021-11-032022-05-03
CVE-2019-11580AtlassianCrowd and Crowd Data Center0.000 0th2021-11-032022-05-03
CVE-2019-11581AtlassianJira Server and Data Center0.000 0th2022-03-072022-09-07
CVE-2019-11634CitrixWorkspace Application and Receiver for Windows0.000 0th2021-11-032022-05-03
CVE-2019-11707MozillaFirefox and Thunderbird0.000 0th2022-05-232022-06-13
CVE-2019-11708MozillaFirefox and Thunderbird0.000 0th2022-05-232022-06-13
CVE-2019-1214MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2019-1215MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2019-1253MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-1297MicrosoftExcel0.000 0th2022-03-032022-03-17
CVE-2019-12989CitrixSD-WAN and NetScaler0.000 0th2022-03-252022-04-15
CVE-2019-12991CitrixSD-WAN and NetScaler0.000 0th2022-03-252022-04-15
CVE-2019-1315MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-1322MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-13272LinuxKernel0.000 0th2021-12-102022-06-10
CVE-2019-13608CitrixStoreFront Server0.000 0th2021-11-032022-05-03
CVE-2019-1367MicrosoftInternet Explorer0.000 0th2021-11-032022-05-03
CVE-2019-13720GoogleChrome WebAudio0.000 0th2022-05-232022-06-13
CVE-2019-1385MicrosoftWindows0.000 0th2022-05-232022-06-13
CVE-2019-1388MicrosoftWindows0.000 0th2023-04-072023-04-28
CVE-2019-1405MicrosoftWindows0.000 0th2022-03-152022-04-05
CVE-2019-1429MicrosoftInternet Explorer0.000 0th2021-11-032022-05-03
CVE-2019-1458MicrosoftWin32k0.000 0th2022-01-102022-07-10
CVE-2019-15107WebminWebmin0.000 0th2022-03-252022-04-15
CVE-2019-15271CiscoRV Series Routers0.000 0th2022-06-082022-06-22
CVE-2019-15752DockerDesktop Community Edition0.000 0th2021-11-032022-05-03
CVE-2019-1579Palo Alto NetworksPAN-OS0.000 0th2022-01-102022-07-10
CVE-2019-15949NagiosNagios XI0.000 0th2021-11-032022-05-03
CVE-2019-16057D-LinkDNS-320 Storage Device0.000 0th2022-04-152022-05-06
CVE-2019-16256SIMallianceToolbox Browser0.000 0th2021-11-032022-05-03
CVE-2019-16278Nostromonhttpd0.000 0th2024-11-072024-11-28
CVE-2019-1652CiscoSmall Business RV320 and RV325 Dual Gigabit WAN VPN Routers0.000 0th2022-03-032022-03-17
CVE-2019-1653CiscoSmall Business RV320 and RV325 Routers0.000 0th2021-11-032022-05-03
CVE-2019-16759vBulletinvBulletin0.000 0th2021-11-032022-05-03
CVE-2019-16920D-LinkMultiple Routers0.000 0th2022-03-252022-04-15
CVE-2019-16928EximExim Internet Mailer0.000 0th2022-03-032022-03-17
CVE-2019-17026MozillaFirefox and Thunderbird0.000 0th2021-11-032022-05-03
CVE-2019-17558ApacheSolr0.000 0th2021-11-032022-05-03
CVE-2019-17621D-LinkDIR-859 Router0.000 0th2023-06-292023-07-20
CVE-2019-18187Trend MicroOfficeScan0.000 0th2021-11-032022-05-03
CVE-2019-18426Meta PlatformsWhatsApp0.000 0th2022-05-232022-06-13
CVE-2019-18935ProgressTelerik UI for ASP.NET AJAX0.000 0th2021-11-032022-05-03
CVE-2019-18988TeamViewerDesktop0.000 0th2021-11-032022-05-03
CVE-2019-19356NetisWF2419 Devices0.000 0th2021-11-032022-05-03
CVE-2019-19781CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance0.000 0th2021-11-032022-05-03
CVE-2019-20085TVTNVMS-10000.000 0th2021-11-032022-05-03
CVE-2019-20500D-LinkDWL-2600AP Access Point0.000 0th2023-06-292023-07-20
CVE-2019-2215AndroidAndroid Kernel0.000 0th2021-11-032022-05-03
CVE-2019-2616OracleBI Publisher (Formerly XML Publisher)0.000 0th2022-03-252022-04-15
CVE-2019-2725OracleWebLogic Server0.000 0th2022-01-102022-07-10
CVE-2019-3010OracleSolaris0.000 0th2022-05-252022-06-15
CVE-2019-3396AtlassianConfluence Server and Data Server0.000 0th2021-11-032022-05-03
CVE-2019-3398AtlassianConfluence Server and Data Center0.000 0th2021-11-032022-05-03
CVE-2019-3568Meta PlatformsWhatsApp0.000 0th2022-04-192022-05-10
CVE-2019-3929CrestronMultiple Products0.000 0th2022-04-152022-05-06
CVE-2019-4716IBMPlanning Analytics0.000 0th2021-11-032022-05-03
CVE-2019-5418RailsRuby on Rails0.000 0th2025-07-072025-07-28
CVE-2019-5544VMwareVMware ESXi and Horizon DaaS0.000 0th2021-11-032022-05-03
CVE-2019-5591FortinetFortiOS0.000 0th2021-11-032022-05-03
CVE-2019-5786GoogleChrome Blink0.000 0th2022-05-232022-06-13
CVE-2019-5825GoogleChromium V80.000 0th2022-06-082022-06-22
CVE-2019-6223AppleiOS and macOS0.000 0th2021-11-032022-05-03
CVE-2019-6340DrupalCore0.000 0th2022-03-252022-04-15
CVE-2019-6693FortinetFortiOS0.000 0th2025-06-252025-07-16
CVE-2019-7192QNAPPhoto Station0.000 0th2022-06-082022-06-22
CVE-2019-7193QNAPQTS0.000 0th2022-06-082022-06-22
CVE-2019-7194QNAPPhoto Station0.000 0th2022-06-082022-06-22
CVE-2019-7195QNAPPhoto Station0.000 0th2022-06-082022-06-22
CVE-2019-7238SonatypeNexus Repository Manager0.000 0th2021-12-102022-06-10
CVE-2019-7256NiceLinear eMerge E3-Series0.000 0th2024-03-252024-04-15
CVE-2019-7286AppleMultiple Products0.000 0th2022-05-232022-06-13
CVE-2019-7287AppleiOS0.000 0th2022-05-232022-06-13
CVE-2019-7481SonicWallSMA1000.000 0th2021-11-032022-05-03
CVE-2019-7483SonicWallSMA1000.000 0th2022-03-282022-04-18
CVE-2019-7609ElasticKibana0.000 0th2022-01-102022-07-10
CVE-2019-8394ZohoManageEngine0.000 0th2021-11-032022-05-03
CVE-2019-8506AppleMultiple Products0.000 0th2022-05-042022-05-25
CVE-2019-8526ApplemacOS0.000 0th2023-04-172023-05-08
CVE-2019-8605AppleMultiple Products0.000 0th2022-06-272022-07-18
CVE-2019-8720WebKitGTKWebKitGTK0.000 0th2022-05-232022-06-13
CVE-2019-9082ThinkPHPThinkPHP0.000 0th2021-11-032022-05-03
CVE-2019-9621SynacorZimbra Collaboration Suite (ZCS)0.000 0th2025-07-072025-07-28
CVE-2019-9670SynacorZimbra Collaboration Suite (ZCS)0.000 0th2022-01-102022-07-10
CVE-2019-9874SitecoreCMS and Experience Platform (XP)0.000 0th2025-03-262025-04-16
CVE-2019-9875SitecoreCMS and Experience Platform (XP)0.000 0th2025-03-262025-04-16
CVE-2019-9978WordPressSocial Warfare Plugin0.000 0th2021-11-032022-05-03
CVE-2020-0041AndroidAndroid Kernel0.000 0th2021-11-032022-05-03
CVE-2020-0069MediaTekMultiple Chipsets0.000 0th2021-11-032022-05-03
CVE-2020-0601MicrosoftWindows0.000 0th2021-11-032020-01-29
CVE-2020-0618MicrosoftSQL Server0.000 0th2024-09-182024-10-09
CVE-2020-0638MicrosoftUpdate Notification Manager0.000 0th2022-05-232022-06-13
CVE-2020-0646Microsoft.NET Framework0.000 0th2021-11-032022-05-03
CVE-2020-0674MicrosoftInternet Explorer0.000 0th2021-11-032022-05-03
CVE-2020-0683MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2020-0688MicrosoftExchange Server0.000 0th2021-11-032022-05-03
CVE-2020-0787MicrosoftWindows0.000 0th2022-01-282022-07-28
CVE-2020-0796MicrosoftSMBv30.000 0th2022-02-102022-08-10
CVE-2020-0878MicrosoftEdge and Internet Explorer0.000 0th2021-11-032022-05-03
CVE-2020-0938MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2020-0968MicrosoftInternet Explorer0.000 0th2021-11-032022-05-03
CVE-2020-0986MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2020-10148SolarWindsOrion0.000 0th2021-11-032022-05-03
CVE-2020-10181SumavisionEnhanced Multimedia Router (EMR)0.000 0th2021-11-032022-05-03
CVE-2020-10189ZohoManageEngine0.000 0th2021-11-032022-05-03
CVE-2020-10199SonatypeNexus Repository0.000 0th2021-11-032022-05-03
CVE-2020-1020MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2020-10221rConfigrConfig0.000 0th2021-11-032022-05-03
CVE-2020-1027MicrosoftWindows0.000 0th2022-05-232022-06-13
CVE-2020-1040MicrosoftHyper-V RemoteFX0.000 0th2021-11-032022-05-03
CVE-2020-1054MicrosoftWin32k0.000 0th2021-11-032022-05-03
CVE-2020-10987TendaAC1900 Router AC15 Model0.000 0th2021-11-032022-05-03
CVE-2020-11023JQueryJQuery0.000 0th2025-01-232025-02-13
CVE-2020-11261QualcommSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables0.000 0th2021-12-012022-06-01
CVE-2020-1147Microsoft.NET Framework, SharePoint, Visual Studio0.000 0th2021-11-032022-05-03
CVE-2020-11651SaltStackSalt0.000 0th2021-11-032022-05-03
CVE-2020-11652SaltStackSalt0.000 0th2021-11-032022-05-03
CVE-2020-11738WordPressSnap Creek Duplicator Plugin0.000 0th2021-11-032022-05-03
CVE-2020-11899Treck TCP/IP stackIPv60.000 0th2022-03-032022-03-17
CVE-2020-11978ApacheAirflow0.000 0th2022-01-182022-07-18
CVE-2020-12271SophosSFOS0.000 0th2021-11-032022-05-03
CVE-2020-12641RoundcubeRoundcube Webmail0.000 0th2023-06-222023-07-13
CVE-2020-12812FortinetFortiOS0.000 0th2021-11-032022-05-03
CVE-2020-1350MicrosoftWindows0.000 0th2021-11-032020-07-24
CVE-2020-13671DrupalDrupal core0.000 0th2022-01-182022-07-18
CVE-2020-1380MicrosoftInternet Explorer0.000 0th2021-11-032022-05-03
CVE-2020-13927ApacheAirflow's Experimental API0.000 0th2022-01-182022-07-18
CVE-2020-13965RoundcubeWebmail0.000 0th2024-06-262024-07-17
CVE-2020-1464MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2020-14644OracleWebLogic Server0.000 0th2024-09-182024-10-09
CVE-2020-1472MicrosoftNetlogon0.000 0th2021-11-032020-09-21
CVE-2020-14750OracleWebLogic Server0.000 0th2021-11-032022-05-03
CVE-2020-14864OracleIntelligence Enterprise Edition0.000 0th2022-01-182022-07-18
CVE-2020-14871OracleSolaris and Zettabyte File System (ZFS)0.000 0th2021-11-032022-05-03
CVE-2020-14882OracleWebLogic Server0.000 0th2021-11-032022-05-03
CVE-2020-14883OracleWebLogic Server0.000 0th2021-11-032022-05-03
CVE-2020-15069SophosXG Firewall0.000 0th2025-02-062025-02-27
CVE-2020-15415DrayTekMultiple Vigor Routers0.000 0th2024-09-302024-10-21
CVE-2020-15505IvantiMobileIron Multiple Products0.000 0th2021-11-032022-05-03
CVE-2020-15999GoogleChrome FreeType0.000 0th2021-11-032021-11-17
CVE-2020-16009GoogleChromium V80.000 0th2021-11-032022-05-03
CVE-2020-16010GoogleChrome for Android UI0.000 0th2021-11-032022-05-03
CVE-2020-16013GoogleChromium V80.000 0th2021-11-032022-05-03
CVE-2020-16017GoogleChrome0.000 0th2021-11-032022-05-03
CVE-2020-1631JuniperJunos OS0.000 0th2022-03-252022-04-15
CVE-2020-16846SaltStackSalt0.000 0th2021-11-032022-05-03
CVE-2020-17087MicrosoftWindows0.000 0th2021-11-032022-05-03
CVE-2020-17144MicrosoftExchange Server0.000 0th2021-11-032022-05-03
CVE-2020-17463Fuel CMSFuel CMS0.000 0th2021-12-102022-06-10
CVE-2020-17496vBulletinvBulletin0.000 0th2021-11-032022-05-03
CVE-2020-17519ApacheFlink0.000 0th2024-05-232024-06-13
CVE-2020-17530ApacheStruts0.000 0th2021-11-032022-05-03
CVE-2020-1938ApacheTomcat0.000 0th2022-03-032022-03-17
CVE-2020-1956ApacheKylin0.000 0th2022-03-252022-04-15
CVE-2020-2021Palo Alto NetworksPAN-OS0.000 0th2022-03-252022-04-15
CVE-2020-24363TP-LinkTL-WA855RE0.000 0th2025-09-022025-09-23
CVE-2020-24557Trend MicroApex One, OfficeScan, and Worry-Free Business Security0.000 0th2021-11-032022-05-03
CVE-2020-2506QNAP SystemsHelpdesk0.000 0th2022-03-252022-04-15
CVE-2020-25078D-LinkDCS-2530L and DCS-2670L Devices0.000 0th2025-08-052025-08-26
CVE-2020-25079D-LinkDCS-2530L and DCS-2670L Devices0.000 0th2025-08-052025-08-26
CVE-2020-2509QNAPQNAP Network-Attached Storage (NAS)0.000 0th2022-04-112022-05-02
CVE-2020-25213WordPressFile Manager Plugin0.000 0th2021-11-032022-05-03
CVE-2020-25223SophosSG UTM0.000 0th2022-03-252022-04-15
CVE-2020-25506D-LinkDNS-320 Device0.000 0th2021-11-032022-05-03
CVE-2020-2551OracleFusion Middleware0.000 0th2023-11-162023-12-07
CVE-2020-2555OracleMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-26919NETGEARJGS516PE Devices0.000 0th2021-11-032022-05-03
CVE-2020-27930AppleMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-27932AppleMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-27950AppleMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-2883OracleWebLogic Server0.000 0th2025-01-072025-01-28
CVE-2020-28949PEARArchive_Tar0.000 0th2022-08-252022-09-15
CVE-2020-29557D-LinkDIR-825 R1 Devices0.000 0th2021-11-032022-05-03
CVE-2020-29574SophosCyberoamOS0.000 0th2025-02-062025-02-27
CVE-2020-29583ZyxelMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-3118CiscoIOS XR0.000 0th2021-11-032022-05-03
CVE-2020-3153CiscoAnyConnect Secure0.000 0th2022-10-242022-11-14
CVE-2020-3161CiscoCisco IP Phones0.000 0th2021-11-032022-05-03
CVE-2020-3259CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)0.000 0th2024-02-152024-03-07
CVE-2020-3433CiscoAnyConnect Secure0.000 0th2022-10-242022-11-14
CVE-2020-3452CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)0.000 0th2021-11-032022-05-03
CVE-2020-3566CiscoIOS XR0.000 0th2021-11-032022-05-03
CVE-2020-3569CiscoIOS XR0.000 0th2021-11-032022-05-03
CVE-2020-35730RoundcubeRoundcube Webmail0.000 0th2023-06-222023-07-13
CVE-2020-3580CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)0.000 0th2021-11-032022-05-03
CVE-2020-36193PEARArchive_Tar0.000 0th2022-08-252022-09-15
CVE-2020-3837AppleMultiple Products0.000 0th2022-06-272022-07-18
CVE-2020-3950VMwareMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-3952VMwarevCenter Server0.000 0th2021-11-032022-05-03
CVE-2020-3992VMwareESXi0.000 0th2021-11-032022-05-03
CVE-2020-4006VMwareMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-4427IBMData Risk Manager0.000 0th2021-11-032022-05-03
CVE-2020-4428IBMData Risk Manager0.000 0th2021-11-032022-05-03
CVE-2020-4430IBMData Risk Manager0.000 0th2021-11-032022-05-03
CVE-2020-5135SonicWallSonicOS0.000 0th2022-03-152022-04-05
CVE-2020-5410VMware TanzuSpring Cloud Configuration (Config) Server0.000 0th2022-03-252022-04-15
CVE-2020-5722GrandstreamUCM62000.000 0th2022-01-282022-07-28
CVE-2020-5735AmcrestCameras and Network Video Recorder (NVR)0.000 0th2021-11-032022-05-03
CVE-2020-5741PlexMedia Server0.000 0th2023-03-102023-03-31
CVE-2020-5847UnraidUnraid0.000 0th2021-11-032022-05-03
CVE-2020-5849UnraidUnraid0.000 0th2021-11-032022-05-03
CVE-2020-5902F5BIG-IP0.000 0th2021-11-032022-05-03
CVE-2020-6207SAPSolution Manager0.000 0th2021-11-032022-05-03
CVE-2020-6287SAPNetWeaver0.000 0th2021-11-032022-05-03
CVE-2020-6418GoogleChromium V80.000 0th2021-11-032022-05-03
CVE-2020-6572GoogleChrome Media0.000 0th2022-01-102022-07-10
CVE-2020-6819MozillaFirefox and Thunderbird0.000 0th2021-11-032022-05-03
CVE-2020-6820MozillaFirefox and Thunderbird0.000 0th2021-11-032022-05-03
CVE-2020-7247OpenBSDOpenSMTPD0.000 0th2022-03-252022-04-15
CVE-2020-7961LiferayLiferay Portal0.000 0th2021-11-032022-05-03
CVE-2020-8193CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance0.000 0th2021-11-032022-05-03
CVE-2020-8195CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance0.000 0th2021-11-032022-05-03
CVE-2020-8196CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance0.000 0th2021-11-032022-05-03
CVE-2020-8218Pulse SecurePulse Connect Secure0.000 0th2022-03-072022-09-07
CVE-2020-8243IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2020-8260IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2020-8467Trend MicroApex One and OfficeScan0.000 0th2021-11-032022-05-03
CVE-2020-8468Trend MicroApex One, OfficeScan and Worry-Free Business Security Agents0.000 0th2021-11-032022-05-03
CVE-2020-8515DrayTekMultiple Vigor Routers0.000 0th2021-11-032022-05-03
CVE-2020-8599Trend MicroApex One and OfficeScan0.000 0th2021-11-032022-05-03
CVE-2020-8644PlaySMSPlaySMS0.000 0th2021-11-032022-05-03
CVE-2020-8655EyesOfNetworkEyesOfNetwork0.000 0th2021-11-032022-05-03
CVE-2020-8657EyesOfNetworkEyesOfNetwork0.000 0th2021-11-032022-05-03
CVE-2020-8816Pi-holeAdminLTE0.000 0th2021-12-102022-06-10
CVE-2020-9054ZyxelMultiple Network-Attached Storage (NAS) Devices0.000 0th2022-03-252022-04-15
CVE-2020-9377D-LinkDIR-610 Devices0.000 0th2022-03-252022-04-15
CVE-2020-9818AppleiOS, iPadOS, and watchOS0.000 0th2021-11-032022-05-03
CVE-2020-9819AppleiOS, iPadOS, and watchOS0.000 0th2021-11-032022-05-03
CVE-2020-9859AppleMultiple Products0.000 0th2021-11-032022-05-03
CVE-2020-9907AppleMultiple Products0.000 0th2022-06-272022-07-18
CVE-2020-9934AppleiOS, iPadOS, and macOS0.000 0th2022-09-082022-09-29
CVE-2021-0920AndroidKernel0.000 0th2022-05-232022-06-13
CVE-2021-1048AndroidKernel0.000 0th2022-05-232022-06-13
CVE-2021-1497CiscoHyperFlex HX0.000 0th2021-11-032021-11-17
CVE-2021-1498CiscoHyperFlex HX0.000 0th2021-11-032021-11-17
CVE-2021-1647MicrosoftDefender0.000 0th2021-11-032021-11-17
CVE-2021-1675MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-1732MicrosoftWin32k0.000 0th2021-11-032021-11-17
CVE-2021-1782AppleMultiple Products0.000 0th2021-11-032021-11-17
CVE-2021-1789AppleMultiple Products0.000 0th2022-05-042022-05-25
CVE-2021-1870AppleiOS, iPadOS, and macOS0.000 0th2021-11-032021-11-17
CVE-2021-1871AppleiOS, iPadOS, and macOS0.000 0th2021-11-032021-11-17
CVE-2021-1879AppleiOS, iPadOS, and watchOS0.000 0th2021-11-032021-11-17
CVE-2021-1905QualcommMultiple Chipsets0.000 0th2021-11-032022-05-03
CVE-2021-1906QualcommMultiple Chipsets0.000 0th2021-11-032021-11-17
CVE-2021-20016SonicWallSSLVPN SMA1000.000 0th2021-11-032021-11-17
CVE-2021-20021SonicWallSonicWall Email Security0.000 0th2021-11-032021-11-17
CVE-2021-20022SonicWallSonicWall Email Security0.000 0th2021-11-032021-11-17
CVE-2021-20023SonicWallSonicWall Email Security0.000 0th2021-11-032021-11-17
CVE-2021-20028SonicWallSecure Remote Access (SRA)0.000 0th2022-03-282022-04-18
CVE-2021-20035SonicWallSMA100 Appliances0.000 0th2025-04-162025-05-07
CVE-2021-20038SonicWallSMA 100 Appliances0.000 0th2022-01-282022-02-11
CVE-2021-20090ArcadyanBuffalo Firmware0.000 0th2021-11-032021-11-17
CVE-2021-20123DrayTekVigorConnect0.000 0th2024-09-032024-09-24
CVE-2021-20124DrayTekVigorConnect0.000 0th2024-09-032024-09-24
CVE-2021-21017AdobeAcrobat and Reader0.000 0th2021-11-032021-11-17
CVE-2021-21148GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-21166GoogleChromium0.000 0th2021-11-032021-11-17
CVE-2021-21193GoogleChromium Blink0.000 0th2021-11-032021-11-17
CVE-2021-21206GoogleChromium Blink0.000 0th2021-11-032021-11-17
CVE-2021-21220GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-21224GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-21311AdminerAdminer0.000 0th2025-09-292025-10-20
CVE-2021-21315Npm packageSystem Information Library for Node.JS0.000 0th2022-01-182022-02-01
CVE-2021-21551Delldbutil Driver0.000 0th2022-03-312022-04-21
CVE-2021-21972VMwarevCenter Server0.000 0th2021-11-032021-11-17
CVE-2021-21973VMwarevCenter Server and Cloud Foundation0.000 0th2022-03-072022-03-21
CVE-2021-21975VMwarevRealize Operations Manager API0.000 0th2022-01-182022-02-01
CVE-2021-21985VMwarevCenter Server0.000 0th2021-11-032021-11-17
CVE-2021-22005VMwarevCenter Server0.000 0th2021-11-032021-11-17
CVE-2021-22017VMwarevCenter Server0.000 0th2022-01-102022-01-24
CVE-2021-22204PerlExiftool0.000 0th2021-11-172021-12-01
CVE-2021-22205GitLabCommunity and Enterprise Editions0.000 0th2021-11-032021-11-17
CVE-2021-22502Micro FocusOperation Bridge Reporter (OBR)0.000 0th2021-11-032021-11-17
CVE-2021-22506Micro FocusMicro Focus Access Manager0.000 0th2021-11-032021-11-17
CVE-2021-22555LinuxKernel0.000 0th2025-10-062025-10-27
CVE-2021-22600LinuxKernel0.000 0th2022-04-112022-05-02
CVE-2021-22893IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2021-22894IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2021-22899IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2021-22900IvantiPulse Connect Secure0.000 0th2021-11-032021-04-23
CVE-2021-22941CitrixShareFile0.000 0th2022-03-252022-04-15
CVE-2021-22986F5BIG-IP and BIG-IQ Centralized Management0.000 0th2021-11-032021-11-17
CVE-2021-22991F5BIG-IP Traffic Management Microkernel0.000 0th2022-01-182022-02-01
CVE-2021-23874McAfeeMcAfee Total Protection (MTP)0.000 0th2021-11-032021-11-17
CVE-2021-25296NagiosNagios XI0.000 0th2022-01-182022-02-01
CVE-2021-25297NagiosNagios XI0.000 0th2022-01-182022-02-01
CVE-2021-25298NagiosNagios XI0.000 0th2022-01-182022-02-01
CVE-2021-25337SamsungMobile Devices0.000 0th2022-11-082022-11-29
CVE-2021-25369SamsungMobile Devices0.000 0th2022-11-082022-11-29
CVE-2021-25370SamsungMobile Devices0.000 0th2022-11-082022-11-29
CVE-2021-25371SamsungMobile Devices0.000 0th2023-06-292023-07-20
CVE-2021-25372SamsungMobile Devices0.000 0th2023-06-292023-07-20
CVE-2021-25394SamsungMobile Devices0.000 0th2023-06-292023-07-20
CVE-2021-25395SamsungMobile Devices0.000 0th2023-06-292023-07-20
CVE-2021-25487SamsungMobile Devices0.000 0th2023-06-292023-07-20
CVE-2021-25489SamsungMobile Devices0.000 0th2023-06-292023-07-20
CVE-2021-26084AtlassianConfluence Server and Data Center0.000 0th2021-11-032021-11-17
CVE-2021-26085AtlassianConfluence Server0.000 0th2022-03-282022-04-18
CVE-2021-26086AtlassianJira Server and Data Center0.000 0th2024-11-122024-12-03
CVE-2021-26411MicrosoftInternet Explorer0.000 0th2021-11-032021-11-17
CVE-2021-26828OpenPLCScadaBR0.000 0th2025-12-032025-12-24
CVE-2021-26829OpenPLCScadaBR0.000 0th2025-11-282025-12-19
CVE-2021-26855MicrosoftExchange Server0.000 0th2021-11-032021-04-16
CVE-2021-26857MicrosoftExchange Server0.000 0th2021-11-032021-04-16
CVE-2021-26858MicrosoftExchange Server0.000 0th2021-11-032021-04-16
CVE-2021-27059MicrosoftOffice0.000 0th2021-11-032021-11-17
CVE-2021-27065MicrosoftExchange Server0.000 0th2021-11-032021-04-16
CVE-2021-27085MicrosoftInternet Explorer0.000 0th2021-11-032021-11-17
CVE-2021-27101AccellionFTA0.000 0th2021-11-032021-11-17
CVE-2021-27102AccellionFTA0.000 0th2021-11-032021-11-17
CVE-2021-27103AccellionFTA0.000 0th2021-11-032021-11-17
CVE-2021-27104AccellionFTA0.000 0th2021-11-032021-11-17
CVE-2021-27561YealinkDevice Management0.000 0th2021-11-032021-11-17
CVE-2021-27562ArmTrusted Firmware0.000 0th2021-11-032021-11-17
CVE-2021-27852CheckboxCheckbox Survey0.000 0th2022-04-112022-05-02
CVE-2021-27860FatPipeWARP, IPVPN, and MPVPN software0.000 0th2022-01-102022-01-24
CVE-2021-27876VeritasBackup Exec Agent0.000 0th2023-04-072023-04-28
CVE-2021-27877VeritasBackup Exec Agent0.000 0th2023-04-072023-04-28
CVE-2021-27878VeritasBackup Exec Agent0.000 0th2023-04-072023-04-28
CVE-2021-28310MicrosoftWin32k0.000 0th2021-11-032021-11-17
CVE-2021-28550AdobeAcrobat and Reader0.000 0th2021-11-032021-11-17
CVE-2021-28663ArmMali Graphics Processing Unit (GPU)0.000 0th2021-11-032021-11-17
CVE-2021-28664ArmMali Graphics Processing Unit (GPU)0.000 0th2021-11-032021-11-17
CVE-2021-28799QNAPNetwork Attached Storage (NAS)0.000 0th2022-03-312022-04-21
CVE-2021-29256ArmMali Graphics Processing Unit (GPU)0.000 0th2023-07-072023-07-28
CVE-2021-30116KaseyaVirtual System/Server Administrator (VSA)0.000 0th2021-11-032021-11-17
CVE-2021-30533GoogleChromium PopupBlocker0.000 0th2022-06-272022-07-18
CVE-2021-30551GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-30554GoogleChromium WebGL0.000 0th2021-11-032021-11-17
CVE-2021-30563GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-30632GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-30633GoogleChromium Indexed DB API0.000 0th2021-11-032021-11-17
CVE-2021-30657ApplemacOS0.000 0th2021-11-032021-11-17
CVE-2021-30661AppleMultiple Products0.000 0th2021-11-032021-11-17
CVE-2021-30663AppleMultiple Products0.000 0th2021-11-032021-11-17
CVE-2021-30665AppleMultiple Products0.000 0th2021-11-032021-11-17
CVE-2021-30666AppleiOS0.000 0th2021-11-032021-11-17
CVE-2021-30713ApplemacOS0.000 0th2021-11-032021-11-17
CVE-2021-30761AppleiOS0.000 0th2021-11-032021-11-17
CVE-2021-30762AppleiOS0.000 0th2021-11-032021-11-17
CVE-2021-30807AppleMultiple Products0.000 0th2021-11-032021-11-17
CVE-2021-30858AppleiOS, iPadOS, and macOS0.000 0th2021-11-032021-11-17
CVE-2021-30860AppleMultiple Products0.000 0th2021-11-032021-11-17
CVE-2021-30869AppleiOS, iPadOS, and macOS0.000 0th2021-11-032021-11-17
CVE-2021-30883AppleMultiple Products0.000 0th2022-05-232022-06-13
CVE-2021-30900AppleiOS, iPadOS, and macOS0.000 0th2023-03-302023-04-20
CVE-2021-30983AppleiOS and iPadOS0.000 0th2022-06-272022-07-18
CVE-2021-31010AppleiOS, macOS, watchOS0.000 0th2022-08-252022-09-15
CVE-2021-31166MicrosoftHTTP Protocol Stack0.000 0th2022-04-062022-04-27
CVE-2021-31196MicrosoftExchange Server0.000 0th2024-08-212024-09-11
CVE-2021-31199MicrosoftEnhanced Cryptographic Provider0.000 0th2021-11-032021-11-17
CVE-2021-31201MicrosoftEnhanced Cryptographic Provider0.000 0th2021-11-032021-11-17
CVE-2021-31207MicrosoftExchange Server0.000 0th2021-11-032021-11-17
CVE-2021-3129LaravelIgnition0.000 0th2023-09-182023-10-09
CVE-2021-3156SudoSudo0.000 0th2022-04-062022-04-27
CVE-2021-31755TendaAC11 Router0.000 0th2021-11-032021-11-17
CVE-2021-31955MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-31956MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-31979MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-32030ASUSRouters0.000 0th2025-06-022025-06-23
CVE-2021-32648October CMSOctober CMS0.000 0th2022-01-182022-02-01
CVE-2021-33044DahuaIP Camera Firmware0.000 0th2024-08-212024-09-11
CVE-2021-33045DahuaIP Camera Firmware0.000 0th2024-08-212024-09-11
CVE-2021-33739MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-33742MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-33766MicrosoftExchange Server0.000 0th2022-01-182022-02-01
CVE-2021-33771MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-34448MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-34473MicrosoftExchange Server0.000 0th2021-11-032021-11-17
CVE-2021-34484MicrosoftWindows0.000 0th2022-03-312022-04-21
CVE-2021-34486MicrosoftWindows0.000 0th2022-03-282022-04-18
CVE-2021-34523MicrosoftExchange Server0.000 0th2021-11-032021-11-17
CVE-2021-34527MicrosoftWindows0.000 0th2021-11-032021-07-20
CVE-2021-3493LinuxKernel0.000 0th2022-10-202022-11-10
CVE-2021-35211SolarWindsServ-U0.000 0th2021-11-032021-11-17
CVE-2021-35247SolarWindsServ-U0.000 0th2022-01-212022-02-04
CVE-2021-35394RealtekJungle Software Development Kit (SDK)0.000 0th2021-12-102021-12-24
CVE-2021-35395RealtekAP-Router SDK0.000 0th2021-11-032021-11-17
CVE-2021-35464ForgeRockAccess Management (AM)0.000 0th2021-11-032021-11-17
CVE-2021-35587OracleFusion Middleware0.000 0th2022-11-282022-12-19
CVE-2021-3560Red HatPolkit0.000 0th2023-05-122023-06-02
CVE-2021-36260HikvisionSecurity cameras web server0.000 0th2022-01-102022-01-24
CVE-2021-36380SunhilloSureLine0.000 0th2024-03-052024-03-26
CVE-2021-36741Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security0.000 0th2021-11-032021-11-17
CVE-2021-36742Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security0.000 0th2021-11-032021-11-17
CVE-2021-36934MicrosoftWindows0.000 0th2022-02-102022-02-24
CVE-2021-36942MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-36948MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-36955MicrosoftWindows0.000 0th2021-11-032021-11-17
CVE-2021-37415ZohoManageEngine ServiceDesk Plus (SDP)0.000 0th2021-12-012021-12-15
CVE-2021-37973GoogleChromium Portals0.000 0th2021-11-032021-11-17
CVE-2021-37975GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-37976GoogleChromium0.000 0th2021-11-032021-11-17
CVE-2021-38000GoogleChromium Intents0.000 0th2021-11-032021-11-17
CVE-2021-38003GoogleChromium V80.000 0th2021-11-032021-11-17
CVE-2021-38163SAPNetWeaver0.000 0th2022-06-092022-06-30
CVE-2021-38406Delta ElectronicsDOPSoft 20.000 0th2022-08-252022-09-15
CVE-2021-38645MicrosoftOpen Management Infrastructure (OMI)0.000 0th2021-11-032021-11-17
CVE-2021-38646MicrosoftOffice0.000 0th2022-03-282022-04-18
CVE-2021-38647MicrosoftOpen Management Infrastructure (OMI)0.000 0th2021-11-032021-11-17
CVE-2021-38648MicrosoftOpen Management Infrastructure (OMI)0.000 0th2021-11-032021-11-17
CVE-2021-38649MicrosoftOpen Management Infrastructure (OMI)0.000 0th2021-11-032021-11-17
CVE-2021-39144XStreamXStream0.000 0th2023-03-102023-03-31
CVE-2021-39226Grafana LabsGrafana0.000 0th2022-08-252022-09-15
CVE-2021-39793GooglePixel0.000 0th2022-04-112022-05-02
CVE-2021-4034Red HatPolkit0.000 0th2022-06-272022-07-18
CVE-2021-40407ReolinkRLC-410W IP Camera0.000 0th2024-12-182025-01-08
CVE-2021-40438ApacheApache0.000 0th2021-12-012021-12-15
CVE-2021-40444MicrosoftMSHTML0.000 0th2021-11-032021-11-17
CVE-2021-40449MicrosoftWindows0.000 0th2021-11-172021-12-01
CVE-2021-40450MicrosoftWin32k0.000 0th2022-04-252022-05-16
CVE-2021-40539ZohoManageEngine0.000 0th2021-11-032021-11-17
CVE-2021-40655D-LinkDIR-605 Router0.000 0th2024-05-162024-06-06
CVE-2021-40870AviatrixAviatrix Controller0.000 0th2022-01-182022-02-01
CVE-2021-4102GoogleChromium V80.000 0th2021-12-152021-12-29
CVE-2021-41277MetabaseMetabase0.000 0th2024-11-122024-12-03
CVE-2021-41357MicrosoftWin32k0.000 0th2022-04-252022-05-16
CVE-2021-41379MicrosoftWindows0.000 0th2022-03-032022-03-17
CVE-2021-41773ApacheHTTP Server0.000 0th2021-11-032021-11-17
CVE-2021-42013ApacheHTTP Server0.000 0th2021-11-032021-11-17
CVE-2021-42237SitecoreXP0.000 0th2022-03-252022-04-15
CVE-2021-42258BQEBillQuick Web Suite0.000 0th2021-11-032021-11-17
CVE-2021-42278MicrosoftActive Directory0.000 0th2022-04-112022-05-02
CVE-2021-42287MicrosoftActive Directory0.000 0th2022-04-112022-05-02
CVE-2021-42292MicrosoftOffice0.000 0th2021-11-172021-12-01
CVE-2021-42321MicrosoftExchange0.000 0th2021-11-172021-12-01
CVE-2021-43226MicrosoftWindows0.000 0th2025-10-062025-10-27
CVE-2021-43798Grafana LabsGrafana0.000 0th2025-10-092025-10-30
CVE-2021-43890MicrosoftWindows0.000 0th2021-12-152021-12-29
CVE-2021-44026RoundcubeRoundcube Webmail0.000 0th2023-06-222023-07-13
CVE-2021-44077ZohoManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus0.000 0th2021-12-012021-12-15
CVE-2021-44168FortinetFortiOS0.000 0th2021-12-102021-12-24
CVE-2021-44207Acclaim SystemsUSAHERDS0.000 0th2024-12-232025-01-13
CVE-2021-44228ApacheLog4j20.000 0th2021-12-102021-12-24
CVE-2021-44515ZohoDesktop Central0.000 0th2021-12-102021-12-24
CVE-2021-44529IvantiEndpoint Manager Cloud Service Appliance (EPM CSA)0.000 0th2024-03-252024-04-15
CVE-2021-45046ApacheLog4j20.000 0th2023-05-012023-05-22
CVE-2021-45382D-LinkMultiple Routers0.000 0th2022-04-042022-04-25
CVE-2022-0028Palo Alto NetworksPAN-OS0.000 0th2022-08-222022-09-12
CVE-2022-0185LinuxKernel0.000 0th2024-08-212024-09-11
CVE-2022-0543RedisDebian-specific Redis Servers0.000 0th2022-03-282022-04-18
CVE-2022-0609GoogleChromium Animation0.000 0th2022-02-152022-03-01
CVE-2022-0847LinuxKernel0.000 0th2022-04-252022-05-16
CVE-2022-1040SophosFirewall0.000 0th2022-03-312022-04-21
CVE-2022-1096GoogleChromium V80.000 0th2022-03-282022-04-18
CVE-2022-1364GoogleChromium V80.000 0th2022-04-152022-05-06
CVE-2022-1388F5BIG-IP0.000 0th2022-05-102022-05-31
CVE-2022-20699CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers0.000 0th2022-03-032022-03-17
CVE-2022-20700CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers0.000 0th2022-03-032022-03-17
CVE-2022-20701CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers0.000 0th2022-03-032022-03-17
CVE-2022-20703CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers0.000 0th2022-03-032022-03-17
CVE-2022-20708CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers0.000 0th2022-03-032022-03-17
CVE-2022-20821CiscoIOS XR0.000 0th2022-05-232022-06-13
CVE-2022-21445OracleADF Faces0.000 0th2024-09-182024-10-09
CVE-2022-21587OracleE-Business Suite0.000 0th2023-02-022023-02-23
CVE-2022-21882MicrosoftWin32k0.000 0th2022-02-042022-02-18
CVE-2022-21919MicrosoftWindows0.000 0th2022-04-252022-05-16
CVE-2022-21971MicrosoftWindows0.000 0th2022-08-182022-09-08
CVE-2022-21999MicrosoftWindows0.000 0th2022-03-252022-04-15
CVE-2022-22047MicrosoftWindows0.000 0th2022-07-122022-08-02
CVE-2022-22071QualcommMultiple Chipsets0.000 0th2023-12-052023-12-26
CVE-2022-22265SamsungMobile Devices0.000 0th2023-09-182023-10-09
CVE-2022-22536SAPMultiple Products0.000 0th2022-08-182022-09-08
CVE-2022-22587AppleiOS and macOS0.000 0th2022-01-282022-02-11
CVE-2022-22620AppleiOS, iPadOS, and macOS0.000 0th2022-02-112022-02-25
CVE-2022-22674ApplemacOS0.000 0th2022-04-042022-04-25
CVE-2022-22675ApplemacOS0.000 0th2022-04-042022-04-25
CVE-2022-22706ArmMali Graphics Processing Unit (GPU)0.000 0th2023-03-302023-04-20
CVE-2022-22718MicrosoftWindows0.000 0th2022-04-192022-05-10
CVE-2022-2294WebRTCWebRTC0.000 0th2022-08-252022-09-15
CVE-2022-22947VMwareSpring Cloud Gateway0.000 0th2022-05-162022-06-06
CVE-2022-22948VMwarevCenter Server0.000 0th2024-07-172024-08-07
CVE-2022-22954VMwareWorkspace ONE Access and Identity Manager0.000 0th2022-04-142022-05-05
CVE-2022-22960VMwareMultiple Products0.000 0th2022-04-152022-05-06
CVE-2022-22963VMware TanzuSpring Cloud0.000 0th2022-08-252022-09-15
CVE-2022-22965VMwareSpring Framework0.000 0th2022-04-042022-04-25
CVE-2022-23131ZabbixFrontend0.000 0th2022-02-222022-03-08
CVE-2022-23134ZabbixFrontend0.000 0th2022-02-222022-03-08
CVE-2022-23176WatchGuardFirebox and XTM0.000 0th2022-04-112022-05-02
CVE-2022-23227NUUONVRmini2 Devices0.000 0th2024-12-182025-01-08
CVE-2022-23748AudinateDante Discovery0.000 0th2025-02-062025-02-27
CVE-2022-24086AdobeCommerce and Magento Open Source0.000 0th2022-02-152022-03-01
CVE-2022-24112ApacheAPISIX0.000 0th2022-08-252022-09-15
CVE-2022-24521MicrosoftWindows0.000 0th2022-04-132022-05-04
CVE-2022-24682SynacorZimbra Collaborate Suite (ZCS)0.000 0th2022-02-252022-03-11
CVE-2022-24706ApacheCouchDB0.000 0th2022-08-252022-09-15
CVE-2022-24816OSGeoJAI-EXT0.000 0th2024-06-262024-07-17
CVE-2022-24990TerraMasterTerraMaster OS0.000 0th2023-02-102023-03-03
CVE-2022-2586LinuxKernel0.000 0th2024-06-262024-07-17
CVE-2022-26134AtlassianConfluence Server/Data Center0.000 0th2022-06-022022-06-06
CVE-2022-26138AtlassianConfluence0.000 0th2022-07-292022-08-19
CVE-2022-26143MitelMiCollab, MiVoice Business Express0.000 0th2022-03-252022-04-15
CVE-2022-26258D-LinkDIR-820L0.000 0th2022-09-082022-09-29
CVE-2022-26318WatchGuardFirebox and XTM Appliances0.000 0th2022-03-252022-04-15
CVE-2022-26352dotCMSdotCMS0.000 0th2022-08-252022-09-15
CVE-2022-26485MozillaFirefox0.000 0th2022-03-072022-03-21
CVE-2022-26486MozillaFirefox0.000 0th2022-03-072022-03-21
CVE-2022-26500VeeamBackup & Replication0.000 0th2022-12-132023-01-03
CVE-2022-26501VeeamBackup & Replication0.000 0th2022-12-132023-01-03
CVE-2022-26871Trend MicroApex Central0.000 0th2022-03-312022-04-21
CVE-2022-26904MicrosoftWindows0.000 0th2022-04-252022-05-16
CVE-2022-26923MicrosoftActive Directory0.000 0th2022-08-182022-09-08
CVE-2022-26925MicrosoftWindows0.000 0th2022-07-012022-07-22
CVE-2022-27518CitrixApplication Delivery Controller (ADC) and Gateway0.000 0th2022-12-132023-01-03
CVE-2022-27593QNAPPhoto Station0.000 0th2022-09-082022-09-29
CVE-2022-27924SynacorZimbra Collaboration Suite (ZCS)0.000 0th2022-08-042022-08-25
CVE-2022-27925SynacorZimbra Collaboration Suite (ZCS)0.000 0th2022-08-112022-09-01
CVE-2022-27926SynacorZimbra Collaboration Suite (ZCS)0.000 0th2023-04-032023-04-24
CVE-2022-2856GoogleChromium Intents0.000 0th2022-08-182022-09-08
CVE-2022-28810ZohoManageEngine0.000 0th2023-03-072023-03-28
CVE-2022-29303SolarViewCompact0.000 0th2023-07-132023-08-03
CVE-2022-29464WSO2Multiple Products0.000 0th2022-04-252022-05-16
CVE-2022-29499MitelMiVoice Connect0.000 0th2022-06-272022-07-18
CVE-2022-30190MicrosoftWindows0.000 0th2022-06-142022-07-05
CVE-2022-30333RARLABUnRAR0.000 0th2022-08-092022-08-30
CVE-2022-3038GoogleChromium Network Service0.000 0th2023-03-302023-04-20
CVE-2022-30525ZyxelMultiple Firewalls0.000 0th2022-05-162022-06-06
CVE-2022-3075GoogleChromium Mojo0.000 0th2022-09-082022-09-29
CVE-2022-31199NetwrixAuditor0.000 0th2023-07-112023-08-01
CVE-2022-3236SophosFirewall0.000 0th2022-09-232022-10-14
CVE-2022-32893AppleiOS and macOS0.000 0th2022-08-182022-09-08
CVE-2022-32894AppleiOS and macOS0.000 0th2022-08-182022-09-08
CVE-2022-32917AppleiOS, iPadOS, and macOS0.000 0th2022-09-142022-10-05
CVE-2022-33891ApacheSpark0.000 0th2023-03-072023-03-28
CVE-2022-34713MicrosoftWindows0.000 0th2022-08-092022-08-30
CVE-2022-35405ZohoManageEngine0.000 0th2022-09-222022-10-13
CVE-2022-35914TeclibGLPI0.000 0th2023-03-072023-03-28
CVE-2022-36537ZK FrameworkAuUploader0.000 0th2023-02-272023-03-20
CVE-2022-36804AtlassianBitbucket Server and Data Center0.000 0th2022-09-302022-10-21
CVE-2022-37042SynacorZimbra Collaboration Suite (ZCS)0.000 0th2022-08-112022-09-01
CVE-2022-37055D-LinkRouters0.000 0th2025-12-082025-12-29
CVE-2022-3723GoogleChromium V80.000 0th2022-10-282022-11-18
CVE-2022-37969MicrosoftWindows0.000 0th2022-09-142022-10-05
CVE-2022-38028MicrosoftWindows0.000 0th2024-04-232024-05-14
CVE-2022-38181ArmMali Graphics Processing Unit (GPU)0.000 0th2023-03-302023-04-20
CVE-2022-39197FortraCobalt Strike0.000 0th2023-03-302023-04-20
CVE-2022-40139Trend MicroApex One and Apex One as a Service0.000 0th2022-09-152022-10-06
CVE-2022-40684FortinetMultiple Products0.000 0th2022-10-112022-11-01
CVE-2022-40765MitelMiVoice Connect0.000 0th2023-02-212023-03-14
CVE-2022-40799D-LinkDNR-322L0.000 0th2025-08-052025-08-26
CVE-2022-41033MicrosoftWindows COM+ Event System Service0.000 0th2022-10-112022-11-01
CVE-2022-41040MicrosoftExchange Server0.000 0th2022-09-302022-10-21
CVE-2022-41049MicrosoftWindows0.000 0th2022-11-142022-12-09
CVE-2022-41073MicrosoftWindows0.000 0th2022-11-082022-12-09
CVE-2022-41080MicrosoftExchange Server0.000 0th2023-01-102023-01-31
CVE-2022-41082MicrosoftExchange Server0.000 0th2022-09-302022-10-21
CVE-2022-41091MicrosoftWindows0.000 0th2022-11-082022-12-09
CVE-2022-41125MicrosoftWindows0.000 0th2022-11-082022-12-09
CVE-2022-41128MicrosoftWindows0.000 0th2022-11-082022-12-09
CVE-2022-41223MitelMiVoice Connect0.000 0th2023-02-212023-03-14
CVE-2022-41328FortinetFortiOS0.000 0th2023-03-142023-04-04
CVE-2022-4135GoogleChromium GPU0.000 0th2022-11-282022-12-19
CVE-2022-41352SynacorZimbra Collaboration Suite (ZCS)0.000 0th2022-10-202022-11-10
CVE-2022-42475FortinetFortiOS0.000 0th2022-12-132023-01-03
CVE-2022-4262GoogleChromium V80.000 0th2022-12-052022-12-26
CVE-2022-42827AppleiOS and iPadOS0.000 0th2022-10-252022-11-15
CVE-2022-42856AppleiOS0.000 0th2022-12-142023-01-04
CVE-2022-42948FortraCobalt Strike0.000 0th2023-03-302023-04-20
CVE-2022-43769Hitachi VantaraPentaho Business Analytics (BA) Server0.000 0th2025-03-032025-03-24
CVE-2022-43939Hitachi VantaraPentaho Business Analytics (BA) Server0.000 0th2025-03-032025-03-24
CVE-2022-44698MicrosoftDefender0.000 0th2022-12-132023-01-03
CVE-2022-44877CWPControl Web Panel0.000 0th2023-01-172023-02-07
CVE-2022-46169CactiCacti0.000 0th2023-02-162023-03-09
CVE-2022-47966ZohoManageEngine0.000 0th2023-01-232023-02-13
CVE-2022-47986IBMAspera Faspex0.000 0th2023-02-212023-03-14
CVE-2022-48503AppleMultiple Products0.000 0th2025-10-202025-11-10
CVE-2022-48618AppleMultiple Products0.000 0th2024-01-312024-02-21
CVE-2023-0266LinuxKernel0.000 0th2023-03-302023-04-20
CVE-2023-0386LinuxKernel0.000 0th2025-06-172025-07-08
CVE-2023-0669FortraGoAnywhere MFT0.000 0th2023-02-102023-03-03
CVE-2023-1389TP-LinkArcher AX210.000 0th2023-05-012023-05-22
CVE-2023-1671SophosWeb Appliance0.000 0th2023-11-162023-12-07
CVE-2023-20109CiscoIOS and IOS XE0.000 0th2023-10-102023-10-31
CVE-2023-20118CiscoSmall Business RV Series Routers0.000 0th2025-03-032025-03-24
CVE-2023-20198CiscoIOS XE Web UI0.000 0th2023-10-162023-10-20
CVE-2023-20269CiscoAdaptive Security Appliance and Firepower Threat Defense0.000 0th2023-09-132023-10-04
CVE-2023-20273CiscoCisco IOS XE Web UI0.000 0th2023-10-232023-10-27
CVE-2023-2033GoogleChromium V80.000 0th2023-04-172023-05-08
CVE-2023-20867VMwareTools0.000 0th2023-06-232023-07-14
CVE-2023-20887VMwareAria Operations for Networks0.000 0th2023-06-222023-07-13
CVE-2023-20963AndroidFramework0.000 0th2023-04-132023-05-04
CVE-2023-21237AndroidPixel0.000 0th2024-03-052024-03-26
CVE-2023-2136GoogleChromium Skia0.000 0th2023-04-212023-05-12
CVE-2023-21492SamsungMobile Devices0.000 0th2023-05-192023-06-09
CVE-2023-21608AdobeAcrobat and Reader0.000 0th2023-10-102023-10-31
CVE-2023-21674MicrosoftWindows0.000 0th2023-01-102023-01-31
CVE-2023-21715MicrosoftOffice0.000 0th2023-02-142023-03-07
CVE-2023-21823MicrosoftWindows0.000 0th2023-02-142023-03-07
CVE-2023-21839OracleWebLogic Server0.000 0th2023-05-012023-05-22
CVE-2023-22515AtlassianConfluence Data Center and Server0.000 0th2023-10-052023-10-13
CVE-2023-22518AtlassianConfluence Data Center and Server0.000 0th2023-11-072023-11-28
CVE-2023-22527AtlassianConfluence Data Center and Server0.000 0th2024-01-242024-02-14
CVE-2023-22952SugarCRMMultiple Products0.000 0th2023-02-022023-02-23
CVE-2023-23376MicrosoftWindows0.000 0th2023-02-142023-03-07
CVE-2023-23397MicrosoftOffice0.000 0th2023-03-142023-04-04
CVE-2023-23529AppleMultiple Products0.000 0th2023-02-142023-03-07
CVE-2023-23752Joomla!Joomla!0.000 0th2024-01-082024-01-29
CVE-2023-24489CitrixContent Collaboration0.000 0th2023-08-162023-09-06
CVE-2023-24880MicrosoftWindows0.000 0th2023-03-142023-04-04
CVE-2023-24955MicrosoftSharePoint Server0.000 0th2024-03-262024-04-16
CVE-2023-25280D-LinkDIR-820 Router0.000 0th2024-09-302024-10-21
CVE-2023-2533PaperCutNG/MF0.000 0th2025-07-282025-08-18
CVE-2023-25717Ruckus WirelessMultiple Products0.000 0th2023-05-122023-06-02
CVE-2023-26083ArmMali Graphics Processing Unit (GPU)0.000 0th2023-04-072023-04-28
CVE-2023-26359AdobeColdFusion0.000 0th2023-08-212023-09-11
CVE-2023-26360AdobeColdFusion0.000 0th2023-03-152023-04-05
CVE-2023-26369AdobeAcrobat and Reader0.000 0th2023-09-142023-10-05
CVE-2023-27350PaperCutMF/NG0.000 0th2023-04-212023-05-12
CVE-2023-27524ApacheSuperset0.000 0th2024-01-082024-01-29
CVE-2023-27532VeeamBackup & Replication0.000 0th2023-08-222023-09-12
CVE-2023-27992ZyxelMultiple Network-Attached Storage (NAS) Devices0.000 0th2023-06-232023-07-14
CVE-2023-27997FortinetFortiOS and FortiProxy SSL-VPN0.000 0th2023-06-132023-07-04
CVE-2023-28204AppleMultiple Products0.000 0th2023-05-222023-06-12
CVE-2023-28205AppleMultiple Products0.000 0th2023-04-102023-05-01
CVE-2023-28206AppleiOS, iPadOS, and macOS0.000 0th2023-04-102023-05-01
CVE-2023-28229MicrosoftWindows CNG Key Isolation Service0.000 0th2023-10-042023-10-25
CVE-2023-28252MicrosoftWindows0.000 0th2023-04-112023-05-02
CVE-2023-28432MinIOMinIO0.000 0th2023-04-212023-05-12
CVE-2023-28434MinIOMinIO0.000 0th2023-09-192023-10-10
CVE-2023-28461Array NetworksAG/vxAG ArrayOS0.000 0th2024-11-252024-12-16
CVE-2023-2868Barracuda NetworksEmail Security Gateway (ESG) Appliance0.000 0th2023-05-262023-06-16
CVE-2023-28771ZyxelMultiple Firewalls0.000 0th2023-05-312023-06-21
CVE-2023-29298AdobeColdFusion0.000 0th2023-07-202023-08-10
CVE-2023-29300AdobeColdFusion0.000 0th2024-01-082024-01-29
CVE-2023-29336MicrosoftWin32k0.000 0th2023-05-092023-05-30
CVE-2023-29357MicrosoftSharePoint Server0.000 0th2024-01-102024-01-31
CVE-2023-29360MicrosoftStreaming Service0.000 0th2024-02-292024-03-21
CVE-2023-29492Novi SurveyNovi Survey0.000 0th2023-04-132023-05-04
CVE-2023-29552IETFService Location Protocol (SLP)0.000 0th2023-11-082023-11-29
CVE-2023-3079GoogleChromium V80.000 0th2023-06-072023-06-28
CVE-2023-32046MicrosoftWindows0.000 0th2023-07-112023-08-01
CVE-2023-32049MicrosoftWindows0.000 0th2023-07-112023-08-01
CVE-2023-32315Ignite RealtimeOpenfire0.000 0th2023-08-242023-09-14
CVE-2023-32373AppleMultiple Products0.000 0th2023-05-222023-06-12
CVE-2023-32409AppleMultiple Products0.000 0th2023-05-222023-06-12
CVE-2023-32434AppleMultiple Products0.000 0th2023-06-232023-07-14
CVE-2023-32435AppleMultiple Products0.000 0th2023-06-232023-07-14
CVE-2023-32439AppleMultiple Products0.000 0th2023-06-232023-07-14
CVE-2023-33009ZyxelMultiple Firewalls0.000 0th2023-06-052023-06-26
CVE-2023-33010ZyxelMultiple Firewalls0.000 0th2023-06-052023-06-26
CVE-2023-33063QualcommMultiple Chipsets0.000 0th2023-12-052023-12-26
CVE-2023-33106QualcommMultiple Chipsets0.000 0th2023-12-052023-12-26
CVE-2023-33107QualcommMultiple Chipsets0.000 0th2023-12-052023-12-26
CVE-2023-33246ApacheRocketMQ0.000 0th2023-09-062023-09-27
CVE-2023-33538TP-LinkMultiple Routers0.000 0th2025-06-162025-07-07
CVE-2023-34048VMwarevCenter Server0.000 0th2024-01-222024-02-12
CVE-2023-34192SynacorZimbra Collaboration Suite (ZCS)0.000 0th2025-02-252025-03-18
CVE-2023-34362ProgressMOVEit Transfer0.000 0th2023-06-022023-06-23
CVE-2023-35078IvantiEndpoint Manager Mobile (EPMM)0.000 0th2023-07-252023-08-15
CVE-2023-35081IvantiEndpoint Manager Mobile (EPMM)0.000 0th2023-07-312023-08-21
CVE-2023-35082IvantiEndpoint Manager Mobile (EPMM) and MobileIron Core0.000 0th2024-01-182024-02-08
CVE-2023-3519CitrixNetScaler ADC and NetScaler Gateway0.000 0th2023-07-192023-08-09
CVE-2023-35311MicrosoftOutlook0.000 0th2023-07-112023-08-01
CVE-2023-35674AndroidFramework0.000 0th2023-09-132023-10-04
CVE-2023-36025MicrosoftWindows0.000 0th2023-11-142023-12-05
CVE-2023-36033MicrosoftWindows0.000 0th2023-11-142023-12-05
CVE-2023-36036MicrosoftWindows0.000 0th2023-11-142023-12-05
CVE-2023-36563MicrosoftWordPad0.000 0th2023-10-102023-10-31
CVE-2023-36584MicrosoftWindows0.000 0th2023-11-162023-12-07
CVE-2023-36761MicrosoftWord0.000 0th2023-09-122023-10-03
CVE-2023-36802MicrosoftStreaming Service Proxy0.000 0th2023-09-122023-10-03
CVE-2023-36844JuniperJunos OS0.000 0th2023-11-132023-11-17
CVE-2023-36845JuniperJunos OS0.000 0th2023-11-132023-11-17
CVE-2023-36846JuniperJunos OS0.000 0th2023-11-132023-11-17
CVE-2023-36847JuniperJunos OS0.000 0th2023-11-132023-11-17
CVE-2023-36851JuniperJunos OS0.000 0th2023-11-132023-11-17
CVE-2023-36874MicrosoftWindows0.000 0th2023-07-112023-08-01
CVE-2023-36884MicrosoftWindows0.000 0th2023-07-172023-08-29
CVE-2023-37450AppleMultiple Products0.000 0th2023-07-132023-08-03
CVE-2023-37580SynacorZimbra Collaboration Suite (ZCS)0.000 0th2023-07-272023-08-17
CVE-2023-38035IvantiSentry0.000 0th2023-08-222023-09-12
CVE-2023-38180Microsoft.NET Core and Visual Studio0.000 0th2023-08-092023-08-30
CVE-2023-38203AdobeColdFusion0.000 0th2024-01-082024-01-29
CVE-2023-38205AdobeColdFusion0.000 0th2023-07-202023-08-10
CVE-2023-38606AppleMultiple Products0.000 0th2023-07-262023-08-16
CVE-2023-38831RARLABWinRAR0.000 0th2023-08-242023-09-14
CVE-2023-38950ZKTecoBioTime0.000 0th2025-05-192025-06-09
CVE-2023-39780ASUSRT-AX55 Routers0.000 0th2025-06-022025-06-23
CVE-2023-40044ProgressWS_FTP Server0.000 0th2023-10-052023-10-26
CVE-2023-41061AppleiOS, iPadOS, and watchOS0.000 0th2023-09-112023-10-02
CVE-2023-41064AppleiOS, iPadOS, and macOS0.000 0th2023-09-112023-10-02
CVE-2023-41179Trend MicroApex One and Worry-Free Business Security0.000 0th2023-09-212023-10-12
CVE-2023-41265QlikSense0.000 0th2023-12-072023-12-28
CVE-2023-41266QlikSense0.000 0th2023-12-072023-12-28
CVE-2023-41763MicrosoftSkype for Business0.000 0th2023-10-102023-10-31
CVE-2023-41990AppleMultiple Products0.000 0th2024-01-082024-01-29
CVE-2023-41991AppleMultiple Products0.000 0th2023-09-252023-10-16
CVE-2023-41992AppleMultiple Products0.000 0th2023-09-252023-10-16
CVE-2023-41993AppleMultiple Products0.000 0th2023-09-252023-10-16
CVE-2023-4211ArmMali GPU Kernel Driver0.000 0th2023-10-032023-10-24
CVE-2023-42793JetBrainsTeamCity0.000 0th2023-10-042023-10-25
CVE-2023-42824AppleiOS and iPadOS0.000 0th2023-10-052023-10-26
CVE-2023-42916AppleMultiple Products0.000 0th2023-12-042023-12-25
CVE-2023-42917AppleMultiple Products0.000 0th2023-12-042023-12-25
CVE-2023-43208NextGen HealthcareMirth Connect0.000 0th2024-05-202024-06-10
CVE-2023-43770RoundcubeWebmail0.000 0th2024-02-122024-03-04
CVE-2023-44221SonicWallSMA100 Appliances0.000 0th2025-05-012025-05-22
CVE-2023-44487IETFHTTP/20.000 0th2023-10-102023-10-31
CVE-2023-45249AcronisCyber Infrastructure (ACI)0.000 0th2024-07-292024-08-19
CVE-2023-45727North GridProself0.000 0th2024-12-032024-12-24
CVE-2023-46604ApacheActiveMQ0.000 0th2023-11-022023-11-23
CVE-2023-46747F5BIG-IP Configuration Utility0.000 0th2023-10-312023-11-21
CVE-2023-46748F5BIG-IP Configuration Utility0.000 0th2023-10-312023-11-21
CVE-2023-46805IvantiConnect Secure and Policy Secure0.000 0th2024-01-102024-01-22
CVE-2023-47246SysAidSysAid Server0.000 0th2023-11-132023-12-04
CVE-2023-47565QNAPVioStor NVR0.000 0th2023-12-212024-01-11
CVE-2023-4762GoogleChromium V80.000 0th2024-02-062024-02-27
CVE-2023-48365QlikSense0.000 0th2025-01-132025-02-03
CVE-2023-4863GoogleChromium WebP0.000 0th2023-09-132023-10-04
CVE-2023-48788FortinetFortiClient EMS0.000 0th2024-03-252024-04-15
CVE-2023-49103ownCloudownCloud graphapi0.000 0th2023-11-302023-12-21
CVE-2023-4911GNUGNU C Library0.000 0th2023-11-212023-12-12
CVE-2023-4966CitrixNetScaler ADC and NetScaler Gateway0.000 0th2023-10-182023-11-08
CVE-2023-49897FXCAE1021, AE1021PE0.000 0th2023-12-212024-01-11
CVE-2023-50224TP-LinkTL-WR841N0.000 0th2025-09-032025-09-24
CVE-2023-5217GoogleChromium libvpx0.000 0th2023-10-022023-10-23
CVE-2023-5631RoundcubeWebmail0.000 0th2023-10-262023-11-16
CVE-2023-6345GoogleChromium Skia0.000 0th2023-11-302023-12-21
CVE-2023-6448UnitronicsVision PLC and HMI0.000 0th2023-12-112023-12-18
CVE-2023-6548CitrixNetScaler ADC and NetScaler Gateway0.000 0th2024-01-172024-01-24
CVE-2023-6549CitrixNetScaler ADC and NetScaler Gateway0.000 0th2024-01-172024-02-07
CVE-2023-7024GoogleChromium WebRTC0.000 0th2024-01-022024-01-23
CVE-2023-7028GitLabGitLab CE/EE0.000 0th2024-05-012024-05-22
CVE-2023-7101Spreadsheet::ParseExcelSpreadsheet::ParseExcel0.000 0th2024-01-022024-01-23
CVE-2024-0012 Palo Alto Networks2024-01-23 2024-02-13
CVE-2024-23225AppleMultiple Products0.000 0th2024-03-062024-03-27
CVE-2024-23296 Apple2024-10-22 2024-11-12
CVE-2024-38106MicrosoftWindows0.000 0th2024-08-132024-09-03
CVE-2024-38107MicrosoftWindows0.000 0th2024-08-132024-09-03
CVE-2024-38112 Microsoft2024-09-10 2024-10-01
CVE-2024-38226MicrosoftPublisher0.000 0th2024-09-102024-10-01
CVE-2024-38475 Apache2024-08-23 2024-09-13
CVE-2024-39891TwilioAuthy0.000 0th2024-07-232024-08-13
CVE-2024-4040 CrushFTP2024-11-12 2024-12-03
CVE-2024-43461MicrosoftWindows0.000 0th2024-09-162024-10-07
CVE-2024-43572 Microsoft2024-10-08 2024-10-29
CVE-2024-43573MicrosoftWindows0.000 0th2024-10-082024-10-29
CVE-2024-4358 Progress2024-05-20 2024-06-10
CVE-2024-4978Justice AV SolutionsViewer0.000 0th2024-05-292024-06-19
CVE-2024-50302 Linux2025-09-23 2025-10-14
CVE-2025-11371GladinetCentreStack and Triofox0.000 0th2025-11-042025-11-25
CVE-2025-12480GladinetTriofox0.000 0th2025-11-122025-12-03
CVE-2025-1316 Edimax2025-03-19 2025-04-09
CVE-2025-13223GoogleChromium V80.000 0th2025-11-192025-12-10
CVE-2025-14174GoogleChromium0.000 0th2025-12-122026-01-02
CVE-2025-14611GladinetCentreStack and Triofox0.000 0th2025-12-152026-01-05
CVE-2025-1976 Broadcom2025-09-25 2025-09-26
CVE-2025-21042SamsungMobile Devices0.000 0th2025-11-102025-12-01
CVE-2025-21043 Samsung2025-02-21 2025-03-14
CVE-2025-24990MicrosoftWindows0.000 0th2025-10-142025-11-04
CVE-2025-24991 Microsoft2025-10-02 2025-10-23
CVE-2025-41244BroadcomVMware Aria Operations and VMware Tools0.000 0th2025-10-302025-11-20
CVE-2025-42599 Qualitia2025-08-21 2025-09-11
CVE-2025-43529AppleMultiple Products0.000 0th2025-12-152026-01-05
CVE-2025-4427 Ivanti2025-09-04 2025-09-25
CVE-2025-48572AndroidFramework0.000 0th2025-12-022025-12-23
CVE-2025-48633AndroidFramework0.000 0th2025-12-022025-12-23
CVE-2025-48703 CWP2025-09-02 2025-09-23
CVE-2025-55182MetaReact Server Components0.000 0th2025-12-052025-12-12
CVE-2025-5777 Citrix2025-08-29 2025-09-19
CVE-2025-58034FortinetFortiWeb0.000 0th2025-11-182025-11-25
CVE-2025-58360OSGeoGeoServer0.000 0th2025-12-112026-01-01
CVE-2025-59230MicrosoftWindows0.000 0th2025-10-142025-11-04
CVE-2025-59287MicrosoftWindows0.000 0th2025-10-242025-11-14
CVE-2025-59689LibraesvaEmail Security Gateway0.000 0th2025-09-292025-10-20
CVE-2025-59718FortinetMultiple Products0.000 0th2025-12-162025-12-23
CVE-2025-61757OracleFusion Middleware0.000 0th2025-11-212025-12-12
CVE-2025-61882OracleE-Business Suite0.000 0th2025-10-062025-10-27
CVE-2025-61884OracleE-Business Suite0.000 0th2025-10-202025-11-10
CVE-2025-61932MotexLANSCOPE Endpoint Manager0.000 0th2025-10-222025-11-12
CVE-2025-6204Dassault SystèmesDELMIA Apriso0.000 0th2025-10-282025-11-18
CVE-2025-6205Dassault SystèmesDELMIA Apriso0.000 0th2025-10-282025-11-18
CVE-2025-6218 RARLAB2025-12-09 2025-12-30
CVE-2025-62215MicrosoftWindows0.000 0th2025-11-122025-12-03
CVE-2025-62221MicrosoftWindows0.000 0th2025-12-092025-12-30
CVE-2025-64446FortinetFortiWeb0.000 0th2025-11-142025-11-21
CVE-2025-6543 Citrix2025-07-22 2025-08-12
CVE-2025-66644Array NetworksArrayOS AG0.000 0th2025-12-082025-12-29
@@ -13345,4 +2420,4 @@ - + \ No newline at end of file diff --git a/scripts/build_site.py b/scripts/build_site.py index 7e2636f2ce..4f3c714c1f 100644 --- a/scripts/build_site.py +++ b/scripts/build_site.py @@ -1,9 +1,7 @@ from __future__ import annotations import argparse -from datetime import datetime, timezone from pathlib import Path -import re from typing import Dict, Tuple from jinja2 import Environment, FileSystemLoader, select_autoescape @@ -57,33 +55,52 @@ def write_snapshot(joined: Dict) -> Path: return snapshot_path +def select_trending(readme_rows: list[dict]) -> list[dict]: + """Pick the first 20 entries from the newest year table in README.""" + if not readme_rows: + return [] + + def parse_year(row: dict) -> int | None: + try: + return int(row.get("year")) + except (TypeError, ValueError): + return None + + years = [yr for yr in (parse_year(row) for row in readme_rows) if yr is not None] + if not years: + return [] + + latest_year = max(years) + selected: list[dict] = [] + for row in readme_rows: + if parse_year(row) != latest_year: + continue + try: + stars = int(row.get("stars") or 0) + except (TypeError, ValueError): + stars = 0 + selected.append( + { + "stars": stars, + "updated": (row.get("updated") or "").strip(), + "name": (row.get("name") or "").strip(), + "url": (row.get("url") or "").strip(), + "desc": (row.get("desc") or "").strip(), + "year": latest_year, + } + ) + if len(selected) >= 20: + break + return selected + + def build_pages(env: Environment, data: Dict, diff: Dict | None = None, html_mode: str = "summary") -> None: joined = data["joined"] details = data["details"] vendors = data["vendors"] - def is_recent_label(label: str) -> bool: - label = (label or "").lower() - if "minute" in label or "hour" in label: - return True - m = re.search(r"(\d+)\\s*day", label) - if not m: - return False - return int(m.group(1)) <= 4 - - current_year = datetime.now(timezone.utc).year - - def extract_year(name: str) -> int | None: - m = re.search(r"cve-(\\d{4})-", name.lower()) - return int(m.group(1)) if m else None trending_raw = parse_trending_from_readme(README_PATH) - trending = [ - row - for row in trending_raw - if is_recent_label(row.get("updated", "")) - and (extract_year(row.get("name", "")) or current_year) >= current_year - 1 - ] - trending.sort(key=lambda r: int(r.get("stars") or 0), reverse=True) + trending = select_trending(trending_raw) recent_kev = (diff or {}).get("new_kev_entries") or [] metrics = { "kev_total": len(data["kev_enriched"]), diff --git a/templates/base.html b/templates/base.html index e29a849f6b..a54799dfa8 100644 --- a/templates/base.html +++ b/templates/base.html @@ -4,6 +4,7 @@ {{ title or 'CVE PoC Hub' }} + diff --git a/templates/index.html b/templates/index.html index 3057c8f55a..683b895f71 100644 --- a/templates/index.html +++ b/templates/index.html @@ -3,9 +3,8 @@ {% block content %}
-

Signal-first

-

Search PoCs, KEV, and EPSS without the clutter

-

Built for fast triage. One page, no badges, no filler.

+

CVE PoC Hub

+

Search PoCs, KEV, and EPSS quickly—no filler.

@@ -38,7 +37,7 @@

Trending PoCs

- Recent GitHub movement (last 4 days, sorted by stars) + Pulled from the current-year table in README.md