CIS Advisories

A vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual Composer is SAP’s web-based software modelling tool. It enables business process specialists and developers to create business application components, without coding. Successful exploitation of this vulnerability could allow for remote code execution in the context […]

A vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. Successful exploitation of this vulnerability could allow for remote code execution. 

Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]

Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution.  FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the […]

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences.Adobe Experience Manager (AEM) Forms is a solution within the AEM platform that allows businesses to create, manage, and deploy […]

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new […]

Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges […]

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client. Successful exploitation of the most severe […]

A Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution.  Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to corporate data and applications for remote and mobile users, offering features like single […]

Multiple vulnerabilities have been discovered in IBM AIX, the most severe of which could allow for arbitrary code execution. IBM AIX is a secure and reliable Unix operating system designed for IBM's Power Systems. It supports modern applications and provides strong security features, making it ideal for mission-critical business environments. Successful exploitation of these vulnerabilities could […]

A vulnerability has been discovered in CrushFTP, which could allow for unauthorized access. CrushFTP is a proprietary multi-protocol, multi-platform file transfer server. The vulnerability is mitigated if the DMZ feature of CrushFTP is in place. Successful exploitation of this vulnerability could allow an attacker to remotely control the compromised server and execute remote code. An attacker […]

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts […]

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]

A vulnerability has been discovered in Veeam Backup & Replication, which could allow for arbitrary code execution. Veeam Backup & Replication is a comprehensive data protection and disaster recovery solution. With Veeam Backup & Replication, you can create image-level backups of virtual, physical and cloud machines and restore from them. Exploitation of this vulnerability requires […]

A vulnerability has been discovered in AMI MegaRAC Software, which could allow for remote code execution. MegaRAC is a product line of BMC firmware packages and formerly service processors providing out-of-band, or lights-out remote management of computer systems. Successful exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, […]

A vulnerability has been discovered in Apache Tomcat, which could allow for remote code execution. Apache Tomcat is an open-source Java servlet container and web server used to host Java-based web applications and implement Java Servlet and JavaServer Pages (JSP) specifications, providing a platform for running dynamic web content. Successful exploitation of the of this […]

Multiple vulnerabilities have been discovered in Sante PACS Server, the most severe of which could allow for remote code execution. Successful exploitation of the most severe vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, […]

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution with no additional execution privileges needed. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities […]