Exploited Vulnerabilities Catalog(557)
H
2025(48)
2024(144) 2023(152) 2022(126) 2021(203) 2020(142)
Samsung | MagicINFO 9 Server
Samsung MagicINFO 9 Server Path Traversal
Vulnerability: Samsung
MagicINFO 9 Server contains a path traversal
vulnerability that allows an attacker to
write arbitrary file as system authority.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per
vendor instructions, follow applicable
BOD 22-01 guidance for cloud services,
or discontinue use of the product if
mitigations are unavailable.
-
Date Added: 2025-05-22
-
Due Date: 2025-06-12
Additional Notes
Ivanti | Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass
Vulnerability: Ivanti
Endpoint Manager Mobile (EPMM) contains an authentication bypass
vulnerability in the API component that allows an attacker to
access protected resources without proper credentials via
crafted API requests. This vulnerability results from an
insecure implementation of the Spring Framework open-source
library.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-19
-
Due Date: 2025-06-09
Additional Notes
Ivanti | Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Code Injection
Vulnerability: Ivanti
Endpoint Manager Mobile (EPMM) contains a code injection
vulnerability in the API component that allows an authenticated
attacker to remotely execute arbitrary code via crafted API
requests. This vulnerability results from an insecure
implementation of the Hibernate Validator open-source library.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-19
-
Due Date: 2025-06-09
Additional Notes
MDaemon | Email Server
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability: MDaemon
Email Server contains a cross-site scripting (XSS) vulnerability
that allows a remote attacker to load arbitrary JavaScript code
via an HTML e-mail message.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-19
-
Due Date: 2025-06-09
Additional Notes
Srimax | Output Messenger
Srimax Output Messenger Directory Traversal Vulnerability: Srimax
Output Messenger contains a directory traversal vulnerability
that allows an attacker to access sensitive files outside the
intended directory, potentially leading to configuration leakage
or arbitrary file access.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-19
-
Due Date: 2025-06-09
Additional Notes
Synacor | Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting
(XSS) Vulnerability: Zimbra
Collaboration contains a cross-site scripting (XSS)
vulnerability in the CalendarInvite feature of the Zimbra
webmail classic user interface. An attacker can exploit this
vulnerability via an email message containing a crafted calendar
header, leading to the execution of arbitrary JavaScript code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-19
-
Due Date: 2025-06-09
Additional Notes
ZKTeco | BioTime
ZKTeco BioTime Path Traversal Vulnerability: ZKTeco
BioTime contains a path traversal vulnerability in the iclock
API that allows an unauthenticated attacker to read arbitrary
files via supplying a crafted payload.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-19
-
Due Date: 2025-06-09
Additional Notes
Google | Chromium
Google Chromium Loader Insufficient Policy Enforcement
Vulnerability: Google
Chromium contains an insufficient policy enforcement
vulnerability that allows a remote attacker to leak cross-origin
data via a crafted HTML page.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-15
-
Due Date: 2025-06-05
Additional Notes
DrayTek | Vigor Routers
DrayTek Vigor Routers OS Command Injection Vulnerability: DrayTek
Vigor2960, Vigor300B, and Vigor3900 routers contain an OS
command injection vulnerability due to an unknown function of
the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component
web management interface.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-15
-
Due Date: 2025-06-05
Additional Notes
SAP | NetWeaver
SAP NetWeaver Deserialization Vulnerability: SAP
NetWeaver Visual Composer Metadata Uploader contains a
deserialization vulnerability that allows a privileged attacker
to compromise the confidentiality, integrity, and availability
of the host system by deserializing untrusted or malicious
content.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-15
-
Due Date: 2025-06-05
Additional Notes
Fortinet | Multiple Products
Fortinet Multiple Products Stack-Based Buffer Overflow
Vulnerability: Fortinet
FortiFone, FortiVoice, FortiNDR and FortiMail contain a
stack-based overflow vulnerability that may allow a remote
unauthenticated attacker to execute arbitrary code or commands
via crafted HTTP requests.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-14
-
Due Date: 2025-06-04
Additional Notes
Microsoft | Windows
Microsoft Windows DWM Core Library Use-After-Free
Vulnerability: Microsoft
Windows DWM Core Library contains a use-after-free vulnerability
that allows an authorized attacker to elevate privileges
locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-13
-
Due Date: 2025-06-03
Additional Notes
Microsoft | Windows
Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability: Microsoft
Windows Common Log File System (CLFS) Driver contains a
use-after-free vulnerability that allows an authorized attacker
to elevate privileges locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-13
-
Due Date: 2025-06-03
Additional Notes
Microsoft | Windows
Microsoft Windows Common Log File System (CLFS) Driver
Heap-Based Buffer Overflow Vulnerability: Microsoft
Windows Common Log File System (CLFS) Driver contains a
heap-based buffer overflow vulnerability that allows an
authorized attacker to elevate privileges locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-13
-
Due Date: 2025-06-03
Additional Notes
Microsoft | Windows
Microsoft Windows Scripting Engine Type Confusion
Vulnerability: Microsoft
Windows Scripting Engine contains a type confusion vulnerability
that allows an unauthorized attacker to execute code over a
network via a specially crafted URL.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-13
-
Due Date: 2025-06-03
Additional Notes
Microsoft | Windows
Microsoft Windows Ancillary Function Driver for WinSock
Use-After-Free Vulnerability: Microsoft
Windows Ancillary Function Driver for WinSock contains a
use-after-free vulnerability that allows an authorized attacker
to escalate privileges to administrator.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-13
-
Due Date: 2025-06-03
Additional Notes
TeleMessage | TM SGNL
TeleMessage TM SGNL Hidden Functionality Vulnerability: TeleMessage
TM SGNL contains a hidden functionality vulnerability in which
the archiving backend holds cleartext copies of messages from TM
SGNL application users.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-12
-
Due Date: 2025-06-02
Additional Notes
GeoVision | Multiple Devices
GeoVision Devices OS Command Injection Vulnerability: Multiple
GeoVision devices contain an OS command injection vulnerability
that allows a remote, unauthenticated attacker to inject and
execute arbitrary system commands. The impacted products could
be end-of-life (EoL) and/or end-of-service (EoS). Users should
discontinue product utilization.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-07
-
Due Date: 2025-05-28
Additional Notes
GeoVision | Multiple Devices
GeoVision Devices OS Command Injection Vulnerability: Multiple
GeoVision devices contain an OS command injection vulnerability
that allows a remote, unauthenticated attacker to inject and
execute arbitrary system commands. The impacted products could
be end-of-life (EoL) and/or end-of-service (EoS). Users should
discontinue product utilization.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-07
-
Due Date: 2025-05-28
Additional Notes
FreeType | FreeType
FreeType Out-of-Bounds Write Vulnerability: FreeType
contains an out-of-bounds write vulnerability when attempting to
parse font subglyph structures related to TrueType GX and
variable font files that may allow for arbitrary code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-06
-
Due Date: 2025-05-27
Additional Notes
Langflow | Langflow
Langflow Missing Authentication Vulnerability: Langflow
contains a missing authentication vulnerability in the
/api/v1/validate/code endpoint that allows a remote,
unauthenticated attacker to execute arbitrary code via crafted
HTTP requests.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-05
-
Due Date: 2025-05-26
Additional Notes
Yiiframework | Yii
Yiiframework Yii Improper Protection of Alternate Path
Vulnerability: Yii
Framework contains an improper protection of alternate path
vulnerability that may allow a remote attacker to execute
arbitrary code. This vulnerability could affect other products
that implement Yii, including—but not limited to—Craft CMS, as
represented by CVE-2025-32432.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-02
-
Due Date: 2025-05-23
Additional Notes
Commvault | Command Center
Commvault Command Center Path Traversal Vulnerability: Commvault
Command Center contains a path traversal vulnerability that
allows a remote, unauthenticated attacker to execute arbitrary
code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-02
-
Due Date: 2025-05-23
Additional Notes
SonicWall | SMA100 Appliances
SonicWall SMA100 Appliances OS Command Injection Vulnerability: SonicWall
SMA100 appliances contain an OS command injection vulnerability
in the SSL-VPN management interface that allows a remote,
authenticated attacker with administrative privilege to inject
arbitrary commands as a 'nobody' user.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-01
-
Due Date: 2025-05-22
Additional Notes
Apache | HTTP Server
Apache HTTP Server Improper Escaping of Output Vulnerability: Apache
HTTP Server contains an improper escaping of output
vulnerability in mod_rewrite that allows an attacker to map URLs
to filesystem locations that are permitted to be served by the
server but are not intentionally/directly reachable by any URL,
resulting in code execution or source code disclosure.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-05-01
-
Due Date: 2025-05-22
Additional Notes
SAP | NetWeaver
SAP NetWeaver Unrestricted File Upload Vulnerability: SAP
NetWeaver Visual Composer Metadata Uploader contains an
unrestricted file upload vulnerability that allows an
unauthenticated agent to upload potentially malicious executable
binaries.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-29
-
Due Date: 2025-05-20
Additional Notes
Commvault | Web Server
Commvault Web Server Unspecified Vulnerability: Commvault
Web Server contains an unspecified vulnerability that allows a
remote, authenticated attacker to create and execute webshells.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-28
-
Due Date: 2025-05-19
Additional Notes
Qualitia | Active! Mail
Qualitia Active! Mail Stack-Based Buffer Overflow
Vulnerability: Qualitia
Active! Mail contains a stack-based buffer overflow
vulnerability that allows a remote, unauthenticated attacker to
execute arbitrary or trigger a denial-of-service via a specially
crafted request.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-28
-
Due Date: 2025-05-19
Additional Notes
Broadcom | Brocade Fabric OS
Broadcom Brocade Fabric OS Code Injection Vulnerability: Broadcom
Brocade Fabric OS contains a code injection vulnerability that
allows a local user with administrative privileges to execute
arbitrary code with full root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-28
-
Due Date: 2025-05-19
Additional Notes
Apple | Multiple Products
Apple Multiple Products Memory Corruption Vulnerability: Apple
iOS, iPadOS, macOS, and other Apple products contain a memory
corruption vulnerability that allows for code execution when
processing an audio stream in a maliciously crafted media file.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-17
-
Due Date: 2025-05-08
Additional Notes
Apple | Multiple Products
Apple Multiple Products Arbitrary Read and Write Vulnerability: Apple
iOS, iPadOS, macOS, and other Apple products contain an
arbitrary read and write vulnerability that allows an attacker
to bypass Pointer Authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-17
-
Due Date: 2025-05-08
Additional Notes
Microsoft | Windows
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability: Microsoft
Windows NTLM contains an external control of file name or path
vulnerability that allows an unauthorized attacker to perform
spoofing over a network.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-17
-
Due Date: 2025-05-08
Additional Notes
SonicWall | SMA100 Appliances
SonicWall SMA100 Appliances OS Command Injection Vulnerability: SonicWall
SMA100 appliances contain an OS command injection vulnerability
in the management interface that allows a remote authenticated
attacker to inject arbitrary commands as a 'nobody' user, which
could potentially lead to code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-16
-
Due Date: 2025-05-07
Additional Notes
Linux | Kernel
Linux Kernel Out-of-Bounds Access Vulnerability: Linux
Kernel contains an out-of-bounds access vulnerability in the
USB-audio driver that allows an attacker with physical access to
the system to use a malicious USB device to potentially
manipulate system memory, escalate privileges, or execute
arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-09
-
Due Date: 2025-04-30
Additional Notes
Linux | Kernel
Linux Kernel Out-of-Bounds Read Vulnerability: Linux
Kernel contains an out-of-bounds read vulnerability in the
USB-audio driver that allows a local, privileged attacker to
obtain potentially sensitive information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-09
-
Due Date: 2025-04-30
Additional Notes
Gladinet | CentreStack
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic
Key Vulnerability: Gladinet
CentreStack and Triofox contains a use of hard-coded
cryptographic key vulnerability in the way that the application
manages keys used for ViewState integrity verification.
Successful exploitation allows an attacker to forge ViewState
payloads for server-side deserialization, allowing for remote
code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-08
-
Due Date: 2025-04-29
Additional Notes
Microsoft | Windows
Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability: Microsoft
Windows Common Log File System (CLFS) Driver contains a
use-after-free vulnerability that allows an authorized attacker
to elevate privileges locally.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-08
-
Due Date: 2025-04-29
Additional Notes
CrushFTP | CrushFTP
CrushFTP Authentication Bypass Vulnerability: CrushFTP
contains an authentication bypass vulnerability in the HTTP
authorization header that allows a remote unauthenticated
attacker to authenticate to any known or guessable user account
(e.g., crushadmin), potentially leading to a full compromise.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-07
-
Due Date: 2025-04-28
Additional Notes
Ivanti | Connect Secure, Policy Secure, and ZTA Gateways
Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Stack-Based Buffer Overflow Vulnerability: Ivanti
Connect Secure, Policy Secure, and ZTA Gateways contains a
stack-based buffer overflow vulnerability that allows a remote
unauthenticated attacker to achieve remote code execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations as set forth in the CISA
instructions linked below.
-
Date Added: 2025-04-04
-
Due Date: 2025-04-11
Additional Notes
Apache | Tomcat
Apache Tomcat Path Equivalence Vulnerability: Apache
Tomcat contains a path equivalence vulnerability that allows a
remote attacker to execute code, disclose information, or inject
malicious content via a partial PUT request.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-04-01
-
Due Date: 2025-04-22
Additional Notes
Cisco | Smart Licensing Utility
Cisco Smart Licensing Utility Static Credential Vulnerability: Cisco
Smart Licensing Utility contains a static credential
vulnerability that allows an unauthenticated, remote attacker to
log in to an affected system and gain administrative
credentials.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-31
-
Due Date: 2025-04-21
Additional Notes
Google | Chromium Mojo
Google Chromium Mojo Sandbox Escape Vulnerability: Google
Chromium Mojo on Windows contains a sandbox escape vulnerability
caused by a logic error, which results from an incorrect handle
being provided in unspecified circumstances. This vulnerability
could affect multiple web browsers that utilize Chromium,
including, but not limited to, Google Chrome, Microsoft Edge,
and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-27
-
Due Date: 2025-04-17
Additional Notes
Sitecore | CMS and Experience Platform (XP)
Sitecore CMS and Experience Platform (XP) Deserialization
Vulnerability: Sitecore
CMS and Experience Platform (XP) contain a deserialization
vulnerability in the Sitecore.Security.AntiCSRF module that
allows an unauthenticated attacker to execute arbitrary code by
sending a serialized .NET object in the HTTP POST parameter
__CSRFTOKEN.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-26
-
Due Date: 2025-04-16
Additional Notes
Sitecore | CMS and Experience Platform (XP)
Sitecore CMS and Experience Platform (XP) Deserialization
Vulnerability: Sitecore
CMS and Experience Platform (XP) contain a deserialization
vulnerability in the Sitecore.Security.AntiCSRF module that
allows an authenticated attacker to execute arbitrary code by
sending a serialized .NET object in the HTTP POST parameter
__CSRFTOKEN.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-26
-
Due Date: 2025-04-16
Additional Notes
reviewdog | action-setup GitHub Action
reviewdog/action-setup GitHub Action Embedded Malicious Code
Vulnerability: reviewdog
action-setup GitHub Action contains an embedded malicious code
vulnerability that dumps exposed secrets to Github Actions
Workflow Logs.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations as set forth in the CISA
instructions linked below. Apply mitigations per vendor
instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations
are unavailable.
-
Date Added: 2025-03-24
-
Due Date: 2025-04-14
Additional Notes
Edimax | IC-7100 IP Camera
Edimax IC-7100 IP Camera OS Command Injection Vulnerability: Edimax
IC-7100 IP camera contains an OS command injection vulnerability
due to improper input sanitization that allows an attacker to
achieve remote code execution via specially crafted requests.
The impacted product could be end-of-life (EoL) and/or
end-of-service (EoS). Users should discontinue product
utilization.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-19
-
Due Date: 2025-04-09
Additional Notes
NAKIVO | Backup and Replication
NAKIVO Backup and Replication Absolute Path Traversal
Vulnerability: NAKIVO
Backup and Replication contains an absolute path traversal
vulnerability that enables an attacker to read arbitrary files.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-19
-
Due Date: 2025-04-09
Additional Notes
SAP | NetWeaver
SAP NetWeaver Directory Traversal Vulnerability: SAP
NetWeaver Application Server (AS) Java contains a directory
traversal vulnerability in
scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows
a remote attacker to read arbitrary files via a .. (dot dot) in
the query string.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-19
-
Due Date: 2025-04-09
Additional Notes
Fortinet | FortiOS and FortiProxy
Fortinet FortiOS and FortiProxy Authentication Bypass
Vulnerability: Fortinet
FortiOS and FortiProxy contain an authentication bypass
vulnerability that allows a remote attacker to gain super-admin
privileges via crafted CSF proxy requests.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-18
-
Due Date: 2025-04-08
Additional Notes
tj-actions | changed-files GitHub Action
tj-actions/changed-files GitHub Action Embedded Malicious Code
Vulnerability: tj-actions/changed-files
GitHub Action contains an embedded malicious code vulnerability
that allows a remote attacker to discover secrets by reading
Github Actions Workflow Logs. These secrets may include, but are
not limited to, valid AWS access keys, GitHub personal access
tokens (PATs), npm tokens, and private RSA keys.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations as set forth in the CISA
instructions linked below. Apply mitigations per vendor
instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations
are unavailable.
-
Date Added: 2025-03-18
-
Due Date: 2025-04-08
Additional Notes
Apple | Multiple Products
Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability: Apple
iOS, iPadOS, macOS, and other Apple products contain an
out-of-bounds write vulnerability in WebKit that may allow
maliciously crafted web content to break out of Web Content
sandbox. This vulnerability could impact HTML parsers that use
WebKit, including but not limited to Apple Safari and non-Apple
products which rely on WebKit for HTML processing.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-13
-
Due Date: 2025-04-03
Additional Notes
Juniper | Junos OS
Juniper Junos OS Improper Isolation or Compartmentalization
Vulnerability: Juniper
Junos OS contains an improper isolation or compartmentalization
vulnerability. This vulnerability could allows a local attacker
with high privileges to inject arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-13
-
Due Date: 2025-04-03
Additional Notes
Microsoft | Windows
Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability: Microsoft
Windows Management Console (MMC) contains an improper
neutralization vulnerability that allows an unauthorized
attacker to bypass a security feature locally.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-11
-
Due Date: 2025-04-01
Additional Notes
Microsoft | Windows
Microsoft Windows Win32k Use-After-Free Vulnerability: Microsoft
Windows Win32 Kernel Subsystem contains a use-after-free
vulnerability that allows an authorized attacker to elevate
privileges locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-11
-
Due Date: 2025-04-01
Additional Notes
Microsoft | Windows
Microsoft Windows NTFS Information Disclosure Vulnerability: Microsoft
Windows New Technology File System (NTFS) contains an insertion
of sensitive Information into log file vulnerability that allows
an unauthorized attacker to disclose information with a physical
attack. An attacker who successfully exploited this
vulnerability could potentially read portions of heap memory.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-11
-
Due Date: 2025-04-01
Additional Notes
Microsoft | Windows
Microsoft Windows Fast FAT File System Driver Integer Overflow
Vulnerability: Microsoft
Windows Fast FAT File System Driver contains an integer overflow
or wraparound vulnerability that allows an unauthorized attacker
to execute code locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-11
-
Due Date: 2025-04-01
Additional Notes
Microsoft | Windows
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability: Microsoft
Windows New Technology File System (NTFS) contains an
out-of-bounds read vulnerability that allows an authorized
attacker to disclose information locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-11
-
Due Date: 2025-04-01
Additional Notes
Microsoft | Windows
Microsoft Windows NTFS Heap-Based Buffer Overflow
Vulnerability: Microsoft
Windows New Technology File System (NTFS) contains a heap-based
buffer overflow vulnerability that allows an unauthorized
attacker to execute code locally.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-11
-
Due Date: 2025-04-01
Additional Notes
Advantive | VeraCore
Advantive VeraCore SQL Injection Vulnerability: Advantive
VeraCore contains a SQL injection vulnerability in
timeoutWarning.asp that allows a remote attacker to execute
arbitrary SQL commands via the PmSess1 parameter.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-10
-
Due Date: 2025-03-31
Additional Notes
Advantive | VeraCore
Advantive VeraCore Unrestricted File Upload Vulnerability: Advantive
VeraCore contains an unrestricted file upload vulnerability that
allows a remote unauthenticated attacker to upload files to
unintended folders via upload.apsx.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-10
-
Due Date: 2025-03-31
Additional Notes
Ivanti | Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) Absolute Path Traversal
Vulnerability: Ivanti
Endpoint Manager (EPM) contains an absolute path traversal
vulnerability that allows a remote unauthenticated attacker to
leak sensitive information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-10
-
Due Date: 2025-03-31
Additional Notes
Ivanti | Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) Absolute Path Traversal
Vulnerability: Ivanti
Endpoint Manager (EPM) contains an absolute path traversal
vulnerability that allows a remote unauthenticated attacker to
leak sensitive information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-10
-
Due Date: 2025-03-31
Additional Notes
Ivanti | Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) Absolute Path Traversal
Vulnerability: Ivanti
Endpoint Manager (EPM) contains an absolute path traversal
vulnerability that allows a remote unauthenticated attacker to
leak sensitive information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-10
-
Due Date: 2025-03-31
Additional Notes
Linux | Kernel
Linux Kernel Use of Uninitialized Resource Vulnerability: The
Linux kernel contains a use of uninitialized resource
vulnerability that allows an attacker to leak kernel memory via
a specially crafted HID report.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-04
-
Due Date: 2025-03-25
Additional Notes
VMware | ESXi and Workstation
VMware ESXi and Workstation TOCTOU Race Condition
Vulnerability: VMware
ESXi and Workstation contain a time-of-check time-of-use
(TOCTOU) race condition vulnerability that leads to an
out-of-bounds write. Successful exploitation enables an attacker
with local administrative privileges on a virtual machine to
execute code as the virtual machine's VMX process running on the
host.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-04
-
Due Date: 2025-03-25
Additional Notes
VMware | ESXi
VMware ESXi Arbitrary Write Vulnerability: VMware
ESXi contains an arbitrary write vulnerability. Successful
exploitation allows an attacker with privileges within the VMX
process to trigger an arbitrary kernel write leading to an
escape of the sandbox.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-04
-
Due Date: 2025-03-25
Additional Notes
VMware | ESXi, Workstation, and Fusion
VMware ESXi, Workstation, and Fusion Information Disclosure
Vulnerability: VMware
ESXi, Workstation, and Fusion contain an information disclosure
vulnerability due to an out-of-bounds read in HGFS. Successful
exploitation allows an attacker with administrative privileges
to a virtual machine to leak memory from the vmx process.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-04
-
Due Date: 2025-03-25
Additional Notes
Cisco | Small Business RV Series Routers
Cisco Small Business RV Series Routers Command Injection
Vulnerability: Multiple
Cisco Small Business RV Series Routers contains a command
injection vulnerability in the web-based management interface.
Successful exploitation could allow an authenticated, remote
attacker to gain root-level privileges and access unauthorized
data.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-03
-
Due Date: 2025-03-24
Additional Notes
Hitachi Vantara | Pentaho Business Analytics (BA) Server
Hitachi Vantara Pentaho BA Server Authorization Bypass
Vulnerability: Hitachi
Vantara Pentaho BA Server contains a use of non-canonical URL
paths for authorization decisions vulnerability that enables an
attacker to bypass authorization.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-03
-
Due Date: 2025-03-24
Additional Notes
Hitachi Vantara | Pentaho Business Analytics (BA) Server
Hitachi Vantara Pentaho BA Server Special Element Injection
Vulnerability: Hitachi
Vantara Pentaho BA Server contains a special element injection
vulnerability that allows an attacker to inject Spring templates
into properties files, allowing for arbitrary command execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-03
-
Due Date: 2025-03-24
Additional Notes
Microsoft | Windows
Microsoft Windows Win32k Improper Resource Shutdown or Release
Vulnerability: Microsoft
Windows Win32k contains an improper resource shutdown or release
vulnerability that allows for local, authenticated privilege
escalation. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-03
-
Due Date: 2025-03-24
Additional Notes
Progress | WhatsUp Gold
Progress WhatsUp Gold Path Traversal Vulnerability: Progress
WhatsUp Gold contains a path traversal vulnerability that allows
an unauthenticated attacker to achieve remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-03-03
-
Due Date: 2025-03-24
Additional Notes
Microsoft | Partner Center
Microsoft Partner Center Improper Access Control Vulnerability: Microsoft
Partner Center contains an improper access control vulnerability
that allows an attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-25
-
Due Date: 2025-03-18
Additional Notes
Synacor | Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting
(XSS) Vulnerability: Synacor
Zimbra Collaboration Suite (ZCS) contains a cross-site scripting
(XSS) vulnerability that allows a remote authenticated attacker
to execute arbitrary code via a crafted script to the
/h/autoSaveDraft function.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-25
-
Due Date: 2025-03-18
Additional Notes
Adobe | ColdFusion
Adobe ColdFusion Deserialization Vulnerability: Adobe
ColdFusion contains a deserialization vulnerability in the
Apache BlazeDS library that allows for arbitrary code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-24
-
Due Date: 2025-03-17
Additional Notes
Oracle | Agile Product Lifecycle Management (PLM)
Oracle Agile Product Lifecycle Management (PLM) Deserialization
Vulnerability: Oracle
Agile Product Lifecycle Management (PLM) contains a
deserialization vulnerability that allows a low-privileged
attacker with network access via HTTP to compromise the system.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-24
-
Due Date: 2025-03-17
Additional Notes
Microsoft | Power Pages
Microsoft Power Pages Improper Access Control Vulnerability: Microsoft
Power Pages contains an improper access control vulnerability
that allows an unauthorized attacker to elevate privileges over
a network potentially bypassing the user registration control.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions,
follow BOD 22-01 guidance for cloud services, or discontinue
use of the product if mitigations are unavailable.
-
Date Added: 2025-02-21
-
Due Date: 2025-03-14
Additional Notes
Craft CMS | Craft CMS
Craft CMS Code Injection Vulnerability: Craft
CMS contains a code injection vulnerability caused by improper
validation of the database backup path, ultimately enabling
remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-20
-
Due Date: 2025-03-13
Additional Notes
Palo Alto Networks | PAN-OS
Palo Alto Networks PAN-OS File Read Vulnerability: Palo
Alto Networks PAN-OS contains an external control of file name
or path vulnerability. Successful exploitation enables an
authenticated attacker with network access to the management web
interface to read files on the PAN-OS filesystem that are
readable by the “nobody” user.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-20
-
Due Date: 2025-03-13
Additional Notes
SonicWall | SonicOS
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: SonicWall
SonicOS contains an improper authentication vulnerability in the
SSLVPN authentication mechanism that allows a remote attacker to
bypass authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-18
-
Due Date: 2025-03-11
Additional Notes
Palo Alto Networks | PAN-OS
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo
Alto Networks PAN-OS contains an authentication bypass
vulnerability in its management web interface. This
vulnerability allows an unauthenticated attacker with network
access to the management web interface to bypass the
authentication normally required and invoke certain PHP scripts.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-18
-
Due Date: 2025-03-11
Additional Notes
SimpleHelp | SimpleHelp
SimpleHelp Path Traversal Vulnerability: SimpleHelp
remote support software contains multiple path traversal
vulnerabilities that allow unauthenticated remote attackers to
download arbitrary files from the SimpleHelp host via crafted
HTTP requests. These files may include server configuration
files and hashed user passwords.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-13
-
Due Date: 2025-03-06
Additional Notes
Mitel | SIP Phones
Mitel SIP Phones Argument Injection Vulnerability: Mitel
6800 Series, 6900 Series, and 6900w Series SIP Phones, including
the 6970 Conference Unit, contain an argument injection
vulnerability due to insufficient parameter sanitization during
the boot process. Successful exploitation may allow an attacker
to execute arbitrary commands within the context of the system.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-12
-
Due Date: 2025-03-05
Additional Notes
Apple | iOS and iPadOS
Apple iOS and iPadOS Incorrect Authorization Vulnerability: Apple
iOS and iPadOS contains an incorrect authorization vulnerability
that allows a physical attacker to disable USB Restricted Mode
on a locked device.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-12
-
Due Date: 2025-03-05
Additional Notes
Microsoft | Windows
Microsoft Windows Storage Link Following Vulnerability: Microsoft
Windows Storage contains a link following vulnerability that
could allow for privilege escalation. This vulnerability could
allow an attacker to delete data including data that results in
the service being unavailable.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-11
-
Due Date: 2025-03-04
Additional Notes
Microsoft | Windows
Microsoft Windows Ancillary Function Driver for WinSock
Heap-Based Buffer Overflow Vulnerability: Microsoft
Windows Ancillary Function Driver for WinSock contains a
heap-based buffer overflow vulnerability that allows for
privilege escalation, enabling a local attacker to gain SYSTEM
privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-11
-
Due Date: 2025-03-04
Additional Notes
Zyxel | DSL CPE Devices
Zyxel DSL CPE OS Command Injection Vulnerability: Multiple
Zyxel DSL CPE devices contain a post-authentication command
injection vulnerability in the CGI program that could allow an
authenticated attacker to execute OS commands via a crafted HTTP
request.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product could be end-of-life
(EoL) and/or end-of-service (EoS). Users should discontinue
product utilization if a current mitigation is unavailable.
-
Date Added: 2025-02-11
-
Due Date: 2025-03-04
Additional Notes
Zyxel | DSL CPE Devices
Zyxel DSL CPE OS Command Injection Vulnerability: Multiple
Zyxel DSL CPE devices contain a post-authentication command
injection vulnerability in the management commands that could
allow an authenticated attacker to execute OS commands via
Telnet.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product could be end-of-life
(EoL) and/or end-of-service (EoS). Users should discontinue
product utilization if a current mitigation is unavailable.
-
Date Added: 2025-02-11
-
Due Date: 2025-03-04
Additional Notes
Trimble | Cityworks
Trimble Cityworks Deserialization Vulnerability: Trimble
Cityworks contains a deserialization vulnerability. This could
allow an authenticated user to perform a remote code execution
attack against a customer's Microsoft Internet Information
Services (IIS) web server.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-07
-
Due Date: 2025-02-28
Additional Notes
7-Zip | 7-Zip
7-Zip Mark of the Web Bypass Vulnerability: 7-Zip
contains a protection mechanism failure vulnerability that
allows remote attackers to bypass the Mark-of-the-Web security
feature to execute arbitrary code in the context of the current
user.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-06
-
Due Date: 2025-02-27
Additional Notes
Audinate | Dante Discovery
Dante Discovery Process Control Vulnerability: Dante
Discovery contains a process control vulnerability in
mDNSResponder.exe that all allows for a DLL sideloading attack.
A local attacker can leverage this vulnerability in the Dante
Application Library to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-06
-
Due Date: 2025-02-27
Additional Notes
Microsoft | Office Outlook
Microsoft Outlook Improper Input Validation Vulnerability: Microsoft
Outlook contains an improper input validation vulnerability that
allows for remote code execution. Successful exploitation of
this vulnerability would allow an attacker to bypass the Office
Protected View and open in editing mode rather than protected
mode.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-06
-
Due Date: 2025-02-27
Additional Notes
Sophos | CyberoamOS
CyberoamOS (CROS) SQL Injection Vulnerability: CyberoamOS
(CROS) contains a SQL injection vulnerability in the WebAdmin
that allows an unauthenticated attacker to execute arbitrary SQL
statements remotely.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2025-02-06
-
Due Date: 2025-02-27
Additional Notes
Sophos | XG Firewall
Sophos XG Firewall Buffer Overflow Vulnerability: Sophos
XG Firewall contains a buffer overflow vulnerability that allows
for remote code execution via the "HTTP/S bookmark" feature.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-06
-
Due Date: 2025-02-27
Additional Notes
Linux | Kernel
Linux Kernel Out-of-Bounds Write Vulnerability: Linux
kernel contains an out-of-bounds write vulnerability in the
uvc_parse_streaming component of the USB Video Class (UVC)
driver that could allow for physical escalation of privilege.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-05
-
Due Date: 2025-02-26
Additional Notes
Apache | OFBiz
Apache OFBiz Forced Browsing Vulnerability: Apache
OFBiz contains a forced browsing vulnerability that allows a
remote attacker to obtain unauthorized access.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-04
-
Due Date: 2025-02-25
Additional Notes
Microsoft | .NET Framework
Microsoft .NET Framework Information Disclosure Vulnerability: Microsoft
.NET Framework contains an information disclosure vulnerability
that exposes the ObjRef URI to an attacker, ultimately enabling
remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-04
-
Due Date: 2025-02-25
Additional Notes
Paessler | PRTG Network Monitor
Paessler PRTG Network Monitor OS Command Injection
Vulnerability: Paessler
PRTG Network Monitor contains an OS command injection
vulnerability that allows an attacker with administrative
privileges to execute commands via the PRTG System Administrator
web console.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-04
-
Due Date: 2025-02-25
Additional Notes
Paessler | PRTG Network Monitor
Paessler PRTG Network Monitor Local File Inclusion
Vulnerability: Paessler
PRTG Network Monitor contains a local file inclusion
vulnerability that allows a remote, unauthenticated attacker to
create users with read-write privileges (including
administrator).
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-02-04
-
Due Date: 2025-02-25
Additional Notes
Apple | Multiple Products
Apple Multiple Products Use-After-Free Vulnerability: Apple
iOS, macOS, and other Apple products contain a user-after-free
vulnerability that could allow a malicious application to
elevate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-29
-
Due Date: 2025-02-19
Additional Notes
SonicWall | SMA1000 Appliances
SonicWall SMA1000 Appliances Deserialization Vulnerability: SonicWall
SMA1000 Appliance Management Console (AMC) and Central
Management Console (CMC) contain a deserialization of untrusted
data vulnerability, which can enable a remote, unauthenticated
attacker to execute arbitrary OS commands.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-24
-
Due Date: 2025-02-14
Additional Notes
JQuery | JQuery
JQuery Cross-Site Scripting (XSS) Vulnerability: JQuery
contains a persistent cross-site scripting (XSS) vulnerability.
When passing maliciously formed, untrusted input enclosed in
HTML tags, JQuery's DOM manipulators can execute untrusted code
in the context of the user's browser.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-23
-
Due Date: 2025-02-13
Additional Notes
Aviatrix | Controllers
Aviatrix Controllers OS Command Injection Vulnerability: Aviatrix
Controllers contain an OS command injection vulnerability that
could allow an unauthenticated attacker to execute arbitrary
code. Shell metacharacters can be sent to /v1/api in cloud_type
for list_flightpath_destination_instances, or src_cloud_type for
flightpath_connection_test.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-16
-
Due Date: 2025-02-06
Additional Notes
Fortinet | FortiOS and FortiProxy
Fortinet FortiOS and FortiProxy Authentication Bypass
Vulnerability: Fortinet
FortiOS and FortiProxy contain an authentication bypass
vulnerability that may allow an unauthenticated, remote attacker
to gain super-admin privileges via crafted requests to Node.js
websocket module.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-14
-
Due Date: 2025-01-21
Additional Notes
Microsoft | Windows
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based
Buffer Overflow Vulnerability: Microsoft
Windows Hyper-V NT Kernel Integration VSP contains a heap-based
buffer overflow vulnerability that allows a local attacker to
gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-14
-
Due Date: 2025-02-04
Additional Notes
Microsoft | Windows
Microsoft Windows Hyper-V NT Kernel Integration VSP
Use-After-Free Vulnerability: Microsoft
Windows Hyper-V NT Kernel Integration VSP contains a
use-after-free vulnerability that allows a local attacker to
gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-14
-
Due Date: 2025-02-04
Additional Notes
Microsoft | Windows
Microsoft Windows Hyper-V NT Kernel Integration VSP
Use-After-Free Vulnerability: Microsoft
Windows Hyper-V NT Kernel Integration VSP contains a
use-after-free vulnerability that allows a local attacker to
gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-14
-
Due Date: 2025-02-04
Additional Notes
BeyondTrust | Privileged Remote Access (PRA) and Remote
Support (RS)
BeyondTrust Privileged Remote Access (PRA) and Remote Support
(RS) OS Command Injection Vulnerability: BeyondTrust
Privileged Remote Access (PRA) and Remote Support (RS) contain
an OS command injection vulnerability that can be exploited by
an attacker with existing administrative privileges to upload a
malicious file. Successful exploitation of this vulnerability
can allow a remote attacker to execute underlying operating
system commands within the context of the site user.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-13
-
Due Date: 2025-02-03
Additional Notes
Qlik | Sense
Qlik Sense HTTP Tunneling Vulnerability: Qlik
Sense contains an HTTP tunneling vulnerability that allows an
attacker to escalate privileges and execute HTTP requests on the
backend server hosting the software.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-13
-
Due Date: 2025-02-03
Additional Notes
Ivanti | Connect Secure, Policy Secure, and ZTA Gateways
Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Stack-Based Buffer Overflow Vulnerability: Ivanti
Connect Secure, Policy Secure, and ZTA Gateways contain a
stack-based buffer overflow which can lead to unauthenticated
remote code execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations as set forth in the CISA
instructions linked below to include conducting hunt
activities, taking remediation actions if applicable, and
applying updates prior to returning a device to service.
-
Date Added: 2025-01-08
-
Due Date: 2025-01-15
Additional Notes
Mitel | MiCollab
Mitel MiCollab Path Traversal Vulnerability: Mitel
MiCollab contains a path traversal vulnerability that could
allow an attacker to gain unauthorized and unauthenticated
access. This vulnerability can be chained with CVE-2024-55550,
which allows an unauthenticated, remote attacker to read
arbitrary files on the server.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-07
-
Due Date: 2025-01-28
Additional Notes
Mitel | MiCollab
Mitel MiCollab Path Traversal Vulnerability: Mitel
MiCollab contains a path traversal vulnerability that could
allow an authenticated attacker with administrative privileges
to read local files within the system due to insufficient input
sanitization. This vulnerability can be chained with
CVE-2024-41713, which allows an unauthenticated, remote attacker
to read arbitrary files on the server.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-07
-
Due Date: 2025-01-28
Additional Notes
Oracle | WebLogic Server
Oracle WebLogic Server Unspecified Vulnerability: Oracle
WebLogic Server, a product within the Fusion Middleware suite,
contains an unspecified vulnerability exploitable by an
unauthenticated attacker with network access via IIOP or T3.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2025-01-07
-
Due Date: 2025-01-28
Additional Notes
Palo Alto Networks | PAN-OS
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability: Palo
Alto Networks PAN-OS contains a vulnerability in parsing and
logging malicious DNS packets in the DNS Security feature that,
when exploited, allows an unauthenticated attacker to remotely
reboot the firewall. Repeated attempts to trigger this condition
will cause the firewall to enter maintenance mode.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-30
-
Due Date: 2025-01-20
Additional Notes
Acclaim Systems | USAHERDS
Acclaim Systems USAHERDS Use of Hard-Coded Credentials
Vulnerability : Acclaim
Systems USAHERDS contains a hard-coded credentials vulnerability
that could allow an attacker to achieve remote code execution on
the system that runs the application. The MachineKey must be
obtained via a separate vulnerability or other channel.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable. Please contact the product developer for
support and vulnerability mitigation.
-
Date Added: 2024-12-23
-
Due Date: 2025-01-13
Additional Notes
BeyondTrust | Privileged Remote Access (PRA) and Remote
Support (RS)
BeyondTrust Privileged Remote Access (PRA) and Remote Support
(RS) Command Injection Vulnerability : BeyondTrust
Privileged Remote Access (PRA) and Remote Support (RS) contain a
command injection vulnerability, which can allow an
unauthenticated attacker to inject commands that are run as a
site user.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-19
-
Due Date: 2024-12-27
Additional Notes
NUUO | NVRmini Devices
NUUO NVRmini Devices OS Command Injection Vulnerability : NUUO
NVRmini devices contain an OS command injection vulnerability.
This vulnerability allows remote command execution via shell
metacharacters in the uploaddir parameter for a writeuploaddir
command.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-12-18
-
Due Date: 2025-01-08
Additional Notes
NUUO | NVRmini2 Devices
NUUO NVRmini2 Devices Missing Authentication Vulnerability : NUUO
NVRmini2 devices contain a missing authentication vulnerability
that allows an unauthenticated attacker to upload an encrypted
TAR archive, which can be abused to add arbitrary users.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-12-18
-
Due Date: 2025-01-08
Additional Notes
Reolink | Multiple IP Cameras
Reolink Multiple IP Cameras OS Command Injection Vulnerability: Reolink
RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras
contain an authenticated OS command injection vulnerability.
This vulnerability allows an authenticated admin to use the
"TestEmail" functionality to inject and run OS commands as root.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product could be end-of-life
(EoL) and/or end-of-service (EoS). Users should discontinue
product utilization if a current mitigation is unavailable.
-
Date Added: 2024-12-18
-
Due Date: 2025-01-08
Additional Notes
Reolink | RLC-410W IP Camera
Reolink RLC-410W IP Camera OS Command Injection Vulnerability : Reolink
RLC-410W IP cameras contain an authenticated OS command
injection vulnerability in the device network settings
functionality.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product could be end-of-life
(EoL) and/or end-of-service (EoS). Users should discontinue
product utilization if a current mitigation is unavailable.
-
Date Added: 2024-12-18
-
Due Date: 2025-01-08
Additional Notes
Cleo | Multiple Products
Cleo Multiple Products Unauthenticated File Upload
Vulnerability: Cleo
Harmony, VLTrader, and LexiCom, which are managed file transfer
products, contain an unrestricted file upload vulnerability that
could allow an unauthenticated user to import and execute
arbitrary bash or PowerShell commands on the host system by
leveraging the default settings of the Autorun directory.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-17
-
Due Date: 2025-01-07
Additional Notes
Adobe | ColdFusion
Adobe ColdFusion Improper Access Control Vulnerability: Adobe
ColdFusion contains an improper access control vulnerability
that could allow an attacker to access or modify restricted
files via an internet-exposed admin panel.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-16
-
Due Date: 2025-01-06
Additional Notes
Microsoft | Windows
Microsoft Windows Kernel-Mode Driver Untrusted Pointer
Dereference Vulnerability : Microsoft
Windows Kernel-Mode Driver contains an untrusted pointer
dereference vulnerability that allows a local attacker to
escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-16
-
Due Date: 2025-01-06
Additional Notes
Cleo | Multiple Products
Cleo Multiple Products Unrestricted File Upload Vulnerability: Cleo
Harmony, VLTrader, and LexiCom, which are managed file transfer
products, contain an unrestricted file upload and download
vulnerability that can lead to remote code execution with
elevated privileges.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-13
-
Due Date: 2025-01-03
Additional Notes
Microsoft | Windows
Microsoft Windows Common Log File System (CLFS) Driver
Heap-Based Buffer Overflow Vulnerability: Microsoft
Windows Common Log File System (CLFS) driver contains a
heap-based buffer overflow vulnerability that allows a local
attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-10
-
Due Date: 2024-12-31
Additional Notes
CyberPersons | CyberPanel
CyberPanel Incorrect Default Permissions Vulnerability: CyberPanel
contains an incorrect default permissions vulnerability that
allows for authentication bypass and the execution of arbitrary
commands using shell metacharacters in the statusfile property.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-04
-
Due Date: 2024-12-25
Additional Notes
North Grid | Proself
North Grid Proself Improper Restriction of XML External Entity
(XXE) Reference Vulnerability: North
Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize
contain an improper restriction of XML External Entity (XXE)
reference vulnerability, which could allow a remote,
unauthenticated attacker to conduct an XXE attack.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-03
-
Due Date: 2024-12-24
Additional Notes
ProjectSend | ProjectSend
ProjectSend Improper Authentication Vulnerability: ProjectSend
contains an improper authentication vulnerability that allows a
remote, unauthenticated attacker to enable unauthorized
modification of the application's configuration via crafted HTTP
requests to options.php. Successful exploitation allows
attackers to create accounts, upload webshells, and embed
malicious JavaScript.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-03
-
Due Date: 2024-12-24
Additional Notes
Zyxel | Multiple Firewalls
Zyxel Multiple Firewalls Path Traversal Vulnerability: Multiple
Zyxel firewalls contain a path traversal vulnerability in the
web management interface that could allow an attacker to
download or upload files via a crafted URL.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-12-03
-
Due Date: 2024-12-24
Additional Notes
Array Networks | AG/vxAG ArrayOS
Array Networks AG and vxAG ArrayOS Missing Authentication for
Critical Function Vulnerability: Array
Networks AG and vxAG ArrayOS contain a missing authentication
for critical function vulnerability that allows an attacker to
read local files and execute code on the SSL VPN gateway.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-25
-
Due Date: 2024-12-16
Additional Notes
Apple | Multiple Products
Apple Multiple Products Code Execution Vulnerability: Apple
iOS, macOS, and other Apple products contain an unspecified
vulnerability when processing maliciously crafted web content
that may lead to arbitrary code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-21
-
Due Date: 2024-12-12
Additional Notes
Apple | Multiple Products
Apple Multiple Products Cross-Site Scripting (XSS)
Vulnerability: Apple
iOS, macOS, and other Apple products contain an unspecified
vulnerability when processing maliciously crafted web content
that may lead to a cross-site scripting (XSS) attack.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-21
-
Due Date: 2024-12-12
Additional Notes
Oracle | Agile Product Lifecycle Management (PLM)
Oracle Agile Product Lifecycle Management (PLM) Incorrect
Authorization Vulnerability: Oracle
Agile Product Lifecycle Management (PLM) contains an incorrect
authorization vulnerability in the Process Extension component
of the Software Development Kit. Successful exploitation of this
vulnerability may result in unauthenticated file disclosure.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-21
-
Due Date: 2024-12-12
Additional Notes
VMware | vCenter Server
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability: VMware
vCenter Server contains a heap-based buffer overflow
vulnerability in the implementation of the DCERPC protocol. This
vulnerability could allow an attacker with network access to the
vCenter Server to execute remote code by sending a specially
crafted packet.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-20
-
Due Date: 2024-12-11
Additional Notes
VMware | vCenter Server
VMware vCenter Server Privilege Escalation Vulnerability: VMware
vCenter contains an improper check for dropped privileges
vulnerability. This vulnerability could allow an attacker with
network access to the vCenter Server to escalate privileges to
root by sending a specially crafted packet.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-20
-
Due Date: 2024-12-11
Additional Notes
Progress | Kemp LoadMaster
Progress Kemp LoadMaster OS Command Injection Vulnerability: Progress
Kemp LoadMaster contains an OS command injection vulnerability
that allows an unauthenticated, remote attacker to access the
system through the LoadMaster management interface, enabling
arbitrary system command execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-18
-
Due Date: 2024-12-09
Additional Notes
Palo Alto Networks | PAN-OS
Palo Alto Networks PAN-OS Management Interface Authentication
Bypass Vulnerability: Palo
Alto Networks PAN-OS contains an authentication bypass
vulnerability in the web-based management interface for several
PAN-OS products, including firewalls and VPN concentrators.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable. Additionally, management interface for affected
devices should not be exposed to untrusted networks,
including the internet.
-
Date Added: 2024-11-18
-
Due Date: 2024-12-09
Additional Notes
Palo Alto Networks | PAN-OS
Palo Alto Networks PAN-OS Management Interface OS Command
Injection Vulnerability: Palo
Alto Networks PAN-OS contains an OS command injection
vulnerability that allows for privilege escalation through the
web-based management interface for several PAN products,
including firewalls and VPN concentrators.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable. Additionally, the management interfaces for
affected devices should not be exposed to untrusted
networks, including the internet.
-
Date Added: 2024-11-18
-
Due Date: 2024-12-09
Additional Notes
Palo Alto Networks | Expedition
Palo Alto Networks Expedition OS Command Injection
Vulnerability: Palo
Alto Networks Expedition contains an OS command injection
vulnerability that allows an unauthenticated attacker to run
arbitrary OS commands as root in Expedition, resulting in
disclosure of usernames, cleartext passwords, device
configurations, and device API keys of PAN-OS firewalls.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-14
-
Due Date: 2024-12-05
Additional Notes
Palo Alto Networks | Expedition
Palo Alto Networks Expedition SQL Injection Vulnerability: Palo
Alto Networks Expedition contains a SQL injection vulnerability
that allows an unauthenticated attacker to reveal Expedition
database contents, such as password hashes, usernames, device
configurations, and device API keys. With this, attackers can
also create and read arbitrary files on the Expedition system.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-14
-
Due Date: 2024-12-05
Additional Notes
Microsoft | Windows
Microsoft Windows Task Scheduler Privilege Escalation
Vulnerability: Microsoft
Windows Task Scheduler contains a privilege escalation
vulnerability that can allow an attacker-provided, local
application to escalate privileges outside of its AppContainer,
and access privileged RPC functions.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-12
-
Due Date: 2024-12-03
Additional Notes
Microsoft | Windows
Microsoft Windows NTLMv2 Hash Disclosure Spoofing
Vulnerability: Microsoft
Windows contains an NTLMv2 hash spoofing vulnerability that
could result in disclosing a user's NTLMv2 hash to an attacker
via a file open operation. The attacker could then leverage this
hash to impersonate that user.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-12
-
Due Date: 2024-12-03
Additional Notes
Metabase | Metabase
Metabase GeoJSON API Local File Inclusion Vulnerability: Metabase
contains a local file inclusion vulnerability in the custom map
support in the API to read GeoJSON formatted data.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-12
-
Due Date: 2024-12-03
Additional Notes
Cisco | Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting
(XSS) Vulnerability: Cisco
Adaptive Security Appliance (ASA) contains a cross-site
scripting (XSS) vulnerability in the WebVPN login page. This
vulnerability allows remote attackers to inject arbitrary web
script or HTML via an unspecified parameter.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-12
-
Due Date: 2024-12-03
Additional Notes
Atlassian | Jira Server and Data Center
Atlassian Jira Server and Data Center Path Traversal
Vulnerability: Atlassian
Jira Server and Data Center contain a path traversal
vulnerability that allows a remote attacker to read particular
files in the /WEB-INF/web.xml endpoint.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-12
-
Due Date: 2024-12-03
Additional Notes
Palo Alto Networks | Expedition
Palo Alto Networks Expedition Missing Authentication
Vulnerability: Palo
Alto Networks Expedition contains a missing authentication
vulnerability that allows an attacker with network access to
takeover an Expedition admin account and potentially access
configuration secrets, credentials, and other data.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-07
-
Due Date: 2024-11-28
Additional Notes
Android | Framework
Android Framework Privilege Escalation Vulnerability: Android
Framework contains an unspecified vulnerability that allows for
privilege escalation.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-07
-
Due Date: 2024-11-28
Additional Notes
CyberPersons | CyberPanel
CyberPanel Incorrect Default Permissions Vulnerability: CyberPanel
contains an incorrect default permissions vulnerability that
allows a remote, unauthenticated attacker to execute commands as
root.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-07
-
Due Date: 2024-11-28
Additional Notes
Nostromo | nhttpd
Nostromo nhttpd Directory Traversal Vulnerability: Nostromo
nhttpd contains a directory traversal vulnerability in the
http_verify() function in a non-chrooted nhttpd server allowing
for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-07
-
Due Date: 2024-11-28
Additional Notes
PTZOptics | PT30X-SDI/NDI Cameras
PTZOptics PT30X-SDI/NDI Cameras OS Command Injection
Vulnerability: PTZOptics
PT30X-SDI/NDI cameras contain an OS command injection
vulnerability that allows a remote, authenticated attacker to
escalate privileges to root via a crafted payload with the
ntp_addr parameter of the /cgi-bin/param.cgi CGI script.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-04
-
Due Date: 2024-11-25
Additional Notes
PTZOptics | PT30X-SDI/NDI Cameras
PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass
Vulnerability: PTZOptics
PT30X-SDI/NDI cameras contain an insecure direct object
reference (IDOR) vulnerability that allows a remote, attacker to
bypass authentication for the /cgi-bin/param.cgi CGI script. If
combined with CVE-2024-8957, this can lead to remote code
execution as root.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-11-04
-
Due Date: 2024-11-25
Additional Notes
Cisco | Adaptive Security Appliance (ASA) and Firepower
Threat Defense (FTD)
Cisco ASA and FTD Denial-of-Service Vulnerability: Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense
(FTD) contain a missing release of resource after effective
lifetime vulnerability that could allow an unauthenticated,
remote attacker to cause a denial-of-service (DoS) of the RAVPN
service.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-24
-
Due Date: 2024-11-14
Additional Notes
Roundcube | Webmail
RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability: RoundCube
Webmail contains a cross-site scripting (XSS) vulnerability in
the handling of SVG animate attributes that allows a remote
attacker to run malicious JavaScript code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-24
-
Due Date: 2024-11-14
Additional Notes
Fortinet | FortiManager
Fortinet FortiManager Missing Authentication Vulnerability: Fortinet
FortiManager contains a missing authentication vulnerability in
the fgfmd daemon that allows a remote, unauthenticated attacker
to execute arbitrary code or commands via specially crafted
requests.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-23
-
Due Date: 2024-11-13
Additional Notes
Microsoft | SharePoint
Microsoft SharePoint Deserialization Vulnerability: Microsoft
SharePoint contains a deserialization vulnerability that allows
for remote code execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-22
-
Due Date: 2024-11-12
Additional Notes
ScienceLogic | SL1
ScienceLogic SL1 Unspecified Vulnerability: ScienceLogic
SL1 (formerly EM7) is affected by an unspecified vulnerability
involving an unspecified third-party component.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-21
-
Due Date: 2024-11-11
Additional Notes
Veeam | Backup & Replication
Veeam Backup and Replication Deserialization Vulnerability: Veeam
Backup and Replication contains a deserialization vulnerability
allowing an unauthenticated user to perform remote code
execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-17
-
Due Date: 2024-11-07
Additional Notes
Microsoft | Windows
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability: Microsoft
Windows Kernel contains a time-of-check to time-of-use (TOCTOU)
race condition vulnerability that could allow for privilege
escalation.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-15
-
Due Date: 2024-11-05
Additional Notes
Mozilla | Firefox
Mozilla Firefox Use-After-Free Vulnerability: Mozilla
Firefox and Firefox ESR contain a use-after-free vulnerability
in Animation timelines that allows for code execution in the
content process.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-15
-
Due Date: 2024-11-05
Additional Notes
SolarWinds | Web Help Desk
SolarWinds Web Help Desk Hardcoded Credential Vulnerability: SolarWinds
Web Help Desk contains a hardcoded credential vulnerability that
could allow a remote, unauthenticated user to access internal
functionality and modify data.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-15
-
Due Date: 2024-11-05
Additional Notes
Fortinet | Multiple Products
Fortinet Multiple Products Format String Vulnerability: Fortinet
FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format
string vulnerability that allows a remote, unauthenticated
attacker to execute arbitrary code or commands via specially
crafted requests.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-09
-
Due Date: 2024-10-30
Additional Notes
Ivanti | Cloud Services Appliance (CSA)
Ivanti Cloud Services Appliance (CSA) SQL Injection
Vulnerability: Ivanti
Cloud Services Appliance (CSA) contains a SQL injection
vulnerability in the admin web console in versions prior to
5.0.2, which can allow a remote attacker authenticated as
administrator to run arbitrary SQL statements.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA 4.6.x has reached End-of-Life
status, users are urged to remove CSA 4.6.x from service or
upgrade to the 5.0.x line, or later, of supported solution.
-
Date Added: 2024-10-09
-
Due Date: 2024-10-30
Additional Notes
Ivanti | Cloud Services Appliance (CSA)
Ivanti Cloud Services Appliance (CSA) OS Command Injection
Vulnerability: Ivanti
Cloud Services Appliance (CSA) contains an OS command injection
vulnerability in the administrative console which can allow an
authenticated attacker with application admin privileges to pass
commands to the underlying OS.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA 4.6.x has reached End-of-Life
status, users are urged to remove CSA 4.6.x from service or
upgrade to the 5.0.x line, or later, of supported solution.
-
Date Added: 2024-10-09
-
Due Date: 2024-10-30
Additional Notes
Qualcomm | Multiple Chipsets
Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple
Qualcomm chipsets contain a use-after-free vulnerability due to
memory corruption in DSP Services while maintaining memory maps
of HLOS memory.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply remediations or mitigations per vendor
instructions or discontinue use of the product if
remediation or mitigations are unavailable.
-
Date Added: 2024-10-08
-
Due Date: 2024-10-29
Additional Notes
Microsoft | Windows
Microsoft Windows Management Console Remote Code Execution
Vulnerability: Microsoft
Windows Management Console contains unspecified vulnerability
that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-08
-
Due Date: 2024-10-29
Additional Notes
Microsoft | Windows
Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft
Windows MSHTML Platform contains an unspecified spoofing
vulnerability which can lead to a loss of confidentiality.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-08
-
Due Date: 2024-10-29
Additional Notes
Synacor | Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Command Execution
Vulnerability: Synacor
Zimbra Collaboration Suite (ZCS) contains an unspecified
vulnerability in the postjournal service that may allow an
unauthenticated user to execute commands.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-03
-
Due Date: 2024-10-24
Additional Notes
Ivanti | Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability: Ivanti
Endpoint Manager (EPM) contains a SQL injection vulnerability in
Core server that allows an unauthenticated attacker within the
same network to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-10-02
-
Due Date: 2024-10-23
Additional Notes
D-Link | DIR-820 Router
D-Link DIR-820 Router OS Command Injection Vulnerability: D-Link
DIR-820 routers contain an OS command injection vulnerability
that allows a remote, unauthenticated attacker to escalate
privileges to root via a crafted payload with the ping_addr
parameter to ping.ccp.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-09-30
-
Due Date: 2024-10-21
Additional Notes
DrayTek | Multiple Vigor Routers
DrayTek Multiple Vigor Routers OS Command Injection
Vulnerability: DrayTek
Vigor3900, Vigor2960, and Vigor300B devices contain an OS
command injection vulnerability in
cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote
code execution via shell metacharacters in a filename when the
text/x-python-script content type is used.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-30
-
Due Date: 2024-10-21
Additional Notes
SAP | Commerce Cloud
SAP Commerce Cloud Deserialization of Untrusted Data
Vulnerability: SAP
Commerce Cloud (formerly known as Hybris) contains a
deserialization of untrusted data vulnerability within the
mediaconversion and virtualjdbc extension that allows for code
injection.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-30
-
Due Date: 2024-10-21
Additional Notes
Ivanti | Virtual Traffic Manager
Ivanti Virtual Traffic Manager Authentication Bypass
Vulnerability: Ivanti
Virtual Traffic Manager contains an authentication bypass
vulnerability that allows a remote, unauthenticated attacker to
create a chosen administrator account.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-24
-
Due Date: 2024-10-15
Additional Notes
Ivanti | Cloud Services Appliance (CSA)
Ivanti Cloud Services Appliance (CSA) Path Traversal
Vulnerability: Ivanti
Cloud Services Appliance (CSA) contains a path traversal
vulnerability that could allow a remote, unauthenticated
attacker to access restricted functionality. If CVE-2024-8963 is
used in conjunction with CVE-2024-8190, an attacker could bypass
admin authentication and execute arbitrary commands on the
appliance.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA has reached End-of-Life status,
users are urged to remove CSA 4.6.x from service or upgrade
to the 5.0.x line of supported solutions, as future
vulnerabilities on the 4.6.x version of CSA are unlikely to
receive security updates.
-
Date Added: 2024-09-19
-
Due Date: 2024-10-10
Additional Notes
Apache | HugeGraph-Server
Apache HugeGraph-Server Improper Access Control Vulnerability: Apache
HugeGraph-Server contains an improper access control
vulnerability that could allow a remote attacker to execute
arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-18
-
Due Date: 2024-10-09
Additional Notes
Microsoft | SQL Server
Microsoft SQL Server Reporting Services Remote Code Execution
Vulnerability: Microsoft
SQL Server Reporting Services contains a deserialization
vulnerability when handling page requests incorrectly. An
authenticated attacker can exploit this vulnerability to execute
code in the context of the Report Server service account.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-18
-
Due Date: 2024-10-09
Additional Notes
Oracle | ADF Faces
Oracle ADF Faces Deserialization of Untrusted Data
Vulnerability: Oracle
ADF Faces library, included with Oracle JDeveloper Distribution,
contains a deserialization of untrusted data vulnerability
leading to unauthenticated remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-18
-
Due Date: 2024-10-09
Additional Notes
Oracle | WebLogic Server
Oracle WebLogic Server Remote Code Execution Vulnerability: Oracle
WebLogic Server, a product within the Fusion Middleware suite,
contains a deserialization vulnerability. Unauthenticated
attackers with network access via T3 or IIOP can exploit this
vulnerability to achieve remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-18
-
Due Date: 2024-10-09
Additional Notes
Adobe | Flash Player
Adobe Flash Player Integer Underflow Vulnerablity: Adobe
Flash Player contains an integer underflow vulnerability that
allows a remote attacker to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-09-17
-
Due Date: 2024-10-08
Additional Notes
Adobe | Flash Player
Adobe Flash Player Incorrect Default Permissions Vulnerability: Adobe
Flash Player contains an incorrect default permissions
vulnerability in the Firefox sandbox that allows a remote
attacker to execute arbitrary code via crafted SWF content.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-09-17
-
Due Date: 2024-10-08
Additional Notes
Adobe | Flash Player
Adobe Flash Player Code Execution Vulnerability: Adobe
Flash Player contains an unspecified vulnerability in the
ExternalInterface ActionScript functionality that allows a
remote attacker to execute arbitrary code via crafted SWF
content.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-09-17
-
Due Date: 2024-10-08
Additional Notes
Adobe | Flash Player
Adobe Flash Player Double Free Vulnerablity: Adobe
Flash Player contains a double free vulnerability that allows a
remote attacker to execute arbitrary code.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life (EoL)
and/or end-of-service (EoS). Users should discontinue
utilization of the product.
-
Date Added: 2024-09-17
-
Due Date: 2024-10-08
Additional Notes
Microsoft | Windows
Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft
Windows MSHTML Platform contains a user interface (UI)
misrepresentation of critical information vulnerability that
allows an attacker to spoof a web page. This vulnerability was
exploited in conjunction with CVE-2024-38112.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-16
-
Due Date: 2024-10-07
Additional Notes
Progress | WhatsUp Gold
Progress WhatsUp Gold SQL Injection Vulnerability: Progress
WhatsUp Gold contains a SQL injection vulnerability that allows
an unauthenticated attacker to retrieve the user's encrypted
password if the application is configured with only a single
user.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-16
-
Due Date: 2024-10-07
Additional Notes
Ivanti | Cloud Services Appliance
Ivanti Cloud Services Appliance OS Command Injection
Vulnerability: Ivanti
Cloud Services Appliance (CSA) contains an OS command injection
vulnerability in the administrative console which can allow an
authenticated attacker with application admin privileges to pass
commands to the underlying OS.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA has reached End-of-Life status,
users are urged to remove CSA 4.6.x from service or upgrade
to the 5.0.x line of supported solutions, as future
vulnerabilities on the 4.6.x version of CSA are unlikely to
receive future security updates.
-
Date Added: 2024-09-13
-
Due Date: 2024-10-04
Additional Notes
Microsoft | Publisher
Microsoft Publisher Protection Mechanism Failure Vulnerability: Microsoft
Publisher contains a protection mechanism failure vulnerability
that allows attacker to bypass Office macro policies used to
block untrusted or malicious files.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-10
-
Due Date: 2024-10-01
Additional Notes
Microsoft | Windows
Microsoft Windows Installer Improper Privilege Management
Vulnerability: Microsoft
Windows Installer contains an improper privilege management
vulnerability that could allow an attacker to gain SYSTEM
privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-10
-
Due Date: 2024-10-01
Additional Notes
Microsoft | Windows
Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability: Microsoft
Windows Mark of the Web (MOTW) contains a protection mechanism
failure vulnerability that allows an attacker to bypass
MOTW-based defenses. This can result in a limited loss of
integrity and availability of security features such as
Protected View in Microsoft Office, which rely on MOTW tagging.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-10
-
Due Date: 2024-10-01
Additional Notes
ImageMagick | ImageMagick
ImageMagick Improper Input Validation Vulnerability: ImageMagick
contains an improper input validation vulnerability that affects
the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders.
This allows a remote attacker to execute arbitrary code via
shell metacharacters in a crafted image.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-09
-
Due Date: 2024-09-30
Additional Notes
Linux | Kernel
Linux Kernel PIE Stack Buffer Corruption Vulnerability : Linux
kernel contains a position-independent executable (PIE) stack
buffer corruption vulnerability in load_elf_ binary() that
allows a local attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-09
-
Due Date: 2024-09-30
Additional Notes
SonicWall | SonicOS
SonicWall SonicOS Improper Access Control Vulnerability: SonicWall
SonicOS contains an improper access control vulnerability that
could lead to unauthorized resource access and, under certain
conditions, may cause the firewall to crash.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-09
-
Due Date: 2024-09-30
Additional Notes
DrayTek | VigorConnect
Draytek VigorConnect Path Traversal Vulnerability : Draytek
VigorConnect contains a path traversal vulnerability in the
DownloadFileServlet endpoint. An unauthenticated attacker could
leverage this vulnerability to download arbitrary files from the
underlying operating system with root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-03
-
Due Date: 2024-09-24
Additional Notes
DrayTek | VigorConnect
Draytek VigorConnect Path Traversal Vulnerability : Draytek
VigorConnect contains a path traversal vulnerability in the file
download functionality of the WebServlet endpoint. An
unauthenticated attacker could leverage this vulnerability to
download arbitrary files from the underlying operating system
with root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-03
-
Due Date: 2024-09-24
Additional Notes
Kingsoft | WPS Office
Kingsoft WPS Office Path Traversal Vulnerability: Kingsoft
WPS Office contains a path traversal vulnerability in
promecefpluginhost.exe on Windows that allows an attacker to
load an arbitrary Windows library.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-09-03
-
Due Date: 2024-09-24
Additional Notes
Google | Chromium V8
Google Chromium V8 Inappropriate Implementation Vulnerability: Google
Chromium V8 contains an inappropriate implementation
vulnerability that allows a remote attacker to potentially
exploit heap corruption via a crafted HTML page. This
vulnerability could affect multiple web browsers that utilize
Chromium, including, but not limited to, Google Chrome,
Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-28
-
Due Date: 2024-09-18
Additional Notes
Apache | OFBiz
Apache OFBiz Incorrect Authorization Vulnerability: Apache
OFBiz contains an incorrect authorization vulnerability that
could allow remote code execution via a Groovy payload in the
context of the OFBiz user process by an unauthenticated
attacker.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-27
-
Due Date: 2024-09-17
Additional Notes
Google | Chromium V8
Google Chromium V8 Type Confusion Vulnerability: Google
Chromium V8 contains a type confusion vulnerability that allows
a remote attacker to exploit heap corruption via a crafted HTML
page. This vulnerability could affect multiple web browsers that
utilize Chromium, including, but not limited to, Google Chrome,
Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-26
-
Due Date: 2024-09-16
Additional Notes
Versa | Director
Versa Director Dangerous File Type Upload Vulnerability: The
Versa Director GUI contains an unrestricted upload of file with
dangerous type vulnerability that allows administrators with
Provider-Data-Center-Admin or Provider-Data-Center-System-Admin
privileges to customize the user interface. The “Change Favicon”
(Favorite Icon) enables the upload of a .png file, which can be
exploited to upload a malicious file with a .png extension
disguised as an image.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-23
-
Due Date: 2024-09-13
Additional Notes
Dahua | IP Camera Firmware
Dahua IP Camera Authentication Bypass Vulnerability: Dahua
IP cameras and related products contain an authentication bypass
vulnerability when the NetKeyboard type argument is specified by
the client during authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-21
-
Due Date: 2024-09-11
Additional Notes
Dahua | IP Camera Firmware
Dahua IP Camera Authentication Bypass Vulnerability: Dahua
IP cameras and related products contain an authentication bypass
vulnerability when the loopback device is specified by the
client during authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-21
-
Due Date: 2024-09-11
Additional Notes
Linux | Kernel
Linux Kernel Heap-Based Buffer Overflow Vulnerability: Linux
kernel contains a heap-based buffer overflow vulnerability in
the legacy_parse_param function in the Filesystem Context
functionality. This allows an attacker to open a filesystem that
does not support the Filesystem Context API and ultimately
escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions or
discontinue use of the product if updates are unavailable.
-
Date Added: 2024-08-21
-
Due Date: 2024-09-11
Additional Notes
Microsoft | Exchange Server
Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft
Exchange Server contains an information disclosure vulnerability
that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-21
-
Due Date: 2024-09-11
Additional Notes
Jenkins | Jenkins Command Line Interface (CLI)
Jenkins Command Line Interface (CLI) Path Traversal
Vulnerability: Jenkins
Command Line Interface (CLI) contains a path traversal
vulnerability that allows attackers limited read access to
certain files, which can lead to code execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-19
-
Due Date: 2024-09-09
Additional Notes
SolarWinds | Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data
Vulnerability: SolarWinds
Web Help Desk contains a deserialization of untrusted data
vulnerability that could allow for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-15
-
Due Date: 2024-09-05
Additional Notes
Microsoft | Project
Microsoft Project Remote Code Execution Vulnerability : Microsoft
Project contains an unspecified vulnerability that allows for
remote code execution via a malicious file.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-13
-
Due Date: 2024-09-03
Additional Notes
Microsoft | Windows
Microsoft Windows Scripting Engine Memory Corruption
Vulnerability: Microsoft
Windows Scripting Engine contains a memory corruption
vulnerability that allows unauthenticated attacker to initiate
remote code execution via a specially crafted URL.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-13
-
Due Date: 2024-09-03
Additional Notes
Microsoft | Windows
Microsoft Windows SmartScreen Security Feature Bypass
Vulnerability: Microsoft
Windows SmartScreen contains a security feature bypass
vulnerability that allows an attacker to bypass the SmartScreen
user experience via a malicious file.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-13
-
Due Date: 2024-09-03
Additional Notes
Microsoft | Windows
Microsoft Windows Ancillary Function Driver for WinSock
Privilege Escalation Vulnerability: Microsoft
Windows Ancillary Function Driver for WinSock contains an
unspecified vulnerability that allows for privilege escalation,
enabling a local attacker to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-13
-
Due Date: 2024-09-03
Additional Notes
Microsoft | Windows
Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft
Windows Kernel contains an unspecified vulnerability that allows
for privilege escalation, enabling a local attacker to gain
SYSTEM privileges. Successful exploitation of this vulnerability
requires an attacker to win a race condition.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-13
-
Due Date: 2024-09-03
Additional Notes
Microsoft | Windows
Microsoft Windows Power Dependency Coordinator Privilege
Escalation Vulnerability: Microsoft
Windows Power Dependency Coordinator contains an unspecified
vulnerability that allows for privilege escalation, enabling a
local attacker to obtain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-13
-
Due Date: 2024-09-03
Additional Notes
Android | Kernel
Android Kernel Remote Code Execution Vulnerability: Android
contains an unspecified vulnerability in the kernel that allows
for remote code execution. This vulnerability resides in Linux
Kernel and could impact other products, including but not
limited to Android OS.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-07
-
Due Date: 2024-08-28
Additional Notes
Apache | OFBiz
Apache OFBiz Path Traversal Vulnerability: Apache
OFBiz contains a path traversal vulnerability that could allow
for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-07
-
Due Date: 2024-08-28
Additional Notes
Microsoft | Windows
Microsoft COM for Windows Deserialization of Untrusted Data
Vulnerability: Microsoft
COM for Windows contains a deserialization of untrusted data
vulnerability that allows for privilege escalation and remote
code execution via a specially crafted file or script.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-08-05
-
Due Date: 2024-08-26
Additional Notes
VMware | ESXi
VMware ESXi Authentication Bypass Vulnerability: VMware
ESXi contains an authentication bypass vulnerability. A
malicious actor with sufficient Active Directory (AD)
permissions can gain full access to an ESXi host that was
previously configured to use AD for user management by
re-creating the configured AD group ('ESXi Admins' by default)
after it was deleted from AD.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-30
-
Due Date: 2024-08-20
Additional Notes
ServiceNow | Utah, Vancouver, and Washington DC Now Platform
ServiceNow Improper Input Validation Vulnerability: ServiceNow
Utah, Vancouver, and Washington DC Now Platform releases contain
a jelly template injection vulnerability in UI macros. An
unauthenticated user could exploit this vulnerability to execute
code remotely.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-29
-
Due Date: 2024-08-19
Additional Notes
ServiceNow | Utah, Vancouver, and Washington DC Now Platform
ServiceNow Incomplete List of Disallowed Inputs Vulnerability: ServiceNow
Washington DC, Vancouver, and earlier Now Platform releases
contain an incomplete list of disallowed inputs vulnerability in
the GlideExpression script. An unauthenticated user could
exploit this vulnerability to execute code remotely.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-29
-
Due Date: 2024-08-19
Additional Notes
Acronis | Cyber Infrastructure (ACI)
Acronis Cyber Infrastructure (ACI) Insecure Default Password
Vulnerability: Acronis
Cyber Infrastructure (ACI) allows an unauthenticated user to
execute commands remotely due to the use of default passwords.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-29
-
Due Date: 2024-08-19
Additional Notes
Microsoft | Internet Explorer
Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft
Internet Explorer contains a use-after-free vulnerability that
allows a remote attacker to execute arbitrary code via a crafted
web site that triggers access to an object that (1) was not
properly allocated or (2) is deleted, as demonstrated by a
CDwnBindInfo object.
Known To Be Used in Ransomware Campaigns? Unknown
Action: The impacted product is end-of-life and
should be disconnected if still in use.
-
Date Added: 2024-07-23
-
Due Date: 2024-08-13
Additional Notes
Twilio | Authy
Twilio Authy Information Disclosure Vulnerability: Twilio
Authy contains an information disclosure vulnerability in its
API that allows an unauthenticated endpoint to accept a request
containing a phone number and respond with information about
whether the phone number was registered with Authy.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-23
-
Due Date: 2024-08-13
Additional Notes
Adobe | Commerce and Magento Open Source
Adobe Commerce and Magento Open Source Improper Restriction of
XML External Entity Reference (XXE) Vulnerability: Adobe
Commerce and Magento Open Source contain an improper restriction
of XML external entity reference (XXE) vulnerability that allows
for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-17
-
Due Date: 2024-08-07
Additional Notes
SolarWinds | Serv-U
SolarWinds Serv-U Path Traversal Vulnerability : SolarWinds
Serv-U contains a path traversal vulnerability that allows an
attacker access to read sensitive files on the host machine.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-17
-
Due Date: 2024-08-07
Additional Notes
VMware | vCenter Server
VMware vCenter Server Incorrect Default File Permissions
Vulnerability : VMware
vCenter Server contains an incorrect default file permissions
vulnerability that allows a remote, privileged attacker to gain
access to sensitive information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-17
-
Due Date: 2024-08-07
Additional Notes
OSGeo | GeoServer
OSGeo GeoServer GeoTools Eval Injection Vulnerability: OSGeo
GeoServer GeoTools contains an improper neutralization of
directives in dynamically evaluated code vulnerability due to
unsafely evaluating property names as XPath expressions. This
allows unauthenticated attackers to conduct remote code
execution via specially crafted input.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-15
-
Due Date: 2024-08-05
Additional Notes
Microsoft | Windows
Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft
Windows MSHTML Platform contains a spoofing vulnerability that
has a high impact to confidentiality, integrity, and
availability.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-09
-
Due Date: 2024-07-30
Additional Notes
Microsoft | Windows
Microsoft Windows Hyper-V Privilege Escalation Vulnerability: Microsoft
Windows Hyper-V contains a privilege escalation vulnerability
that allows a local attacker with user permissions to gain
SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-09
-
Due Date: 2024-07-30
Additional Notes
Rejetto | HTTP File Server
Rejetto HTTP File Server Improper Neutralization of Special
Elements Used in a Template Engine Vulnerability: Rejetto
HTTP File Server contains an improper neutralization of special
elements used in a template engine vulnerability. This allows a
remote, unauthenticated attacker to execute commands on the
affected system by sending a specially crafted HTTP request.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-09
-
Due Date: 2024-07-30
Additional Notes
Cisco | NX-OS
Cisco NX-OS Command Injection Vulnerability: Cisco
NX-OS contains a command injection vulnerability in the command
line interface (CLI) that could allow an authenticated, local
attacker to execute commands as root on the underlying operating
system of an affected device.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-07-02
-
Due Date: 2024-07-23
Additional Notes
OSGeo | JAI-EXT
OSGeo GeoServer JAI-EXT Code Injection Vulnerability: OSGeo
GeoServer JAI-EXT contains a code injection vulnerability that,
when programs use jt-jiffle and allow Jiffle script to be
provided via network request, could allow remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-26
-
Due Date: 2024-07-17
Additional Notes
Linux | Kernel
Linux Kernel Use-After-Free Vulnerability: Linux
Kernel contains a use-after-free vulnerability in the
nft_object, allowing local attackers to escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions or
discontinue use of the product if updates are unavailable.
-
Date Added: 2024-06-26
-
Due Date: 2024-07-17
Additional Notes
Roundcube | Webmail
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability: Roundcube
Webmail contains a cross-site scripting (XSS) vulnerability that
allows a remote attacker to manipulate data via a malicious XML
attachment.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-26
-
Due Date: 2024-07-17
Additional Notes
Android | Pixel
Android Pixel Privilege Escalation Vulnerability: Android
Pixel contains an unspecified vulnerability in the firmware that
allows for privilege escalation.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-13
-
Due Date: 2024-07-04
Additional Notes
Microsoft | Windows
Microsoft Windows Error Reporting Service Improper Privilege
Management Vulnerability: Microsoft
Windows Error Reporting Service contains an improper privilege
management vulnerability that allows a local attacker with user
permissions to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply updates per vendor instructions or
discontinue use of the product if updates are unavailable.
-
Date Added: 2024-06-13
-
Due Date: 2024-07-04
Additional Notes
Progress | Telerik Report Server
Progress Telerik Report Server Authentication Bypass by Spoofing
Vulnerability: Progress
Telerik Report Server contains an authorization bypass by
spoofing vulnerability that allows an attacker to obtain
unauthorized access.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-13
-
Due Date: 2024-07-04
Additional Notes
Arm | Mali GPU Kernel Driver
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm
Bifrost and Valhall GPU kernel drivers contain a use-after-free
vulnerability that allows a local, non-privileged user to make
improper GPU memory processing operations to gain access to
already freed memory.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-12
-
Due Date: 2024-07-03
Additional Notes
PHP Group | PHP
PHP-CGI OS Command Injection Vulnerability: PHP,
specifically Windows-based PHP used in CGI mode, contains an OS
command injection vulnerability that allows for arbitrary code
execution. This vulnerability is a patch bypass for
CVE-2012-1823.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-12
-
Due Date: 2024-07-03
Additional Notes
Oracle | WebLogic Server
Oracle WebLogic Server OS Command Injection Vulnerability: Oracle
WebLogic Server, a product within the Fusion Middleware suite,
contains an OS command injection vulnerability that allows an
attacker to execute arbitrary code via a specially crafted HTTP
request that includes a malicious XML document.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
-
Date Added: 2024-06-03
-
Due Date: 2024-06-24