Vulnerability Disclosure

Unit 42 Vulnerability Disclosure Kubernetes Apr 6

Understanding Current Threats to Kubernetes Environments

Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments....

Unit 42 →

Wordfence Blog Vulnerability Disclosure WordPress Apr 6

50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin

On January 8th, 2026, we received a submission for an Arbitrary File Upload vulnerability in Ninja Forms - File Upload, a WordPress plugin with an estimated ...

T1190

Wordfence Blog →

US-CERT Alerts Vulnerability Disclosure Apr 6

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication Apri...

US-CERT Alerts →

Cisco Advisories Vulnerability Disclosure Apple Cisco Apr 2

Cisco IOS XE Software Denial of Service Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected ...

T1498 T1598

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure Apple Apr 2

Apple Expands iOS 18 Security Updates Amid DarkSword Threat

iOS/iPadOS 18.7.

T1588

Infosecurity Magazine →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the un...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Co...

T1598

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request ...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypas...

T1556

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privilege...

T1548

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with...

Cisco Advisories →

Trail of Bits Vulnerability Disclosure Apr 1

Mutation testing for the agentic era

Code coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measu...

Trail of Bits →

Cisco Advisories Vulnerability Disclosure Cisco Mar 31

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to...

T1059

Cisco Advisories →

Google Security Blog Vulnerability Disclosure Google Mar 31

VRP 2025 Year in Review

Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bo...

Google Security Blog →

Infosecurity Magazine Vulnerability Disclosure Check Point Mar 31

ChatGPT Security Issue Enabled Data Theft via Single Prompt

OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole

T1041 T1598

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Mar 30

Cybercriminals Exploit Tax Season With New Phishing Tactics

Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams

T1566 T1078 T1598

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Oracle Mar 26

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Mar 26

AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

T1598

Infosecurity Magazine →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their priv...

T1548 T1598

Cisco Advisories →