Vulnerability Disclosure

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remo...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded ...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause ...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security ...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 25

Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site ...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Ca...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected ...

T1498

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulner...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Mar 25

Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to...

T1498

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure SentinelOne Mar 25

Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

Infosecurity Magazine →

Cisco Advisories Vulnerability Disclosure Cisco Oracle Mar 25

Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attack...

T1190

Cisco Advisories →

Recorded Future Vulnerability Disclosure Microsoft Apple Mar 25

ClickFix Campaigns Targeting Windows and macOS

Insikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS.

T1204 1 IOC

Recorded Future →

Infosecurity Magazine Vulnerability Disclosure Citrix Mar 24

Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

Infosecurity Magazine →

Zero Day Initiative Vulnerability Disclosure Microsoft Mar 24

ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit ...

T1190 T1059

Zero Day Initiative →

Infosecurity Magazine Vulnerability Disclosure Mar 20

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Rapid7 Mar 18

AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure

Rapid7 says median time from publication to CISA KEV inclusion dropped to five days

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Amazon Linux Docker Mar 16

CrackArmor Flaws Expose Linux Systems to Privilege Escalation

CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks

T1548 T1498

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Mar 12

Critical Zero-Click Flaw in n8n Allows Full Server Compromise

The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited

Infosecurity Magazine →