Live intelligence feed
2662 collected events across every source — vulnerabilities, rulemaking and (soon) advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
All sources
CISA KEV · 1642
NVD CVE · 596
News · 219
eCFR · 98
DoD CIO CMMC · 21
CISA advisory · 19
DC3 DCISE · 19
DOJ FCA · 16
DCSA · 10
Cyber AB docs · 10
NIST · 9
Fed. Register · 2
OIRA · 1
⊙ Subscribe (RSS)
this exact view — open in your feed reader
-
The Accenture Federal Technology Vision highlights four technology trends that will have significant impact on how government operates in the near future. Today we look at Trend #4, Computing the Impossible: New Machines, New Possibilities. When Intel...
-
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
-
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
-
The Accenture Federal Technology Vision 2022 highlights four technology trends that will have significant impact on how government operates in the near future. Today we look at Trend #3, The Unreal: Making Synthetic Authentic. Artificial intelligence (AI)...
-
By Bob Eckel, CEO, Aware Confirming the identification of the world’s most wanted man leaves no margin for error. In fact, when Osama bin Laden was killed in 2011, he was identified through facial recognition which was later confirmed by DNA analysis. Few...
-
By Melissa Trace, VP, Global Government Solutions at Forescout As we approach the upcoming midterm elections, U.S. officials are on high alert for bad actors looking to target election networks and devices. Both state and non-state threat actors view our...
-
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
-
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
-
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
-
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a...
-
The Accenture Federal Technology Vision highlights four technology trends that will have significant impact on how government operates in the near future. Today we look at Trend #2, Programmable World: Our Planet, Personalized. What is a “programmable...
-
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
-
By: Terry Halvorsen, general manager, U.S. Federal Market, IBM The pandemic accelerated digital transformation, amplifying both opportunities and risks. Remote workers, new devices, partners, and integrations open organizations in ways that can radically...
-
Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
-
By: Santiago Milian, Principal, Booz Allen; and Jenna Petersen, senior lead technologist, Booz Allen From housing assistance to community health to closing the digital divide, equity is on the agenda of multiple Federal agencies. But making Federal...
-
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.
-
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
-
By: John Dvorak, Chief Architect, North America Public Sector, Red Hat If you’re like many decision-makers in Federal agencies, you’ve begun to explore edge computing use cases. There are many reasons to push compute capability closer to the source of data...
-
The Accenture Federal Technology Vision 2022 analyzes four emerging technology trends that will have significant impact on how government operates in the near future. Today we look at Trend #1, WebMe: Putting the Me in Metaverse. In the wake of the...
-
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.
-
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the...
-
The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.
-
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
-
Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.
-
Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.
-
The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android.
-
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
-
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
-
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
-
By Chris Copeland, Chief Technology Officer, Accenture Federal Services; and Kyle Michl, Chief Innovation Officer, Accenture Federal Services Both the public and private sector embraced technology to an unprecedented level in their response to the COVID-19...
-
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.
-
Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple...
-
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware...
-
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
-
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
-
In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
-
Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
-
Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
-
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
-
The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.