Live intelligence feed
2691 collected events across every source — vulnerabilities, rulemaking and (soon) advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
All sources
CISA KEV · 1644
NVD CVE · 603
News · 229
eCFR · 98
DoD CIO CMMC · 21
CISA advisory · 20
DC3 DCISE · 19
DOJ FCA · 16
Fed. Register · 11
DCSA · 10
Cyber AB docs · 10
NIST · 9
OIRA · 1
⊙ Subscribe (RSS)
this exact view — open in your feed reader
-
Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
-
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
-
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
-
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
-
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.
-
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
-
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
-
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
-
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
-
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
-
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...
-
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
-
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
-
The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).
-
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
-
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
-
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
-
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
-
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
-
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
-
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
-
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
-
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
-
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
-
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
-
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
-
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published...
-
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.
-
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
-
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
-
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
-
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
-
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
-
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
-
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
-
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
-
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
-
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
-
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
-
Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.