Live intelligence feed
2692 collected events across every source — vulnerabilities, rulemaking and (soon) advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
All sources
CISA KEV · 1644
NVD CVE · 603
News · 229
eCFR · 98
CISA advisory · 21
DoD CIO CMMC · 21
DC3 DCISE · 19
DOJ FCA · 16
Fed. Register · 11
DCSA · 10
Cyber AB docs · 10
NIST · 9
OIRA · 1
⊙ Subscribe (RSS)
this exact view — open in your feed reader
-
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
-
252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.
-
From pandemic relief bills to the cybersecurity executive order and the bipartisan infrastructure bill, Federal agencies have a wealth of mandates and opportunities to create new programs. While each of these executive and legislative actions feature...
-
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.
-
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.
-
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
-
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
-
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
-
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
-
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
-
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
-
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
-
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
-
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
-
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
-
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
-
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
-
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
-
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
-
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
-
The Department of Defense (DoD) last month released its Software Modernization Strategy, an important step to unifying existing technology and directing a more joint approach to systems of the future. It notes that our competitive posture is “reliant on...
-
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
-
If and when the COVID pandemic fades into history, the shift toward remote and hybrid work is poised to persist. In an April 2021 Forrester Consulting survey of more than 1,300 security leaders, business executives, and remote workers, 70 percent said...
-
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can...
-
In today’s digital age, it’s clear that artificial intelligence (AI) and machine learning (ML) will be a part of all digital transformation journeys - including those of government.
-
The Federal government has recently taken new steps towards creating a zero trust security environment, building on last May’s Executive Order on Improving the Nation’s Cybersecurity (EO) aimed at advancing the standards by which we protect our federal...
-
Comprehensive Health Services LLCSettled $930K — falsely represented compliance with contractual cybersecurity requirements for medical services at U.S. government facilities in Iraq and Afghanistan.
-
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
-
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
-
A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
-
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
-
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
-
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
-
NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.
-
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.
-
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
-
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
-
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
-
An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
-
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.