Live intelligence feed
2692 collected events across every source — vulnerabilities, rulemaking and (soon) advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
All sources
CISA KEV · 1644
NVD CVE · 603
News · 229
eCFR · 98
CISA advisory · 21
DoD CIO CMMC · 21
DC3 DCISE · 19
DOJ FCA · 16
Fed. Register · 11
DCSA · 10
Cyber AB docs · 10
NIST · 9
OIRA · 1
⊙ Subscribe (RSS)
this exact view — open in your feed reader
-
Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.
-
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
-
The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.
-
An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
-
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
-
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.
-
A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
-
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
-
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
-
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
-
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
-
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.
-
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.
-
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.
-
Congressional and White House mandates have put digital transformation at the top of to-do lists across the Federal government for many years now – from Cloud Smart strategies to the recent Executive Order on Improving the Nation’s Cybersecurity. These...
-
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
-
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
-
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
-
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
-
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
-
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
-
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets...
-
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.
-
Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.
-
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
-
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
-
Equitable service delivery is at the center of today’s government mission, with executive orders spurring a holistic evaluation of agency practices, programs, and policies. Leaders across Federal agencies are committed to providing value to all people when...
-
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
-
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
-
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
-
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
-
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
-
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
-
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
-
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...
-
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
-
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of...
-
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari...
-
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
-
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.