Step-by-step remediation for 21,649 known vulnerabilities — every CISA Known Exploited Vulnerability and the most-impactful CVEs from 2002 through 2026. Every guide includes runnable Linux apt/dnf, Windows PowerShell, and Bash commands. No vendor redirects.
21,649 fix guides published ⚠ 1,601 actively exploited (CISA KEV)CVE-2026-0300 - Out-of-Bounds Write in Cloud NGFW. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-1281 - Code Injection in Endpoint Manager Mobile. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-1340 - Code Injection in Endpoint Manager Mobile. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-1731 - OS Command Injection in Remote Support(RS) & Privileged Remote Access(PRA). Runnable patch commands and verification on this
CVE-2026-20127 - Authentication Bypass in Cisco Catalyst SD-WAN Manager. Runnable patch commands, mitigation snippets, and verification step
CVE-2026-20131 - Insecure Deserialization in Cisco Secure Firewall Management Center (FMC). Runnable patch commands and verification on this
CVE-2026-20182 - Authentication Bypass in Cisco Catalyst SD-WAN Manager. Runnable patch commands, mitigation snippets, and verification step
CVE-2026-20963 - Insecure Deserialization in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this p
CVE-2026-21643 - SQL Injection in FortiClientEMS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-22769 - Hardcoded Credentials in RecoverPoint for Virtual Machines. Runnable patch commands and verification on this page.
CVE-2026-23760 - Remote Code Execution in SmarterMail. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-24061 - Authentication Bypass in Inetutils. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-24423 - Missing Authentication in SmarterMail. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-24858 - Authentication Bypass in FortiOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-3055 - Out-of-Bounds Read in ADC. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-33017 - Code Injection in langflow. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-33634 - Remote Code Execution in setup-trivy. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-35616 - Improper Access Control in FortiClientEMS. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2026-39987 - Missing Authentication in marimo. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-41940 - Missing Authentication in cPanel. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-42208 - SQL Injection in litellm. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-9082 - SQL Injection in Drupal core. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-1603 - Authentication Bypass in Endpoint Manager. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-20045 - Code Injection in Cisco Unified Communications Manager. Runnable patch commands, mitigation snippets, and verification step
CVE-2026-20128 - Security Vulnerability in Cisco Catalyst SD-WAN Manager. Runnable patch commands and verification on this page.
CVE-2026-20700 - Denial of Service in iOS and iPadOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-21385 - Integer Overflow in Snapdragon. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-21509 - Security Bypass in Microsoft 365 Apps for Enterprise. Runnable patch commands, mitigation snippets, and verification steps
CVE-2026-21510 - Security Vulnerability in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-21513 - Security Vulnerability in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-21514 - Security Vulnerability in Microsoft 365 Apps for Enterprise. Runnable patch commands and verification on this page.
CVE-2026-21519 - Remote Code Execution in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2026-21533 - Privilege Escalation in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2026-22719 - Command Injection in VMware Aria Operations. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2026-2441 - Use-After-Free in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-25108 - OS Command Injection in FileZen. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-31431 - Remote Code Execution in Linux. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-33825 - Security Vulnerability in Microsoft Defender Antimalware Platform. Runnable patch commands and verification on this page.
CVE-2026-34197 - Improper Input Validation in Apache ActiveMQ Broker. Runnable patch commands, mitigation snippets, and verification steps o
CVE-2026-34621 - Security Vulnerability in Acrobat Reader. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-3502 - Security Vulnerability in TrueConf Client. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-3909 - Out-of-Bounds Write in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-3910 - Security Vulnerability in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-41091 - Security Vulnerability in Microsoft Malware Protection Engine. Runnable patch commands and verification on this page.
CVE-2026-42897 - Cross-Site Scripting in Microsoft Exchange Server 2016 Cumulative Update 23. Runnable patch commands and verification on th
CVE-2026-5281 - Use-After-Free in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-6973 - Improper Input Validation in Endpoint Manager Mobile. Runnable patch commands, mitigation snippets, and verification steps o
CVE-2026-20122 - Security Vulnerability in Cisco Catalyst SD-WAN Manager. Runnable patch commands and verification on this page.
CVE-2026-20133 - Information Disclosure in Cisco Catalyst SD-WAN Manager. Runnable patch commands and verification on this page.
CVE-2026-20805 - Information Disclosure in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-21525 - Null Pointer Dereference in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps o
CVE-2026-32201 - Improper Input Validation in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this
CVE-2026-32202 - Security Vulnerability in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-34926 - Relative Path Traversal in TrendAI Apex One. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2026-45498 - Denial of Service in Microsoft Defender Antimalware Platform. Runnable patch commands and verification on this page.
CVE-2025-0282 is a stack-based buffer overflow in Connect Secure. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-10035 is an unsafe deserialization in GoAnywhere MFT. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-11953 is an OS command injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-12480 is an access control bypass in TrioFox. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-1316 is an OS command injection in IC-7100 IP Camera. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-14733 is an OS command injection in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-20281 is the second of two unauth RCE bugs in Cisco ISE 3.3.0. Same patch as CVE-2025-20337. Here are the verified upgrade steps.
CVE-2025-20333 affects the VPN web server in Cisco Secure Firewall ASA. CVSS 9.9 Critical and listed in CISA KEV. Patch steps inside.
CVE-2025-20337 lets an unauthenticated attacker run code as root on Cisco ISE 3.3 and ISE-PIC 3.2 via the management API. Patch steps and ve
CVE-2025-20393 lets an unauthenticated attacker run code on Cisco Secure Email Gateway and Web Manager via the Spam Quarantine API. Here's t
CVE-2025-22224 is an out-of-bounds write in ESXi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-22457 is a stack-based buffer overflow in Connect Secure. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-24016 is an unsafe deserialization in wazuh. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-24893 is a code injection in xwiki-platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-25257 is an SQL injection in Fortinet FortiWeb's management interface. CVSS 9.6 Critical. Patched builds and CLI lockdown.
CVE-2025-26399 lets an unauthenticated attacker exploit a deserialization flaw in SolarWinds Web Help Desk. Patched build and upgrade proced
CVE-2025-2746 is an authentication bypass in Xperience. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-2747 is an authentication bypass in Xperience. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-2775 is a XML external entity (XXE) in SysAid On-Prem. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2025-2776 is a XML external entity (XXE) in SysAid On-Prem. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2025-30406 is an unsafe deserialization in CentreStack. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2025-31161 is an authentication bypass in CrushFTP. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-31324 lets an unauthenticated attacker upload malicious binaries to SAP NetWeaver Visual Composer Metadata Uploader. Patch and lock
CVE-2025-32432 is a code injection in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-32433 is an authentication bypass in otp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-32463 is a local privilege escalation in Sudo. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-3248 is an authentication bypass in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-32756 is a critical stack buffer overflow across FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Patched builds in
CVE-2025-32975 is an authentication bypass flaw in KACE Systems Management Appliance (SMA). Verified patched version and mitigations from th
CVE-2025-34026 is an authentication bypass in Concerto. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-34028: a path traversal in Command Center Innovation Release. Patched version and vendor advisory inside.
CVE-2025-34291 is a vulnerability in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-37164 is a vulnerability in HPE OneView. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-40551 is another untrusted deserialization flaw in SolarWinds Web Help Desk. Same advisory and same patched release as CVE-2025-263
CVE-2025-42599 is a stack-based buffer overflow in Active! mail 6. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-42999: an unsafe deserialization in SAP NetWeaver (Visual Composer developme. Patched version and vendor advisory inside.
CVE-2025-4632 is a path traversal in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-47812 is an improper input validation in Wing FTP Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-48703 is an OS command injection in CentOS Web Panel. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-49113 is an unsafe deserialization in Webmail. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-5086 is an unsafe deserialization in DELMIA Apriso. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-52691 is a vulnerability in SmarterMail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-53521 affects F5 BIG-IP APM virtual servers with access policies. CVSS 9.8 Critical. Patch and mitigation steps.
CVE-2025-53690: an unsafe deserialization in Experience Manager (XM). Patched version and vendor advisory inside.
CVE-2025-53770 - Insecure Deserialization in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this p
CVE-2025-54068 is a code injection in livewire. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-54236 is an improper input validation in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-54253 lets an attacker bypass authorization in Adobe Experience Manager Forms 6.5.23 and earlier and run arbitrary code. Here's how
CVE-2025-54309 is a vulnerability in CrushFTP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-54948 is an OS command injection in Trend Micro Apex One. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-55182: an unsafe deserialization in react-server-dom-webpack. Patched version and vendor advisory inside.
CVE-2025-5777 is a path traversal in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-57819 is a SQL injection in endpoint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-59287 - Insecure Deserialization in Windows Server 2012. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-59374 is a vulnerability in live update. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-59718 is an access control bypass in FortiSwitchManager. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-61757 - Security Vulnerability in Identity Manager. Runnable patch commands, mitigation snippets, and verification steps on this pa
CVE-2025-61882 - Security Vulnerability in Oracle Concurrent Processing. Runnable patch commands, mitigation snippets, and verification step
CVE-2025-61932: a code injection in Lanscope Endpoint Manager (On-Premises) . Patched version and vendor advisory inside.
CVE-2025-6205 is a vulnerability in DELMIA Apriso. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-64446 is a relative path traversal in Fortinet FortiWeb 8.0.x. CVSS 9.4 Critical. Patched build and lockdown.
CVE-2025-6543 is a denial of service in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-68613 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-7775 is a denial of service in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-8875 is an unsafe deserialization in N-central. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-8876 is an OS command injection in N-central. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-9242 is an OS command injection in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-0108 is an authentication bypass in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-0111 is an arbitrary file read in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-0411 is a Protection Mechanism Failure flaw in 7-zip 7-Zip. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-0994 is a Insecure Deserialization flaw in Trimble Cityworks. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2025-11371 is a security vulnerability flaw in CentreStack and TrioFox. Verified patched version and mitigations from the official advis
CVE-2025-14611: Security Vulnerability in Gladinet CentreStack and TrioFox. Patched builds and fix steps.
CVE-2025-14847 is an information disclosure in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-15556: Download of Code Without Integrity Check in Notepad-plus-plus notepad-plus-plus. Patched builds and fix steps.
CVE-2025-1976 is a code injection in Fabric OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-20352 is a stack-based buffer overflow in IOS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-21042 is an out-of-bounds write in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm t
CVE-2025-21043 is an out-of-bounds write in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm t
CVE-2025-21333 - Heap Buffer Overflow in Windows 10 Version 21H2. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-21334 - Use-After-Free in Windows 10 Version 21H2. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-21335 - Use-After-Free in Windows 10 Version 21H2. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-21391 - Privilege Escalation in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-21418 - Heap Buffer Overflow in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-21479 is an access control bypass in Snapdragon. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-21480 is an access control bypass in Snapdragon. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-22225 is a Security Vulnerability flaw in N/a VMware Cloud Foundation. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-22226 is a Out-of-Bounds Memory Access flaw in N/a ESXi. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-23209 is a Code Injection flaw in Craftcms cms. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-24472 is an authentication bypass in FortiProxy. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-24983 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-24985 - Integer Overflow in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2025-24989 - Improper Access Control in Microsoft Power Pages. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2025-24990 - Security Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-24993 - Heap Buffer Overflow in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-26633 - Security Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-27038 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2025-27363 is a Out-of-Bounds Memory Access flaw in Freetype FreeType. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2025-2749 is a Path Traversal flaw in Kentico Xperience. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-27920 is a Path Traversal: '../filedir' flaw in Srimax Output Messenger. Actively exploited per CISA KEV. Verified patched builds a
CVE-2025-29635 is a command injection flaw in DIR-823X. Verified patched version and mitigations from the official advisory.
CVE-2025-29824 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-30066 - Security Vulnerability in changed-files. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2025-30154 is a vulnerability in reviewdog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-30397 - Remote Code Execution in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2025-30400 - Use-After-Free in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-32701 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-32706 - Improper Input Validation in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps
CVE-2025-32709 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-33053 - Security Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-33073 - Improper Access Control in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-3928 is a vulnerability in Web Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-3935 is a Insecure Deserialization flaw in Connectwise ScreenConnect. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-4008 is an OS command injection in MeteoBridge. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-40536 is an authentication bypass in Web Help Desk. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-41244 is a local privilege escalation in VCF operations. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-4428 is a code injection in Endpoint Manager Mobile. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-48384 is an interpretation conflict in git. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-49704 - Code Injection in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this page.
CVE-2025-54313: Embedded Malicious Code in Prettier eslint-config-prettier. Patched builds and fix steps.
CVE-2025-58360 is a XXE Injection flaw in Geoserver geoserver. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-59230 - Improper Access Control in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-60710 - Security Vulnerability in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-61884 - Server-Side Request Forgery in Oracle Configurator. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-6204 is a Code Injection flaw in Dassault Systèmes DELMIA Apriso. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2025-6218 is a Path Traversal flaw in Rarlab WinRAR. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-62215 - Remote Code Execution in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2025-62221 - Use-After-Free in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-64328 is an OS command injection in filestore. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-66376 is a Cross-Site Scripting flaw in Zimbra Collaboration. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2025-66644 is a OS Command Injection flaw in Array Networks ArrayOS AG. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2025-68461 is a Cross-Site Scripting flaw in Roundcube Webmail. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-68645 is a security vulnerability flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offic
CVE-2025-8088 is a Path traversal flaw in Win.rar Gmbh WinRAR. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-8110 is a path traversal in Gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-9377 is an OS command injection in Archer C7(EU) V2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-20362: a vulnerability in Cisco Secure Firewall Adaptive Security . Patched version and vendor advisory inside.
CVE-2025-21590: Improper Isolation or Compartmentalization in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2025-24054 - Spoofing Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-24984 - Information Disclosure in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-24991 - Out-of-Bounds Read in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2025-25181 is a SQL Injection flaw in Advantive VeraCore. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-27915 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2025-31125 is a Information Disclosure flaw in Vitejs vite. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-35939: External Control of Assumed-Immutable Web Parameter in Craft CMS. Patched builds and fix steps.
CVE-2025-4427 is a Authentication Bypass flaw in Ivanti Endpoint Manager Mobile. Actively exploited per CISA KEV. Verified patched builds an
CVE-2025-47813: Generation of Error Message Containing Sensitive Information in Wftpserver Wing FTP Server. Patched builds and fix steps.
CVE-2025-47827 is a security vulnerability flaw in In IGEL OS. Verified patched version and mitigations from the official advisory.
CVE-2025-48700 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2025-48927 is a Insecure Default Configuration flaw in Telemessage service. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-48928: Exposure of Core Dump File to an Unauthorized Control Sphere in Telemessage service. Patched builds and fix steps.
CVE-2025-49706 - Authentication Bypass in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this page
CVE-2025-55177: Security Vulnerability in Facebook WhatsApp Business for iOS. Patched builds and fix steps.
CVE-2025-58034 is an OS command injection in FortiWeb. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-59689 is a Command Injection flaw in Libraesva Email Security Gateway. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-47729 is a hidden functionality flaw in archiving backend. Verified patched version and mitigations from the official advisory.
CVE-2025-10585 is a Type Confusion flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-13223 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-14174 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2025-23006 is a Insecure Deserialization flaw in Sonicwall SMA1000. Actively exploited per CISA KEV. Verified patched builds and fix ste
CVE-2025-24085 is a Use-After-Free flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-24200 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-24201 is a Out-of-Bounds Memory Access flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2025-24813: Path Equivalence: 'file.name' in Apache Software Foundation Apache Tomcat. Patched builds and fix steps.
CVE-2025-2783 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-31200 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-31201 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-31277 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-38352 is a Security Vulnerability flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-40602 is a Missing Authorization flaw in Sonicwall SMA1000. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43200 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43300 is a Out-of-Bounds Memory Access flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and f
CVE-2025-43510 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43520 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43529 is a Use-After-Free flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-48543 is a Use-After-Free flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-48572 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-48633 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-5419 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2025-6554 is a Type Confusion flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-6558 is a Improper Input Validation flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-0012 is an authentication bypass in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-11120 is an OS command injection in GV-VS12. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-11680 is an authentication bypass in ProjectSend. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-1212 is an OS command injection in LoadMaster. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-12356 is an OS command injection in Remote Support. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2024-13159 is one of three matched Ivanti EPM path traversals fixed in the January 2025 Security Update. Same patch as CVE-2024-13161.
CVE-2024-13160 is one of three matched Ivanti EPM path traversals fixed in the January 2025 Security Update. Same patch as CVE-2024-13161.
CVE-2024-13161 is an absolute path traversal in Ivanti EPM. Part of the January 2025 Security Update bundle. Patch level and verification.
CVE-2024-1709 is an authentication bypass in ScreenConnect. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2024-20439 lets an unauthenticated attacker use static admin credentials in Cisco Smart Licensing Utility (CSLU). Patch and credential r
CVE-2024-21410 improper authentication in Microsoft Exchange Server 2016 Cumulative Update 23. Runnable upgrade commands and verification st
CVE-2024-21413 - Improper Input Validation in Microsoft Office 2019. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-21762 is the FortiOS sslvpnd out-of-bounds write affecting hundreds of thousands of FortiGates. Patched versions and SSL VPN disabl
CVE-2024-21887 is an OS command injection in ICS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-23113 is the FortiOS format string flaw in the fgfmd daemon that allows unauthenticated RCE. Affected versions, patched builds, IoC
CVE-2024-23692: a server-side template injection in HTTP File Server. Patched version and vendor advisory inside.
CVE-2024-27198 is an authentication bypass in TeamCity. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-28986 is the SolarWinds Web Help Desk Java deserialization flaw, the first of the SolarWinds WHD trio. Hotfix and verification step
CVE-2024-28987 is a hard-coded credentials in Web Help Desk. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2024-29824 is an unauth SQL injection in Ivanti Endpoint Manager Core server. Public PoC exists. Patched build per the Ivanti advisory.
CVE-2024-3272 is a hard-coded credentials in DNS-320L. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2024-3400 is the Palo Alto PAN-OS GlobalProtect zero-day that allowed unauthenticated command injection. Patch versions, hotfix steps, a
CVE-2024-34102 (CosmicSting) is the Adobe Commerce / Magento XXE that chains to unauthenticated RCE. Affected versions, patch and Cosmic Sti
CVE-2024-36401 is a code injection in geoserver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-37079 is a vulnerability in VMware vCenter Server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2024-38812 is a path traversal in VMware vCenter Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2024-4040 is a server-side template injection in CrushFTP. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2024-40711 lets unauthenticated attackers run code on Veeam Backup & Replication. Used by Akira and Fog ransomware. Patched build and ve
CVE-2024-41713 is a path traversal flaw in MiCollab. Verified patched version and mitigations from the official advisory.
CVE-2024-42009 is a cross-site scripting flaw in Webmail. Verified patched version and mitigations from the official advisory.
CVE-2024-43468 - SQL Injection in Microsoft Configuration Manager. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2024-4358 is an authentication bypass in Telerik Report Server. Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-45519 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-4577 is an OS command injection in PHP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-47575 (FortiJump) lets an attacker register a rogue FortiGate to FortiManager and execute code. Patch versions and forensic IoC ste
CVE-2024-4879 is an authentication bypass in Now Platform. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-4885 is a path traversal in WhatsUp Gold. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-50603 is an OS command injection in Controller. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-50623 is an unrestricted file upload flaw in In Cleo Harmony. Verified patched version and mitigations from the official advisory.
CVE-2024-51378 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-51567 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-5217 is a vulnerability in Now Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-54085 is an authentication bypass in MegaRAC-SPx. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-55591 lets unauthenticated attackers gain super-admin via the FortiOS/FortiProxy WebSocket node.js module. Patched builds and hunt
CVE-2024-55956 is a security vulnerability flaw in In Cleo Harmony. Verified patched version and mitigations from the official advisory.
CVE-2024-56145 is a code injection in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-57726 is a security vulnerability flaw in SimpleHelp remote support. Verified patched version and mitigations from the official adv
CVE-2024-57727 is a path traversal flaw in SimpleHelp remote support. Verified patched version and mitigations from the official advisory.
CVE-2024-57968 is an unrestricted file upload in VeraCore. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-58136 is an authentication bypass in Yii. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-5910 is an authentication bypass in Expedition. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-6047 is an OS command injection in GV_DSP_LPR_V2. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2024-6670 is a SQL injection in WhatsUp Gold. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-7262 is a path traversal in WPS Office. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-7593 lets an unauthenticated attacker bypass auth on Ivanti Virtual Traffic Manager (vTM) admin and create a new admin user. Patche
CVE-2024-8956 is an authentication bypass in PT30X-SDI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-8963 is a path traversal in CSA (Cloud Services Appliance). Verified patched version, official vendor advisory, and how to confirm
CVE-2024-9463 lets an unauthenticated attacker run OS commands on Palo Alto Networks Expedition migration tool. Patch and isolation steps.
CVE-2024-9465 is a SQL injection in Expedition. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-9537 is a vulnerability in SL1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-9680 is a memory corruption flaw in Firefox, Firefox ESR, Thunderbird. Verified patched version and mitigations from the official a
CVE-2024-1086 is an use-after-free in Kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-11667 is a Path Traversal flaw in Zyxel ATP series firmware. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-1708 is a Path Traversal flaw in Connectwise ScreenConnect. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-20353: a denial of service in Cisco Adaptive Security Appliance (ASA) . Patched version and vendor advisory inside.
CVE-2024-20767 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2024-20953 - Insecure Deserialization in Agile PLM Framework. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-21287 - Security Vulnerability in Oracle Agile PLM Framework. Runnable patch commands, mitigation snippets, and verification steps
CVE-2024-21338 is a untrusted pointer dereference in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify
CVE-2024-21351 improper control of generation of code ('code injection') in Windows 11 Version 23H2. Runnable upgrade commands and verificat
CVE-2024-21412 is a protection mechanism failure in Windows 11 Version 21H2. Patched version, runnable upgrade commands, and how to verify t
CVE-2024-21893 is a vulnerability in ICS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-24919: an information disclosure in Check Point Quantum Gateway. Patched version and vendor advisory inside.
CVE-2024-26169 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-27199 is a Path Traversal flaw in Jetbrains TeamCity. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-28995 is a path traversal in SolarWinds Serv-U. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-29059 - Information Disclosure in Microsoft .NET Framework 4.8. Runnable patch commands, mitigation snippets, and verification step
CVE-2024-29988 is a protection mechanism failure in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify t
CVE-2024-30040 is a improper input validation in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2024-30051 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2024-30088 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-3273 is a Command Injection flaw in D-link DNS-320L. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-3393 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2024-35250 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38014 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38080 - Integer Overflow in Windows Server 2022. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2024-38094 - Insecure Deserialization in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this p
CVE-2024-38106 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38107 - Use-After-Free in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2024-38112 - Spoofing Vulnerability in Windows 10 Version 22H2. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-38178 - Memory Corruption in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2024-38189 - Improper Input Validation in Microsoft Office 2019. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-38193 - Use-After-Free in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2024-38226 - Security Vulnerability in Microsoft Office 2019. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-38813: Improper Check for Dropped Privileges in N/a VMware Cloud Foundation. Patched builds and fix steps.
CVE-2024-40890 is an OS command injection in VMG4325-B10A firmware. Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-40891 is an OS command injection in VMG4325-B10A firmware. Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-43047 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-43461 - Spoofing Vulnerability in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-43572 - Remote Code Execution in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2024-4610 is an use-after-free flaw in Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver. Verified patched version and mitigations fr
CVE-2024-48248 is a path traversal in Backup & Replication Director. Verified patched version, official vendor advisory, and how to confirm
CVE-2024-49035 - Privilege Escalation in Microsoft Partner Center. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2024-49039 - Authentication Bypass in Windows Server 2025. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2024-49138 - Heap Buffer Overflow in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-4978 is a Embedded Malicious Code flaw in Justice Av Solutions Viewer. Actively exploited per CISA KEV. Verified patched builds and
CVE-2024-57728 is a path traversal flaw in SimpleHelp remote support. Verified patched version and mitigations from the official advisory.
CVE-2024-7399 is a path traversal in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2024-7694: Unrestricted File Upload in Teamt5 ThreatSonar Anti-Ransomware. Patched builds and fix steps.
CVE-2024-8190: an OS command injection in CSA (Cloud Services Appliance). Patched version and vendor advisory inside.
CVE-2024-8957 is a OS Command Injection flaw in Ptzoptics PT30X-NDI. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-9380: an OS command injection in CSA (Cloud Services Appliance). Patched version and vendor advisory inside.
CVE-2024-0769 is a Path Traversal flaw in D-link DIR-859. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-11182 is a Cross-Site Scripting flaw in Mdaemon Email Server. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2024-12686: OS Command Injection in Beyondtrust Remote Support(RS) & Privileged Remote Access(PRA). Patched builds and fix steps.
CVE-2024-12987 is a OS Command Injection flaw in Draytek Vigor2960. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-20359: a code injection in Cisco Adaptive Security Appliance (ASA) . Patched version and vendor advisory inside.
CVE-2024-20399 is an OS command injection in Cisco NX-OS Software. Verified patched version, official vendor advisory, and how to confirm th
CVE-2024-20481: an OS command injection in Cisco Adaptive Security Appliance (ASA) . Patched version and vendor advisory inside.
CVE-2024-27443 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2024-37085 is a Authentication Bypass flaw in N/a VMware Cloud Foundation. Actively exploited per CISA KEV. Verified patched builds and
CVE-2024-37383 is a cross-site scripting flaw in Roundcube Webmail. Verified patched version and mitigations from the official advisory.
CVE-2024-38213 - Security Bypass in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pa
CVE-2024-38217 - Security Vulnerability in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2024-39717 is a Security Vulnerability flaw in Versa Director. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-39891 is a Security Vulnerability flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-41710 is a security vulnerability flaw in SIP Phones. Verified patched version and mitigations from the official advisory.
CVE-2024-43451 - Spoofing Vulnerability in Windows Server 2025. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2024-43573 - Cross-Site Scripting in Windows 10 Version 22H2. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2024-55550 is a remote code execution flaw in Mitel MiCollab through. Verified patched version and mitigations from the official advisor
CVE-2024-8068 is a Privilege Escalation flaw in Citrix Citrix Session Recording. Actively exploited per CISA KEV. Verified patched builds an
CVE-2024-8069: Insecure Deserialization in Citrix Session Recording Citrix Session Recording. Patched builds and fix steps.
CVE-2024-9379 is a SQL injection in CSA (Cloud Services Appliance). Verified patched version, official vendor advisory, and how to confirm t
CVE-2024-9474 is an OS command injection in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2024-0519 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-23222 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-23225 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-23296 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-23897 is a Security Vulnerability flaw in Jenkins Project Jenkins. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2024-27348: Command Execution Vulnerability in Apache Software Foundation Apache HugeGraph-Server. Patched builds and fix steps.
CVE-2024-29745 is a Information Disclosure flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-29748 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-32113 is a Path Traversal flaw in Apache Software Foundation Apache OFBiz. Actively exploited per CISA KEV. Verified patched builds
CVE-2024-32896 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-36971 is a Remote Code Execution flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-38475: Improper Encoding or Escaping of Output in Apache Software Foundation Apache HTTP Server. Patched builds and fix steps.
CVE-2024-38856: Incorrect Authorization in Apache Software Foundation Apache OFBiz. Patched builds and fix steps.
CVE-2024-40766 is a Improper Access Control flaw in Sonicwall SonicOS. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2024-43093 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-44308 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-44309 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-45195 is a Direct Request flaw in Apache Software Foundation Apache OFBiz. Actively exploited per CISA KEV. Verified patched builds
CVE-2024-4671 is a Use-After-Free flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-4761 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2024-4947 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-50302 is a Security Vulnerability flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-5274 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53104 is a Out-of-Bounds Memory Access flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53150 is a Out-of-Bounds Memory Access flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53197 is a Out-of-Bounds Memory Access flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-53704 is a Authentication Bypass flaw in Sonicwall SonicOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-7965 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2024-7971 is a Type Confusion flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-1671 is an OS command injection in Sophos Web Appliance. Verified patched version, official vendor advisory, and how to confirm the
CVE-2023-20198 is the Cisco IOS XE web UI vulnerability that gave unauthenticated attackers full admin access. Affected versions, fix builds
CVE-2023-20887 is a remote code execution flaw in Aria Operations for Networks (Formerly vRealize Network Insight). Verified patched version
CVE-2023-2136 is an integer overflow flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2023-22515 is the Confluence Data Center / Server zero-day that let attackers create admin accounts unauthenticated. Patched versions an
CVE-2023-22518 lets an unauthenticated attacker reset Confluence and create new admin accounts. Affected versions, patched builds, recovery
CVE-2023-22527 is the Confluence Data Center / Server template injection that gives unauthenticated RCE. Affected versions, fixed versions,
CVE-2023-23397 is a improper input validation in Microsoft Office Ltsc 2021. Patched version, runnable upgrade commands, and how to verify t
CVE-2023-24489 lets unauthenticated attackers compromise the Citrix ShareFile customer-managed Storage Zones Controller. Patched build and u
CVE-2023-25280 is a command injection flaw in DIR-820 Router. Verified patched version and mitigations from the official advisory.
CVE-2023-25717 is a remote code execution flaw in Ruckus Wireless Admin through. Verified patched version and mitigations from the official
CVE-2023-26359 is the first in the 2023 Adobe ColdFusion deserialization series. Same Lockdown Guide hardening as CVE-2023-29300.
CVE-2023-27350 is an access control bypass in NG. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-27992 is an OS command injection in NAS326 firmware. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2023-27997 is a path traversal in FortiOS-6K7K. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-28461 is a remote code execution flaw in AG/vxAG ArrayOS. Verified patched version and mitigations from the official advisory.
CVE-2023-2868: an OS command injection in Barracuda Email Security Gateway. Patched version and vendor advisory inside.
CVE-2023-28771: an OS command injection in ZyWALL/USG series firmware. Patched version and vendor advisory inside.
CVE-2023-29300 is the Adobe ColdFusion Wddx deserialization RCE. Affected versions, patched builds, and lockdown.html considerations.
CVE-2023-29357 incorrect implementation of authentication algorithm in Microsoft Sharepoint Server 2019. Runnable upgrade commands and verif
CVE-2023-29492 is a security vulnerability flaw in Novi Survey. Verified patched version and mitigations from the official advisory.
CVE-2023-33009 is a vulnerability in ATP series firmware. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-33010 is a vulnerability in ATP series firmware. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-34048 is the vCenter DCERPC out-of-bounds write, UNC3886 used it as a zero-day for two years. Patched builds and Linux Service Cons
CVE-2023-34192 is a security vulnerability flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offic
CVE-2023-34362 is a sql injection flaw in In Progress MOVEit Transfer. Verified patched version and mitigations from the official advisory.
CVE-2023-35078 is the Ivanti EPMM zero-day used against Norwegian government ministries in 2023. Affected versions, patched builds, and IoC
CVE-2023-35082 lets unauthenticated attackers access restricted Ivanti EPMM 11.10 and earlier (and legacy MobileIron Core) APIs. Upgrade and
CVE-2023-3519 is the Citrix NetScaler / ADC / Gateway zero-day used to compromise US critical infrastructure in 2023. Patched versions and I
CVE-2023-36845 is an arbitrary file read in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-38203 is one of the ColdFusion 2018u17 / 2021u7 deserialization siblings. Same patch as CVE-2023-29300.
CVE-2023-40044 is an unsafe deserialization in WS_FTP Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2023-41265 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-42793 is an authentication bypass in TeamCity. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2023-43208 is a remote code execution flaw in NextGen Healthcare Mirth Connect. Verified patched version and mitigations from the offici
CVE-2023-45249: a default credentials in Acronis Cyber Infrastructure. Patched version and vendor advisory inside.
CVE-2023-46604 lets a remote attacker run code on Apache ActiveMQ via the OpenWire protocol. Patched versions, upgrade steps, and Kinsing/ra
CVE-2023-46747 lets unauthenticated attackers bypass the F5 BIG-IP Configuration Utility (TMUI). Patched builds and TMUI lockdown procedure.
CVE-2023-47246 is a path traversal flaw in In SysAid On-Premise. Verified patched version and mitigations from the official advisory.
CVE-2023-48365 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-48788 is a SQL injection in FortiClientEMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-49103 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-4966 is a memory corruption in NetScaler ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2023-6448 is an insecure default configuration in VisiLogic. Verified patched version, official vendor advisory, and how to confirm the
CVE-2023-7028 lets an attacker hijack any GitLab account by sending the password reset email to their own address. Patch and audit steps for
CVE-2023-0266 is an use-after-free in Linux Kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-0386 is a security vulnerability flaw in Kernel. Verified patched version and mitigations from the official advisory.
CVE-2023-0669 is an insecure deserialization flaw in Goanywhere MFT. Verified patched version and mitigations from the official advisory.
CVE-2023-1389 is a command injection flaw in TP-Link Archer AX21 (AX1800). Verified patched version and mitigations from the official adviso
CVE-2023-20273 is an OS command injection in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm t
CVE-2023-2033 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2023-20963 is a remote code execution flaw in Android. Verified patched version and mitigations from the official advisory.
CVE-2023-21529 - Insecure Deserialization in Microsoft Exchange Server 2019 Cumulative Update 12. Runnable patch commands and verification o
CVE-2023-21608 is an use-after-free in Acrobat Reader. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2023-21674 is a use after free in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2023-21715 incorrect authorization in Microsoft 365 Apps For Enterprise. Runnable upgrade commands and verification steps for sysadmins.
CVE-2023-21823 integer overflow or wraparound in Microsoft Office For Android. Runnable upgrade commands and verification steps for sysadmin
CVE-2023-21839 missing authentication for critical function in Weblogic Server. Runnable upgrade commands and verification steps for sysadmi
CVE-2023-22952 is a security vulnerability flaw in In SugarCRM. Verified patched version and mitigations from the official advisory.
CVE-2023-23376 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-23529 is a remote code execution flaw in Safari, iOS and iPadOS, macOS. Verified patched version and mitigations from the official
CVE-2023-24955 improper control of generation of code ('code injection') in Microsoft Sharepoint Enterprise Server 2016. Runnable upgrade co
CVE-2023-2533 is a Cross-Site Request Forgery flaw in Papercut PaperCut NG/MF. Actively exploited per CISA KEV. Verified patched builds and
CVE-2023-26360 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-26369 is an OS command injection in Acrobat Reader. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2023-27351 is a Authentication Bypass flaw in Papercut NG. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-27524: an insecure default configuration in Apache Superset. Patched version and vendor advisory inside.
CVE-2023-27532 is a missing authentication flaw in Veeam Backup & Replication. Verified patched version and mitigations from the official ad
CVE-2023-28205 is a remote code execution flaw in Safari, iOS and iPadOS, macOS. Verified patched version and mitigations from the official
CVE-2023-28206 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2023-28229 sensitive data storage in improperly locked memory in Windows 10 Version 1809. Runnable upgrade commands and verification ste
CVE-2023-28252 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-28432 is a Information Disclosure flaw in Minio minio. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-28434 is a vulnerability in minio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-29298 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-29336 is a use after free in Windows 10 Version 1507. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2023-29360 is a untrusted pointer dereference in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify
CVE-2023-29552 is a security vulnerability flaw in Service Location Protocol (SLP). Verified patched version and mitigations from the offici
CVE-2023-32046 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-32049 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-32315 is a Path Traversal flaw in Igniterealtime Openfire. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-33063 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2023-33106: Use of Out-of-range Pointer Offset in Qualcomm, Inc. Snapdragon. Patched builds and fix steps.
CVE-2023-33107 is a Integer Overflow flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix ste
CVE-2023-33538 is a command injection flaw in TP-Link TL-WR940N. Verified patched version and mitigations from the official advisory.
CVE-2023-35081 is a path traversal in EPMM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-35311 time-of-check time-of-use (toctou) race condition in Microsoft 365 Apps For Enterprise. Runnable upgrade commands and verific
CVE-2023-36025 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-36033 is a untrusted pointer dereference in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify
CVE-2023-36036 is a heap-based buffer overflow in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-36424 - Out-of-Bounds Read in Windows 11 version 22H3. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2023-36802 is a use after free in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2023-36874 improper link resolution before file access ('link following') in Windows 10 Version 1809. Runnable upgrade commands and veri
CVE-2023-36884 concurrent execution using shared resource with improper synchronization ('race in Windows 10 Version 1809. Runnable upgrade
CVE-2023-38180 is a uncontrolled resource consumption in Asp.Net Core 2.1. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-38205 is an access control bypass in ColdFusion. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2023-38831 is a security vulnerability flaw in RARLAB WinRAR. Verified patched version and mitigations from the official advisory.
CVE-2023-38950 is a path traversal flaw in BioTime. Verified patched version and mitigations from the official advisory.
CVE-2023-39780 is an OS command injection in RT-AX55. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-41266 is a Path Traversal flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-44487 is a remote code execution flaw in HTTP/2. Verified patched version and mitigations from the official advisory.
CVE-2023-45727 is a xxe injection flaw in Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition. Verif
CVE-2023-46748 is a SQL injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-46805 is a vulnerability in ICS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-47565 is a OS Command Injection flaw in QNAP Systems Inc. VioStor NVR. Actively exploited per CISA KEV. Verified patched builds and
CVE-2023-4911 is a Heap Buffer Overflow flaw in Red Hat Red Hat Enterprise Linux 6. Actively exploited per CISA KEV. Verified patched builds
CVE-2023-49897 is a command injection flaw in AE1021, AE1021PE. Verified patched version and mitigations from the official advisory.
CVE-2023-52163 is a command injection flaw in Digiever DS-2105 Pro. Verified patched version and mitigations from the official advisory.
CVE-2023-6549 is a Memory Corruption flaw in Cloud Software Group NetScaler ADC. Actively exploited per CISA KEV. Verified patched builds an
CVE-2023-7101 is an improper neutralization of directives in dynamically evaluated code ('eval injec flaw in Spreadsheet::ParseExcel. Verifi
CVE-2023-20109 is an OS command injection in IOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2023-20118: an OS command injection in Cisco Small Business RV Series Router Fi. Patched version and vendor advisory inside.
CVE-2023-20269: Authentication Bypass in Cisco Cisco Adaptive Security Appliance (ASA) Software. Patched builds and fix steps.
CVE-2023-21237 is an information disclosure flaw in Android. Verified patched version and mitigations from the official advisory.
CVE-2023-21492: Insertion of Sensitive Information into Log File in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2023-24880 is a incorrect authorization in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2023-36563 is a improper input validation in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the
CVE-2023-36584 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2023-36761 is a improper input validation in Microsoft Office 2019. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2023-36844: PHP External Variable Modification in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-36846: Missing Authentication for Critical Function in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-36847: Missing Authentication for Critical Function in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-36851: Missing Authentication for Critical Function in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2023-37580 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2023-41763 server-side request forgery (ssrf) in Skype For Business Server 2015 Cu13. Runnable upgrade commands and verification steps f
CVE-2023-4211 is an use-after-free flaw in Arm 5th Gen GPU Architecture Kernel Driver, Bifrost GPU Kernel Driver, Midgard GPU Kernel Driver,
CVE-2023-43770 is a cross-site scripting flaw in Roundcube. Verified patched version and mitigations from the official advisory.
CVE-2023-50224 is a Authentication Bypass by Spoofing flaw in Tp-link TL-WR841N. Actively exploited per CISA KEV. Verified patched builds an
CVE-2023-5631 is a Cross-Site Scripting flaw in Roundcube Roundcubemail. Actively exploited per CISA KEV. Verified patched builds and fix st
CVE-2023-6548 is a Code Injection flaw in Cloud Software Group NetScaler ADC. Actively exploited per CISA KEV. Verified patched builds and f
CVE-2023-20867 is a Authentication Bypass flaw in VMWARE VMware Tools. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2023-26083 is a security vulnerability flaw in Mali Graphics Processing Unit (GPU). Verified patched version and mitigations from the of
CVE-2023-23752 is a Security Vulnerability flaw in Joomla! Project Joomla! CMS. Actively exploited per CISA KEV. Verified patched builds and
CVE-2023-28204 is a Out-of-Bounds Memory Access flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2023-3079 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32373 is a Use-After-Free flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32409 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32434 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32435 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-32439 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-33246: Code Injection in Apache Software Foundation Apache RocketMQ. Patched builds and fix steps.
CVE-2023-35674 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-37450 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-38035 is a Security Vulnerability flaw in Ivanti MobileIron Sentry. Actively exploited per CISA KEV. Verified patched builds and fi
CVE-2023-38606 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41061 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41064 is a Buffer Overflow flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41179: Security Vulnerability in Trend Micro, Inc. Trend Micro Apex One. Patched builds and fix steps.
CVE-2023-41974 is a Use-After-Free flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41990 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41991 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41992 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-41993 is a Security Vulnerability flaw in Apple macOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-42824 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-42916 is a Out-of-Bounds Memory Access flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2023-42917 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-43000 is a Use-After-Free flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-44221 is a OS Command Injection flaw in Sonicwall SMA100. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-4762 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-4863 is a Buffer Overflow flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-5217 is a Buffer Overflow flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-6345 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2023-7024 is a Buffer Overflow flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2022-0543 is a remote code execution flaw in redis. Verified patched version and mitigations from the official advisory.
CVE-2022-1040 is a vulnerability in Sophos Firewall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-1388 is the F5 BIG-IP iControl REST auth bypass that gives root command execution. Patched builds and TMUI lockdown for emergency m
CVE-2022-20699 is the SSL VPN RCE in the Cisco RV Series bundle. Public exploit code exists. Patch or replace the hardware.
CVE-2022-20700 is part of the Cisco RV160/RV260/RV340/RV345 bundle. Same advisory and same fix as CVE-2022-20708.
CVE-2022-20701 is part of the Cisco RV160/RV260/RV340/RV345 bundle. Same advisory and same fix as CVE-2022-20708.
CVE-2022-20703 is part of the Cisco RV160/RV260/RV340/RV345 bundle. Same advisory and same fix as CVE-2022-20708.
CVE-2022-20708 is part of the unpatched Cisco RV160/RV260/RV340/RV345 bundle. Mitigation steps and the end-of-life reality.
CVE-2022-21445 - Insecure Deserialization in Application Development Framework (ADF). Runnable patch commands and verification on this page.
CVE-2022-21587 lets unauthenticated attackers run code via Oracle Web Applications Desktop Integrator in E-Business Suite. Critical Patch Up
CVE-2022-22536 is a http request smuggling flaw in SAP Content Server, SAP NetWeaver and ABAP Platform, SAP Web Dispatcher. Verified patched
CVE-2022-22587 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
Improper Control of Generation of Code ('Code Injection' in Spring Cloud Gateway (VMware). Actively exploited. Verified patched versions and
Remote Code Execution in VMware Workspace ONE Access and Identity Manager. Actively exploited. Verified patched versions and remediation ste
CVE-2022-22963 is a code injection flaw in Spring Cloud Function. Verified patched version and mitigations from the official advisory.
Remote Code Execution in Spring Framework (VMware). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-23131 is an authentication bypass in Frontend. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2022-23227 is a security vulnerability flaw in NUUO NVRmini2 through. Verified patched version and mitigations from the official advisor
CVE-2022-24086 is the Adobe Commerce / Magento improper input validation that gives unauthenticated RCE. Apply APSB22-12 hotfix and rotate M
CVE-2022-24112 is an authentication bypass by spoofing flaw in Apache APISIX. Verified patched version and mitigations from the official adv
CVE-2022-24706 is an insecure default initialization flaw in Apache CouchDB. Verified patched version and mitigations from the official advi
CVE-2022-24816 is a code injection in jai-ext. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-24990 is a security vulnerability flaw in TerraMaster NAS. Verified patched version and mitigations from the official advisory.
CVE-2022-26134 is a security vulnerability flaw in Confluence Data Center, Confluence Server. Verified patched version and mitigations from
CVE-2022-26138 is a hardcoded credentials flaw in Questions For Confluence. Verified patched version and mitigations from the official advis
Denial of Service in MiCollab, MiVoice Business Express (Mitel). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26258 is a remote code execution flaw in DIR-820L. Verified patched version and mitigations from the official advisory.
Security Vulnerability in Firebox and XTM Appliances (WatchGuard). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26352 is a remote code execution flaw in dotCMS. Verified patched version and mitigations from the official advisory.
Use-After-Free in Firefox (Mozilla). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26501 is a security vulnerability flaw in Backup & Replication. Verified patched version and mitigations from the official advisory
CVE-2022-26871 is a remote code execution flaw in Trend Micro Apex Central. Verified patched version and mitigations from the official advis
CVE-2022-27518 is the Citrix ADC / Gateway zero-day exploited by APT5 against defense contractors in 2022. Patched builds and SAML configura
CVE-2022-27593: a server-side request forgery (SSRF) in Photo Station. Patched version and vendor advisory inside.
CVE-2022-29303 is a command injection flaw in Compact. Verified patched version and mitigations from the official advisory.
CVE-2022-29464 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-29499 is a remote code execution flaw in MiVoice Connect. Verified patched version and mitigations from the official advisory.
CVE-2022-30525: an OS command injection in USG FLEX 100(W) firmware. Patched version and vendor advisory inside.
CVE-2022-3075 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-31199 is a remote code execution flaw in Auditor. Verified patched version and mitigations from the official advisory.
CVE-2022-3236 is a vulnerability in Sophos Firewall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-35405 is a remote code execution flaw in Zoho ManageEngine Password Manager Pro. Verified patched version and mitigations from the
CVE-2022-35914 is a security vulnerability flaw in GLPI. Verified patched version and mitigations from the official advisory.
CVE-2022-37042 is a remote code execution flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offici
CVE-2022-37055 is a memory corruption flaw in Routers. Verified patched version and mitigations from the official advisory.
CVE-2022-40684 lets unauthenticated attackers bypass admin authentication on Fortinet appliances. Public exploit code exists. Patch and lock
CVE-2022-4135 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-41352 is a path traversal flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the official advi
CVE-2022-42475 is a memory corruption in FortiProxy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-42948 is a remote code execution flaw in Cobalt Strike. Verified patched version and mitigations from the official advisory.
CVE-2022-44877 is a security vulnerability flaw in Control Web Panel. Verified patched version and mitigations from the official advisory.
CVE-2022-46169 is an OS command injection in cacti. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-47966 is a remote code execution flaw in ManageEngine. Verified patched version and mitigations from the official advisory.
CVE-2022-47986 is the IBM Aspera Faspex YAML deserialization that gives unauthenticated RCE. IceFire ransomware used it. Patched version and
CVE-2022-0028 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-0185 is an integer overflow flaw in kernel. Verified patched version and mitigations from the official advisory.
CVE-2022-0609 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
->CWE-281 in kernel (Linux). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-1096 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-1364 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-20775 is a path traversal in Cisco Catalyst SD-WAN. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2022-21882 is an out-of-bounds write in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2022-21919: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2022-21971 access of uninitialized pointer in Windows 10 Version 1809. Runnable upgrade commands and verification steps for sysadmins.
CVE-2022-21999 is a Path Traversal flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2022-22047 is a untrusted search path in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-22071 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon Auto. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2022-22620 is a remote code execution flaw in Safari (v and ), macOS. Verified patched version and mitigations from the official advisor
CVE-2022-22675 is a denial of service flaw in iOS and iPadOS, macOS, watchOS. Verified patched version and mitigations from the official adv
CVE-2022-22706 is a security vulnerability flaw in Arm Mali GPU Kernel Driver. Verified patched version and mitigations from the official ad
CVE-2022-22718 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2022-2294 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
Privilege Escalation in VMware Workspace ONE Access. Actively exploited. Verified patched versions and remediation steps.
Security Vulnerability in Firebox and XTM (WatchGuard). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-23748 is a process control flaw in Audinate Dante Application Library for Windows. Verified patched version and mitigations from th
CVE-2022-24521 is a Out-of-Bounds Write flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix
Use-After-Free in Firefox (Mozilla). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26500 is a security vulnerability flaw in Backup & Replication. Verified patched version and mitigations from the official advisory
CVE-2022-26904 is a Race Condition flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2022-26923 improper certificate validation in Windows 10 Version 1809. Runnable upgrade commands and verification steps for sysadmins.
CVE-2022-26925 missing authentication for critical function in Windows 10 Version 1809. Runnable upgrade commands and verification steps for
CVE-2022-27924 is a security vulnerability flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offic
CVE-2022-27925 is a path traversal flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the official advi
CVE-2022-30190 is a remote code execution in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-30333 is a path traversal flaw in RARLAB UnRAR. Verified patched version and mitigations from the official advisory.
CVE-2022-3038 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-32893 is a remote code execution flaw in Safari, iOS and iPadOS, macOS. Verified patched version and mitigations from the official
CVE-2022-32894 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2022-32917 is a denial of service flaw in iOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2022-33891 is an os command injection flaw in Apache Spark. Verified patched version and mitigations from the official advisory.
CVE-2022-34713 is a remote code execution in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-36537 is a security vulnerability flaw in ZK Framework. Verified patched version and mitigations from the official advisory.
CVE-2022-36804 is a security vulnerability flaw in Bitbucket Data Center, Bitbucket Server. Verified patched version and mitigations from th
CVE-2022-3723 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-37969 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-38028 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-38181 is a security vulnerability flaw in The Arm Mali GPU kernel driver. Verified patched version and mitigations from the officia
CVE-2022-40139 is a remote code execution flaw in Trend Micro Apex One. Verified patched version and mitigations from the official advisory.
CVE-2022-40799 is a security vulnerability flaw in DNR-322L. Verified patched version and mitigations from the official advisory.
CVE-2022-41033 access of resource using incompatible type ('type confusion') in Windows 10 Version 1809. Runnable upgrade commands and verif
CVE-2022-41040 server-side request forgery (ssrf) in Microsoft Exchange Server 2013 Cumulative Update 23. Runnable upgrade commands and veri
CVE-2022-41073 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-41080 security vulnerability in Microsoft Exchange Server 2016 Cumulative Update 23. Runnable upgrade commands and verification ste
CVE-2022-41082 deserialization of untrusted data in Microsoft Exchange Server 2013 Cumulative Update 23. Runnable upgrade commands and verif
CVE-2022-41125 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-41128 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-4262 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-42827 is a denial of service flaw in iOS and iPadOS. Verified patched version and mitigations from the official advisory.
CVE-2022-42856 is a remote code execution flaw in tvOS. Verified patched version and mitigations from the official advisory.
CVE-2022-43769: a vulnerability in Pentaho Business Analytics Server. Patched version and vendor advisory inside.
CVE-2022-43939: Use of Non-Canonical URL Paths for Authorization Decisions in Hitachi Vantara Pentaho Business Analytics Server. Patched bui
CVE-2022-20821: an information disclosure in Cisco IOS XR Software. Patched version and vendor advisory inside.
CVE-2022-22265: Improper Check or Handling of Exceptional Conditions in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2022-22674 is a memory corruption flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2022-22948 is an information disclosure flaw in VMware vCenter Server and VMware Cloud Foundation. Verified patched version and mitigati
Security Vulnerability in Zimbra Collaborate Suite (ZCS) (Synacor). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-2586 is a Use-After-Free flaw in The Linux Kernel Organization linux. Actively exploited per CISA KEV. Verified patched builds and
CVE-2022-27926 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2022-2856 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-28810 is a security vulnerability flaw in Zoho ManageEngine ADSelfService Plus. Verified patched version and mitigations from the o
CVE-2022-39197 is a cross-site scripting flaw in Cobalt Strike. Verified patched version and mitigations from the official advisory.
CVE-2022-40765 is a security vulnerability flaw in MiVoice Connect. Verified patched version and mitigations from the official advisory.
CVE-2022-41049 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-41091 is a incorrect authorization in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2022-41223 is a security vulnerability flaw in MiVoice Connect. Verified patched version and mitigations from the official advisory.
CVE-2022-41328 is a path traversal in FortiOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-44698 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-23134 is a Improper Access Control flaw in Zabbix Frontend. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2022-48503 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2022-48618 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-1497 lets unauthenticated attackers run code on Cisco HyperFlex HX via the web management UI. Patched builds and HX hardening steps
CVE-2021-1498 is a sibling vulnerability in the same Cisco HyperFlex HX advisory as CVE-2021-1497. Same patched build.
CVE-2021-1870 is a remote code execution flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-1871 is a remote code execution flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-20016 is a sql injection flaw in SonicWall SMA100. Verified patched version and mitigations from the official advisory.
CVE-2021-20021 is a privilege escalation flaw in Email Security. Verified patched version and mitigations from the official advisory.
CVE-2021-20028 is a sql injection flaw in SonicWall SRA/SMA100. Verified patched version and mitigations from the official advisory.
CVE-2021-20038 is a stack buffer overflow flaw in SonicWall SMA100. Verified patched version and mitigations from the official advisory.
Path Traversal in Buffalo WSR-2533DHPL2 (Arcadyan). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in VMware Cloud Foundation. Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in VMware vCenter Server and VMware Cloud Foundation. Actively exploited. Verified patched versions and remediation st
Arbitrary File Upload in VMware vCenter Server. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22205 is the GitLab ExifTool image parser RCE that was mass-exploited in late 2021. Affected versions, patched builds, and post-com
Remote Code Execution in Operation Bridge Reporter. (Micro Focus). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22681 is an insufficiently protected credentials flaw in Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Contro
Remote Code Execution in Pulse Connect Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
Improper Access Control in Citrix ShareFile storage zones controller. Actively exploited. Verified patched versions and remediation steps.
Command Injection in BIG-IP; BIG-IQ (F5). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in BIG-IP (F5). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-26084 is a security vulnerability flaw in Confluence Data Center, Confluence Server. Verified patched version and mitigations from
CVE-2021-26855: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2016 Cumulative Update 19. Patch commands and v
SQL Injection in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
Server-Side Request Forgery in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
Command Injection in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
Command Injection in Device Management (Yealink). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-27852 is an unsafe deserialization in Survey. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2021-27860 is a vulnerability in WARP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-28550 is the Adobe Acrobat / Reader DC use-after-free that allowed RCE via crafted PDF. Apply current Acrobat updates.
CVE-2021-28799 is an access control bypass in HBS 3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-30116 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-30633 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-31166: Use-After-Free in Microsoft HTTP Protocol Stack. Runnable fix commands and patched builds.
CVE-2021-3129 is a security vulnerability flaw in Ignition. Verified patched version and mitigations from the official advisory.
Buffer Overflow in AC11 Router (Tenda). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-32030 is an authentication bypass flaw in Routers. Verified patched version and mitigations from the official advisory.
CVE-2021-33044 is an authentication bypass flaw in Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices. Verified p
CVE-2021-33045 is an authentication bypass flaw in Some Dahua IP Camera, Video Intercom, NVR, XVR devices. Verified patched version and miti
CVE-2021-34473: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2013 Cumulative Update 23. Patch commands and v
CVE-2021-34523: Microsoft Exchange Server Elevation of Privilege in Microsoft Exchange Server 2013 Cumulative Update 23. Patch commands and
CVE-2021-35211: a vulnerability in Serv-U Managed File Transfer Server and . Patched version and vendor advisory inside.
Command Injection in Jungle Software Development Kit (SDK) (Realtek). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in AP-Router SDK (Realtek). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in Access Management (AM) (ForgeRock). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-35587 lets unauthenticated attackers take over Oracle Access Manager. Apply Oracle CPU October 2021 or later. Patch steps and verif
Command Injection in Security cameras web server (Hikvision). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-36380 is a command injection flaw in Sunhillo SureLine. Verified patched version and mitigations from the official advisory.
Authentication Bypass in ManageEngine ServiceDesk Plus (SDP) (Zoho). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-37973 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38163 is the SAP NetWeaver Visual Composer 7.0 RT unrestricted file upload that gives unauthenticated RCE on AS Java. SAP Note numb
CVE-2021-38647: Open Management Infrastructure Remote Code Execution in Open Management Infrastructure. Patch commands and verification.
CVE-2021-39226 is an authentication bypass in grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2021-40407 is an OS command injection in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-40438 is a server-side request forgery flaw in Apache HTTP Server. Verified patched version and mitigations from the official advis
Remote Code Execution in ManageEngine (Zoho). Actively exploited. Verified patched versions and remediation steps.
Path Traversal in Aviatrix Controller. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-41277 is an information disclosure in metabase. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2021-42013 is a path traversal flaw in Apache HTTP Server. Verified patched version and mitigations from the official advisory.
Command Injection in XP (Sitecore). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in BillQuick Web Suite (BQE). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-44026 is a sql injection flaw in Roundcube. Verified patched version and mitigations from the official advisory.
Remote Code Execution in ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus (Zoho). Actively exploited. Verified patched versions and
CVE-2021-44228 is an insecure deserialization flaw in Apache Log4j2. Verified patched version and mitigations from the official advisory.
Remote Code Execution in Desktop Central (Zoho). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-44529 is a code injection flaw in Ivanti EPM. Verified patched version and mitigations from the official advisory.
CVE-2021-45046 is the Log4j sibling to Log4Shell that broke the 2.15.0 patch. Upgrade to 2.16.0 (Java 8) or 2.12.2 (Java 7). Verified steps.
Command Injection in Multiple Routers (D-Link). Actively exploited. Verified patched versions and remediation steps.
Use-After-Free in Android. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-1647: Microsoft Defender Remote Code Execution in Microsoft System Center Endpoint Protection. Patch commands and verification.
CVE-2021-1675: Windows Print Spooler Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-1732: Windows Win32k Elevation of Privilege in Windows 10 Version 1803. Patch commands and verification.
CVE-2021-1782 is a race condition flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-1789 is a remote code execution flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-1905 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon Auto. Actively exploited per CISA KEV. Verified patched builds and fix s
CVE-2021-20022 is an unrestricted file upload flaw in Email Security. Verified patched version and mitigations from the official advisory.
CVE-2021-20123 is a security vulnerability flaw in Draytek VigorConnect. Verified patched version and mitigations from the official advisory
CVE-2021-20124 is a security vulnerability flaw in Draytek VigorConnect. Verified patched version and mitigations from the official advisory
CVE-2021-21017 is a path traversal in Acrobat Reader. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-21148 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21166 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21193 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21206 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21220 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21224 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21311 is a SSRF flaw in Vrana adminer. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-21315 is a OS Command Injection flaw in Sebhildebrandt systeminformation. Actively exploited per CISA KEV. Verified patched builds
CVE-2021-21551 is an OS command injection in dbutil. Verified patched version, official vendor advisory, and how to confirm the fix landed.
Server-Side Request Forgery in VMware vRealize Operations. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22054 is a server-side request forgery flaw in VMware Workspace ONE UEM console. Verified patched version and mitigations from the
Information Disclosure in Access Manager. (Micro Focus). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22555 is a Out-of-Bounds Write flaw in N/a Linux Kernel. Actively exploited per CISA KEV. Verified patched builds and fix steps.
Buffer Overflow in Pulse Connect Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in Pulse Connect Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
Arbitrary File Upload in Pulse Secure Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-23874: Privilege Escalation in Mcafee, llc McAfee Total Protection (MTP). Patched builds and fix steps.
Command Injection in Nagios XI. Actively exploited. Verified patched versions and remediation steps.
Command Injection in Nagios XI. Actively exploited. Verified patched versions and remediation steps.
Command Injection in Nagios XI. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-25487: Out-of-Bounds Read in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-26411 is a internet explorer memory corruption in Microsoft Internet Explorer 9. CVSS 8.8 High. Patch commands, mitigations, and ve
CVE-2021-26828 is a security vulnerability flaw in OpenPLC ScadaBR through. Verified patched version and mitigations from the official advis
CVE-2021-26857: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2016 Cumulative Update 19. Patch commands and v
CVE-2021-26858: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2019. Patch commands and verification.
CVE-2021-27059 is a microsoft office remote code execution in Microsoft Office 2016. CVSS 7.6 High. Patch commands, mitigations, and verific
CVE-2021-27065: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2019. Patch commands and verification.
CVE-2021-27085: Internet Explorer Remote Code Execution in Internet Explorer 11. Patch commands and verification.
Command Injection in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-27876 is a Security Vulnerability flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-27877 is a Security Vulnerability flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-27878 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-28310 is a win32k elevation of privilege in Microsoft Windows 10 Version 1803. CVSS 7.8 High. Patch commands, mitigations, and veri
Privilege Escalation in Mali Graphics Processing Unit (GPU) (Arm). Actively exploited. Verified patched versions and remediation steps.
Privilege Escalation in Mali Graphics Processing Unit (GPU) (Arm). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-29256 is a privilege escalation flaw in Mali Graphics Processing Unit (GPU). Verified patched version and mitigations from the offi
CVE-2021-30551 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30554 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30563 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30632 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30661 is a remote code execution flaw in Safari, iOS and iPadOS, macOS, tvOS, watchOS. Verified patched version and mitigations fro
CVE-2021-30663 is a remote code execution flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30665 is a remote code execution flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30666 is a remote code execution flaw in iOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30713 is a security vulnerability flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30761 is a remote code execution flaw in iOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30762 is a remote code execution flaw in iOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30807 is a denial of service flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30858 is a remote code execution flaw in iOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30860 is a remote code execution flaw in iOS, macOS, watchOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30869 is a type confusion flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30883 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30900 is a denial of service flaw in iOS and iPadOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30983 is a denial of service flaw in iOS and iPadOS. Verified patched version and mitigations from the official advisory.
CVE-2021-31010 is a denial of service flaw in macOS, watchOS. Verified patched version and mitigations from the official advisory.
CVE-2021-31196 - Remote Code Execution in Microsoft Exchange Server 2019 Cumulative Update 9. Runnable patch commands and verification on th
Buffer Overflow in Sudo. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-31956 is a windows ntfs elevation of privilege in Microsoft Windows 10 Version 1809. CVSS 7.8 High. Patch commands, mitigations, an
CVE-2021-31979: Windows Kernel Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-32648 is a Authentication Bypass flaw in Octobercms october. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege in Windows 10 Version 1909. Patch commands and verification.
CVE-2021-33742: Windows MSHTML Platform Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-33766 is a security vulnerability in Microsoft Exchange Server. This page lists verified fix commands and short-term mitigations yo
CVE-2021-33771: Windows Kernel Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-34484 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2021-34486 is a Use-After-Free flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2021-34527: Windows Print Spooler Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-3493 is a local privilege escalation in linux kernel. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2021-3560 is an incorrect authorization flaw in polkit. Verified patched version and mitigations from the official advisory.
CVE-2021-36741 is a path traversal flaw in Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security. Verified
CVE-2021-36742 is a security vulnerability flaw in Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security. V
CVE-2021-36934 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can ru
CVE-2021-36942 is a windows lsa spoofing in Microsoft Windows Server 2019. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2021-36948: Windows Update Medic Service Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-36955: Windows Common Log File System Driver Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-37975 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38003 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38406 is a Out-of-Bounds Write flaw in Delta Electronics DOPSoft 2. Actively exploited per CISA KEV. Verified patched builds and fi
CVE-2021-38645: Open Management Infrastructure Elevation of Privilege in Open Management Infrastructure. Patch commands and verification.
CVE-2021-38646 is a Remote Code Execution flaw in Microsoft Office. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2021-38648: Open Management Infrastructure Elevation of Privilege in Open Management Infrastructure. Patch commands and verification.
CVE-2021-38649: Open Management Infrastructure Elevation of Privilege in Open Management Infrastructure. Patch commands and verification.
CVE-2021-39144 is a Code Injection flaw in X-stream xstream. Actively exploited per CISA KEV. Verified patched builds and fix steps.
Out-of-Bounds Write in Android (Google). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-4034 (PwnKit) is the 12-year-old polkit pkexec bug that gives any local user instant root on most Linux distros. Verified fix and p
CVE-2021-40444: Microsoft MSHTML Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-40449 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2021-40450 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2021-40655 is a security vulnerability flaw in DIR-605 Router. Verified patched version and mitigations from the official advisory.
CVE-2021-4102 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-41357 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2021-41773 is a path traversal flaw in Apache HTTP Server. Verified patched version and mitigations from the official advisory.
CVE-2021-42278: Elevation of Privilege in Microsoft Active Directory. Runnable fix commands and patched builds.
CVE-2021-42287: Elevation of Privilege in Microsoft Active Directory. Runnable fix commands and patched builds.
CVE-2021-42292 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2021-42321 is a security vulnerability in Microsoft Exchange Server. This page lists verified fix commands and short-term mitigations yo
CVE-2021-43226 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2021-43798 is a Path Traversal flaw in Grafana grafana. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-43890 is a security vulnerability in App Installer. This page lists verified fix commands and short-term mitigations you can run to
CVE-2021-44207 is a security vulnerability flaw in Acclaim USAHERDS through. Verified patched version and mitigations from the official advi
Use-After-Free in Android. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-1879 is a denial of service flaw in iOS, iOS and iPadOS, watchOS. Verified patched version and mitigations from the official adviso
CVE-2021-1906 is a Security Vulnerability flaw in Qualcomm, Inc. Snapdragon Auto. Actively exploited per CISA KEV. Verified patched builds a
CVE-2021-20023 is a path traversal flaw in Email Security. Verified patched version and mitigations from the official advisory.
Server-Side Request Forgery in VMware Cloud Foundation. Actively exploited. Verified patched versions and remediation steps.
Security Vulnerability in VMware vCenter Server. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22175 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-22204 is a Security Vulnerability flaw in Exiftool ExifTool. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2021-22600 is a vulnerability in Kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-25337: Privilege Escalation in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25369: Information Disclosure in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25370: Security Vulnerability in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25371: Hidden Functionality in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25372: Out-of-Bounds Memory Access in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25394 is a Use-After-Free flaw in Samsung Mobile Samsung Mobile Devices. Actively exploited per CISA KEV. Verified patched builds a
CVE-2021-25395: Concurrent Execution using Shared Resource with Improper Synchronization in Samsung Mobile Samsung Mobile Devices. Patched b
CVE-2021-26085 is a remote code execution flaw in Confluence Data Center, Confluence Server. Verified patched version and mitigations from t
CVE-2021-26829 is a cross-site scripting flaw in OpenPLC ScadaBR through. Verified patched version and mitigations from the official advisor
Security Vulnerability in Trusted Firmware (Arm). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-30533 is a remote code execution flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30657 is a security vulnerability flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-31199: Microsoft Enhanced Cryptographic Provider Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification
CVE-2021-31201: Microsoft Enhanced Cryptographic Provider Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification
CVE-2021-31207: Microsoft Exchange Server Security Feature Bypass in Microsoft Exchange Server 2013 Cumulative Update 23. Patch commands and
CVE-2021-31955: Windows Kernel Information Disclosure in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-34448: Scripting Engine Memory Corruption in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-35247 is a Improper Input Validation flaw in Solarwinds Serv-U. Actively exploited per CISA KEV. Verified patched builds and fix st
CVE-2021-37976 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38000 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-39935 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-41379 is a link resolution before file access in Microsoft Windows. This page lists verified fix commands and short-term mitigation
CVE-2021-25489: Improper Input Validation in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-44168 is a Security Vulnerability flaw in Fortinet Fortinet FortiOS. Actively exploited per CISA KEV. Verified patched builds and f
CVE-2021-20035 is a OS Command Injection flaw in Sonicwall SMA100. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-26086 is a Path Traversal flaw in Atlassian Jira Data Center. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2021-30952 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2020-0618 - Remote Code Execution in Microsoft SQL Server. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2020-0646: Remote Code Execution in Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2. Patch commands and verification.
CVE-2020-0796 is a buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-10148: CWE-288 Authentication Bypass Using an Alternate Path or Channel in Orion Platform. Patch commands and verification.
CVE-2020-10181 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-10189 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-1040 is a remote code execution in Microsoft Windows Server. CVSS 9 Critical. Patch commands, mitigations, and verification.
CVE-2020-10987 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-11651 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-12271 is a n/a in the vendor n/a. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2020-12641 improper neutralization of special elements used in an os command ('os command i in Roundcube Webmail. Runnable upgrade comma
CVE-2020-12812 is a improper access control in Fortinet FortiOS. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-1350 is a remote code execution in Microsoft Windows Server. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2020-13927 is a missing authentication in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run t
CVE-2020-14644 - Remote Code Execution in WebLogic Server. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2020-14750: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2020-14871: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Or
CVE-2020-14882: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2020-15069 - Remote Code Execution in XG Firewall. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-15415 - Command Injection in Multiple Vigor Routers. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2020-15505 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-15999 is a heap buffer overflow in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2020-16010 is a heap buffer overflow in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2020-16017 is a use after free in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2020-16846 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-17463 is a SQL injection in FUEL CMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-17496 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-17519 - Files Accessible to External Parties in Apache Flink. Runnable patch commands, mitigation snippets, and verification steps
CVE-2020-17530 is a neutralization of special elements used in in Apache Struts. This page lists verified fix commands and short-term mitiga
CVE-2020-1938 is a security vulnerability in Apache Tomcat. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2020-2021: Improper Verification of Cryptographic Signature in Palo Alto Networks PAN-OS. Runnable fix commands and patched builds.
CVE-2020-2509: Command Injection in QNAP Network-Attached Storage (NAS). Runnable fix commands and patched builds.
CVE-2020-25213 is a n/a in the vendor n/a. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2020-25223 is a OS Command Injection flaw in Sophos SG UTM. Actively exploited per CISA KEV. Verified patched builds and runnable fix co
CVE-2020-25506 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-2551 is a security vulnerability in Weblogic Server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-2555: Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. S
CVE-2020-26919 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-2883 - Security Vulnerability in WebLogic Server. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2020-29557 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-29574 - SQL Injection in CyberoamOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-3161 is a improper input validation in Cisco IP phone. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-3952 is a critical information disclosure in VMware vCenter Server. CVSS 9.8 Critical. Patch commands, mitigations, and verificatio
CVE-2020-3992 is a remote code execution vulnerability in VMware ESXi. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-4006: Command Injection in VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware I
CVE-2020-4427 is a bypass security in IBM Data Risk Manager. CVSS 9 Critical. Patch commands, mitigations, and verification.
CVE-2020-4428 is a gain access in IBM Data Risk Manager. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2020-5135 is a Buffer Overflow flaw in SonicWall SonicOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2020-5722 is a SQL injection in Grandstream UCM6200 Series. This page lists verified fix commands and short-term mitigations you can run
CVE-2020-5847 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-5902 is a rce in F5 BIG-IP. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-6207: Missing Authentication Check in SAP Solution Manager (User Experience Monitoring). Patch commands and verification.
CVE-2020-6287: Missing Authentication Check in SAP NetWeaver AS JAVA (LM Configuration Wizard). Patch commands and verification.
CVE-2020-7247: Improper Handling of Exceptional Conditions in OpenBSD OpenSMTPD. Runnable fix commands and patched builds.
CVE-2020-7796 - Server-Side Request Forgery in Zimbra Collaboration Suite. Runnable patch commands and verification on this page.
CVE-2020-7961 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8515 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8599: Arbitrary File Upload Directory Traversal in Trend Micro OfficeScan, Trend Micro Apex One. Patch commands and verification.
CVE-2020-8644 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8657 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8816 is an OS command injection in Pi. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9054: OS Command Injection in Zyxel Multiple Network-Attached Storage (NAS) Devices. Runnable fix commands and patched builds.
CVE-2020-0041 is an improper input validation in Android. This page lists verified fix commands and short-term mitigations you can run today
CVE-2020-0069 is an out-of-bounds write in Android. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-0601 is a spoofing in Microsoft Windows. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2020-0638: Improper Link Resolution Before File Access in Microsoft Update Notification Manager. Runnable fix commands and patched build
CVE-2020-0674 is a remote code execution in Microsoft Internet Explorer 10. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-0683 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-0688 is a remote code execution in Microsoft Exchange Server 2013. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-0787 is a link resolution before file access in Microsoft Windows. This page lists verified fix commands and short-term mitigations
CVE-2020-0938 is a remote code execution in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-0968 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-0986 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-10199 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-1020 is a remote code execution in Microsoft Windows. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-10221 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-1027 is a Out-of-Bounds Write flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2020-1054 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-11261 is an improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Sna
CVE-2020-1147 is a remote code execution in Microsoft SharePoint Enterprise Server. CVSS 7.8 High. Patch commands, mitigations, and verifica
CVE-2020-11738 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-11978 is an OS command injection in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run to
CVE-2020-13671 is an unrestricted file upload in Drupal Core. This page lists verified fix commands and short-term mitigations you can run t
CVE-2020-1380 is a scripting engine memory corruption in Microsoft Internet Explorer 11. CVSS 7.8 High. Patch commands, mitigations, and ver
CVE-2020-1464 is a windows spoofing in Microsoft Windows 10 Version 1803. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-14864 is a security vulnerability in Business Intelligence Enterprise Edition. This page lists verified fix commands and short-term
CVE-2020-14883: Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2020-16009 is a inappropriate implementation in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-16013 is a inappropriate implementation in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-1631 is a Path Traversal flaw in Juniper Junos OS. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2020-17087: Windows Kernel Local Elevation of Privilege in Windows 10 Version 1803. Patch commands and verification.
CVE-2020-17144: Microsoft Exchange Remote Code Execution in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31. Patch commands a
CVE-2020-1956 is a OS Command Injection flaw in Apache Kylin. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2020-24363 - Security Vulnerability in TL-WA855RE. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-24557 is a improper access control privilege escalation in Trend Micro Apex One. CVSS 7.8 High. Patch commands, mitigations, and ve
CVE-2020-2506: Improper Access Control in QNAP Systems Helpdesk. Runnable fix commands and patched builds.
CVE-2020-25078 - Security Vulnerability in DCS-2530L and DCS-2670L Devices. Runnable patch commands and verification on this page.
CVE-2020-25079 - Command Injection in DCS-2530L and DCS-2670L Devices. Runnable patch commands, mitigation snippets, and verification steps
CVE-2020-27930 is an out-of-bounds write in Apple iOS and iPadOS. This page lists verified fix commands and short-term mitigations you can r
CVE-2020-27932 is an access of resource using incompatible type in Apple iOS and iPadOS. This page lists verified fix commands and short-ter
CVE-2020-28949 is a security vulnerability in Archive Tar. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-3118: Cisco IOS XR Software Cisco Discovery Protocol Format String in Cisco IOS XR Software. Patch commands and verification.
CVE-2020-3259 security vulnerability in Cisco Adaptive Security Appliance (Asa) Software. Runnable upgrade commands and verification steps f
CVE-2020-3433 security vulnerability in Cisco Anyconnect Secure Mobility Client. Runnable upgrade commands and verification steps for sysadm
CVE-2020-3452 is an improper input validation in Cisco Adaptive Security Appliance (ASA) Software. This page lists verified fix commands and
CVE-2020-3566 is a cisco ios xr software dvmrp memory exhaustion in Cisco IOS XR Software. CVSS 8.6 High. Patch commands, mitigations, and v
CVE-2020-3569: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities in Cisco IOS XR Software. Patch commands and verification.
CVE-2020-36193 improper link resolution before file access ('link following') in Archive Tar. Runnable upgrade commands and verification ste
CVE-2020-3837 is a out-of-bounds write in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-3950: Privilege escalation vulnerability in VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac. Patch commands
CVE-2020-5410: CWE-23: Relative Path Traversal in VMware Tanzu Spring Cloud Configuration (Config) Server. Runnable fix commands and patched
CVE-2020-5735 is a stack buffer overflow in Amcrest. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-5741 deserialization of untrusted data in Plex Media Server (Windows). Runnable upgrade commands and verification steps for sysadmi
CVE-2020-5849 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-6418 is a type confusion in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-6572 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-6819: Use-after-free while running the nsDocShell destructor in Thunderbird. Patch commands and verification.
CVE-2020-6820 is a use-after-free when handling a readablestream in Mozilla Thunderbird. CVSS 8.1 High. Patch commands, mitigations, and ver
CVE-2020-8218: Code Injection in Pulse Secure Pulse Connect Secure. Runnable fix commands and patched builds.
CVE-2020-8243 is a code injection (cwe-94) in Pulse Secure Pulse Connect Secre. CVSS 7.2 High. Patch commands, mitigations, and verification
CVE-2020-8260: Unrestricted Upload of File with Dangerous Type (CWE-434) in Pulse Connect Secure / Pulse Policy Secure. Patch commands and v
CVE-2020-8467 is a rce in Trend Micro OfficeScan, Trend Micro Apex One. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-8468: Content Validation Escape in Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS). P
CVE-2020-8655 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-9377 is a OS Command Injection flaw in D-Link DIR-610 Devices. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2020-9715 - Use-After-Free in Adobe Acrobat and Reader. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2020-9818 is an out-of-bounds write in iOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9859 is a double free in Apple macOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9907 is a out-of-bounds write in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-0878 is a microsoft browser memory corruption in Microsoft ChakraCore. CVSS 4.2 Medium. Patch commands, mitigations, and verificati
CVE-2020-11023 - Cross-Site Scripting in jQuery. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-11652 is a n/a in the vendor n/a. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2020-11899 is an out-of-bounds read in The Treck. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-13965 - Cross-Site Scripting in Webmail. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-1472: Netlogon Elevation of Privilege in Windows Server version 2004. Patch commands and verification.
CVE-2020-27950 is an initialization in Apple iOS and iPadOS. This page lists verified fix commands and short-term mitigations you can run to
CVE-2020-3153 security vulnerability in Cisco Anyconnect Secure Mobility Client. Runnable upgrade commands and verification steps for sysadm
CVE-2020-35730 improper neutralization of input during web page generation ('cross-site scripti in Roundcube Webmail. Runnable upgrade comma
CVE-2020-3580: Cross-Site Scripting in Cisco Adaptive Security Appliance (ASA) Software. Patch commands and verification.
CVE-2020-4430 is a obtain information in IBM Data Risk Manager. CVSS 4.3 Medium. Patch commands, mitigations, and verification.
CVE-2020-8193: Improper Access Control - Generic (CWE-284) in Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP. Patch commands and verificati
CVE-2020-8195: Improper Input Validation (CWE-20) in Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP. Patch commands and verification.
CVE-2020-8196: Improper Access Control - Generic (CWE-284) in Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP. Patch commands and verificati
CVE-2020-9819 is an out-of-bounds write in iOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9934 is a security vulnerability in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-0344 - Remote Code Execution in SAP Commerce Cloud (virtualjdbc extension). Runnable patch commands and verification on this page.
CVE-2019-0604 is a remote code execution in Microsoft SharePoint Server. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-0708 is a remote code execution in Microsoft Windows. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-1003029: CWE-noinfo Not enough information in Jenkins Script Security Plugin. Runnable fix commands and patched builds.
CVE-2019-1003030: Protection Mechanism Failure in Jenkins Matrix Project Plugin. Runnable fix commands and patched builds.
CVE-2019-10068 is a Insecure Deserialization flaw in Kentico Xperience. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2019-10149 is an OS command injection in exim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-10758 is a code injection in mongo-express. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-11510 is a n/a in the vendor n/a. CVSS 9.9 Critical. Patch commands, mitigations, and verification.
CVE-2019-11580 is a security vulnerability in Crowd. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-11581: Improper Neutralization of Special Elements in Output Used by a Downstream Component in Atlassian Jira Server and Data Cente
CVE-2019-11634 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-11708: Improper Input Validation in Mozilla Firefox and Thunderbird. Runnable fix commands and patched builds.
CVE-2019-12989 is a SQL Injection flaw in Citrix SD-WAN and NetScaler. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2019-15107 is a OS Command Injection flaw in Webmin. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2019-16057: OS Command Injection in D-Link DNS-320 Storage Device. Runnable fix commands and patched builds.
CVE-2019-16256 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-16278 - Remote Code Execution in nhttpd. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2019-16759 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-16920: OS Command Injection in D-Link Multiple Routers. Runnable fix commands and patched builds.
CVE-2019-16928 is an out-of-bounds write in Exim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-17621 improper neutralization of special elements used in an os command ('os command i in Dir-859 Router. Runnable upgrade commands
CVE-2019-18935 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-19006 - Security Vulnerability in FreePBX. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2019-19781 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-3396 is a path traversal in Confluence Server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-3568: Heap Buffer Overflow in Meta Platforms WhatsApp. Runnable fix commands and patched builds.
CVE-2019-3929: Cross-Site Scripting in Crestron Multiple Products. Runnable fix commands and patched builds.
CVE-2019-4716 is a gain access in IBM Planning Analytics. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2019-5544 is a heap overwrite in the vendor ESXi and Horizon DaaS. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2019-7192 incorrect authorization in Qnap Nas Devices Running Photo Station. Runnable upgrade commands and verification steps for sysadm
CVE-2019-7193 is a improper input validation in Qnap Nas Devices. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2019-7194 improper limitation of a pathname to a restricted directory ('path traversal') in Qnap Nas Devices Running Photo Station. Runn
CVE-2019-7195 improper limitation of a pathname to a restricted directory ('path traversal') in Qnap Nas Devices Running Photo Station. Runn
CVE-2019-7238 is a security vulnerability in Sonatype Nexus. This page lists verified fix commands and short-term mitigations you can run to
CVE-2019-7256 improper neutralization of special elements used in an os command ('os command i in Linear Emerge Essential Firmware. Runnable
CVE-2019-7609 is a code injection in Kibana. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-9670 is a XML external entity injection in Synacor Zimbra. This page lists verified fix commands and short-term mitigations you can
CVE-2019-9874 - Insecure Deserialization in CMS and Experience Platform (XP). Runnable patch commands and verification on this page.
CVE-2019-0193 is a code injection in Apache Solr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-0211 is an use-after-free in Apache HTTP Server. This page lists verified fix commands and short-term mitigations you can run today
CVE-2019-0541 is a remote code execution in Microsoft Office. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2019-0543 is a Improper Authentication flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2019-0752 is an access of resource using incompatible type in Internet Explorer 10. This page lists verified fix commands and short-term
CVE-2019-0797 is a elevation of privilege in Microsoft Windows Server. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0803 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0808 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0841: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-0859 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0863 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-0880 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2019-0903: Remote Code Execution in Microsoft Graphics Device Interface (GDI). Runnable fix commands and patched builds.
CVE-2019-1064: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1069: Improper Link Resolution Before File Access in Microsoft Task Scheduler. Runnable fix commands and patched builds.
CVE-2019-11001 - Command Injection in Multiple IP Cameras. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2019-11043: Buffer Overflow in PHP FastCGI Process Manager (FPM). Runnable fix commands and patched builds.
CVE-2019-1129: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1130: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1132 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2019-11539 is a n/a in the vendor n/a. CVSS 8 High. Patch commands, mitigations, and verification.
CVE-2019-11707: Type Confusion in Mozilla Firefox and Thunderbird. Runnable fix commands and patched builds.
CVE-2019-1214 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-1215 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-1253: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1297 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2019-12991: OS Command Injection in Citrix SD-WAN and NetScaler. Runnable fix commands and patched builds.
CVE-2019-1315: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1322 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2019-13272 is a security vulnerability in Linux kernel. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2019-13608 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-1367 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-13720 is a Use-After-Free flaw in Google Chrome WebAudio. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2019-1385: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1388 is a improper privilege management in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-1405: Improper Privilege Management in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2019-1429 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-1458 is a security vulnerability in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations you
CVE-2019-15271 security vulnerability in Cisco Small Business Rv Series Router Firmware. Runnable upgrade commands and verification steps fo
CVE-2019-15752 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2019-1579 is an use of externally-controlled format string in Palo Alto Networks GlobalProtect Portal/Gateway Interface. This page lists
CVE-2019-15949 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2019-1652 is an improper input validation in Cisco Small Business RV Series Router Firmware. This page lists verified fix commands and s
CVE-2019-1653 is a improper access control in Cisco Small Business RV Series Router Firmware. CVSS 7.5 High. Patch commands, mitigations, an
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement in Firefox ESR. Patch commands and verification.
CVE-2019-17558 is a neutralization of special elements in output in Apache Solr. This page lists verified fix commands and short-term mitiga
CVE-2019-18187 is a arbitrary file upload with directory traversal in Trend Micro OfficeScan. CVSS 8.8 High. Patch commands, mitigations, an
CVE-2019-18426: Cross-Site Scripting in Meta Platforms WhatsApp. Runnable fix commands and patched builds.
CVE-2019-18988 is a n/a in the vendor n/a. CVSS 7 High. Patch commands, mitigations, and verification.
CVE-2019-19356 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-20085 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-20500 improper neutralization of special elements used in an os command ('os command i in Dwl-2600Ap Access Point. Runnable upgrade
CVE-2019-2215 is an use-after-free in Android. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-2616: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher in O
CVE-2019-2725 is a security vulnerability in Tape Library ACSLS. This page lists verified fix commands and short-term mitigations you can ru
CVE-2019-3010 is a security vulnerability in Solaris Operating System. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2019-3398 is a path traversal in Confluence. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2019-5418 - Path Traversal in https://github.com/rails/rails. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2019-6223 is a security vulnerability in Apple macOS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2019-6340 is a Insecure Deserialization flaw in Drupal Core. Actively exploited per CISA KEV. Verified patched builds and runnable fix c
CVE-2019-7286 is a Out-of-Bounds Write flaw in Apple Multiple Products. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2019-7287 is a Out-of-Bounds Write flaw in Apple iOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands
CVE-2019-7481: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SMA100. Patch commands and ve
CVE-2019-7483 is a Path Traversal flaw in SonicWall SMA100. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2019-8394 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2019-8506 is a Type Confusion flaw in Apple Multiple Products. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2019-8526 is a use after free in Macos. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-8605 is a use after free in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-8720 is a Memory Corruption flaw in WebKitGTK. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2019-9082 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2019-9621 - Server-Side Request Forgery in Zimbra Collaboration Suite (ZCS). Runnable patch commands and verification on this page.
CVE-2019-9875 - Insecure Deserialization in CMS and Experience Platform (XP). Runnable patch commands and verification on this page.
CVE-2019-0676: Information Disclosure in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2019-0703 is a Information Disclosure flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2019-5591 is a information disclosure in Fortinet FortiOS. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2019-5786 is a Use-After-Free flaw in Google Chrome Blink. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2019-5825 is a out-of-bounds write in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2019-6693 - Security Vulnerability in FortiGate. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2019-9978 is a n/a in the vendor n/a. CVSS 6.1 Medium. Patch commands, mitigations, and verification.
CVE-2018-0125 is a Improper Input Validation flaw in Cisco VPN Routers. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2018-0147: Improper Input Validation in Cisco Secure Access Control System (ACS). Runnable fix commands and patched builds.
CVE-2018-0151 is a buffer overflow in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2018-1000861 is a deserialization of untrusted data in Java. This page lists verified fix commands and short-term mitigations you can ru
CVE-2018-10561: Improper Authentication in Dasan Gigabit Passive Optical Network (GPON) Routers. Runnable fix commands and patched builds.
CVE-2018-10562: OS Command Injection in Dasan Gigabit Passive Optical Network (GPON) Routers. Runnable fix commands and patched builds.
CVE-2018-11138: OS Command Injection in Quest KACE System Management Appliance. Runnable fix commands and patched builds.
CVE-2018-1273: Code Injection in VMware Tanzu Spring Data Commons. Runnable fix commands and patched builds.
CVE-2018-13379 is a information disclosure in Fortinet FortiOS, FortiProxy. CVSS 9.1 Critical. Patch commands, mitigations, and verification
CVE-2018-13382 is an incorrect authorization in Fortinet FortiOS, FortiProxy. This page lists verified fix commands and short-term mitigatio
CVE-2018-14558 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2018-14667 is a security vulnerability in Richfaces. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2018-14839 is a OS Command Injection flaw in LG N1A1 NAS. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2018-14847 is a path traversal in MikroTik RouterOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-14933 - Command Injection in NVRmini Devices. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2018-15961 is an unrestricted file upload in ColdFusion. This page lists verified fix commands and short-term mitigations you can run to
CVE-2018-18809 improper limitation of a pathname to a restricted directory ('path traversal') in Tibco Jasperreports Library. Runnable upgra
CVE-2018-19323 is a security vulnerability in Multiple Products. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2018-19410 - Security Vulnerability in PRTG Network Monitor. Runnable patch commands, mitigation snippets, and verification steps on thi
CVE-2018-19949: Improper Input Validation in QNAP Network Attached Storage (NAS). Runnable fix commands and patched builds.
CVE-2018-20062 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2018-20753: n/a in Kaseya Virtual System/Server Administrator (VSA). Runnable fix commands and patched builds.
CVE-2018-2628 is a deserialization of untrusted data in Weblogic Server. Patched version, runnable upgrade commands, and how to verify the f
CVE-2018-4939 is a deserialization of untrusted data in Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 a
CVE-2018-6530 improper neutralization of special elements used in an os command ('os command i in Multiple Routers. Runnable upgrade command
CVE-2018-6789 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2018-7445 improper restriction of operations within the bounds of a memory buffer in Routeros. Runnable upgrade commands and verificatio
CVE-2018-7600: remote code execution in Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1. Patch commands and
CVE-2018-7602 is a Code Injection flaw in Drupal Core. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2018-7841: SQL Injection in Schneider Electric U.motion Builder. Runnable fix commands and patched builds.
CVE-2018-0154 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-0155 is a cwe-388 in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-0156 is a cwe-399 in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-0158 is an improper input validation in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you
CVE-2018-0159 is an improper input validation in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you
CVE-2018-0167 is a buffer overflow in Cisco IOS, IOS XE, and IOS XR. This page lists verified fix commands and short-term mitigations you ca
CVE-2018-0171 is a improper input validation in Cisco IOS and IOS XE. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2018-0172 is an improper input validation in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you
CVE-2018-0173 is an improper input validation in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you
CVE-2018-0174 is an improper input validation in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you
CVE-2018-0175 is a buffer overflow in Cisco IOS, IOS XE, and IOS XR. This page lists verified fix commands and short-term mitigations you ca
CVE-2018-0296 is a improper input validation in Cisco Adaptive Security Appliance unknown. CVSS 7.5 High. Patch commands, mitigations, and v
CVE-2018-0798 is a remote code execution in Microsoft Corporation Equation Editor. CVSS 8.8 High. Patch commands, mitigations, and verificat
CVE-2018-0802 is a remote code execution in Microsoft Corporation Equation Editor. CVSS 7.8 High. Patch commands, mitigations, and verificat
CVE-2018-0824 - Remote Code Execution in Windows. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2018-11776 is a security vulnerability in Apache Struts. This page lists verified fix commands and short-term mitigations you can run to
CVE-2018-14634 - Integer Overflow in kernel. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2018-15133 is a deserialization of untrusted data in Laravel Framework. Patched version, runnable upgrade commands, and how to verify th
CVE-2018-15811 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2018-15982 is an use-after-free in Flash Player. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-17463 is a security vulnerability in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2018-17480 is a out-of-bounds write in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2018-18325 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2018-19320 is a security vulnerability in Multiple Products. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2018-19321 is a security vulnerability in Multiple Products. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2018-19322 is a security vulnerability in Multiple Products. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2018-19943: Cross-Site Scripting in QNAP Network Attached Storage (NAS). Runnable fix commands and patched builds.
CVE-2018-20250 is a cwe-36: absolute path traversal in WinRAR. This page lists verified fix commands and short-term mitigations you can run
CVE-2018-4063 - Remote Code Execution in Sierra Wireless. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2018-4344 improper restriction of operations within the bounds of a memory buffer in Ios, Macos, Tvos, Watchos. Runnable upgrade command
CVE-2018-4878 is an use-after-free in Adobe Flash Player before 28.0.0.161. This page lists verified fix commands and short-term mitigations
CVE-2018-4990 double free in Adobe Acrobat And Reader 2018.011.20038 And Earlier, 2017.011.30079 And Earlier, And 2015.006.30417 And Earlier
CVE-2018-5002 is a Stack Buffer Overflow flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2018-5430 exposure of sensitive information to an unauthorized actor in Tibco Jasperreports Server. Runnable upgrade commands and verifi
CVE-2018-6065 is a integer overflow or wraparound in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2018-6961 is a OS Command Injection flaw in VMware SD-WAN Edge. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2018-8120: Improper Resource Shutdown or Release in Microsoft Win32k. Runnable fix commands and patched builds.
CVE-2018-8174 is an out-of-bounds write in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2018-8298 is an access of resource using incompatible type in ChakraCore. This page lists verified fix commands and short-term mitigatio
CVE-2018-8373: Out-of-Bounds Write in Microsoft Internet Explorer Scripting Engine. Runnable fix commands and patched builds.
CVE-2018-8405: Improper Resource Shutdown or Release in Microsoft DirectX Graphics Kernel (DXGKRNL). Runnable fix commands and patched build
CVE-2018-8406: Improper Resource Shutdown or Release in Microsoft DirectX Graphics Kernel (DXGKRNL). Runnable fix commands and patched build
CVE-2018-8414 is a Improper Input Validation flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2018-8440 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2018-8453 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2018-8581 is a security vulnerability in Microsoft Exchange Server. This page lists verified fix commands and short-term mitigations you
CVE-2018-8589 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2018-8611 is a improper resource shutdown or release in Windows 7. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2018-8639 - Privilege Escalation in Windows 7. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2018-8653 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2018-9276 - Command Injection in PRTG Network Monitor. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2018-0161 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-0179 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-0180 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2018-13374 incorrect permission assignment for critical resource in Fortinet Fortios, Fortiadc. Runnable upgrade commands and verificati
CVE-2018-13383 is an out-of-bounds write in Fortinet FortiOS and FortiProxy. This page lists verified fix commands and short-term mitigation
CVE-2018-19953 is a cross-site scripting (xss) in Qts. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2018-2380 is a directory/path traversal in SAP Se SAP CRM. CVSS 6.6 Medium. Patch commands, mitigations, and verification.
CVE-2018-6882: Cross-Site Scripting in Synacor Zimbra Collaboration Suite (ZCS). Runnable fix commands and patched builds.
CVE-2017-1000353 - Remote Code Execution in Jenkins. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2017-1000486 is an inadequate encryption strength in Primetek Primefaces. This page lists verified fix commands and short-term mitigatio
CVE-2017-11317: Inadequate Encryption Strength in Telerik User Interface (UI) for ASP.NET AJAX. Runnable fix commands and patched builds.
CVE-2017-11357 unrestricted upload of file with dangerous type in User Interface (Ui) For Asp.Net Ajax. Runnable upgrade commands and verifi
CVE-2017-12149 is a deserialization of untrusted data in jbossas. This page lists verified fix commands and short-term mitigations you can r
CVE-2017-12240 is an improper input validation in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you
CVE-2017-15944 is a improper input validation in Pan-Os. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2017-18362: SQL Injection in Kaseya Virtual System/Server Administrator (VSA). Runnable fix commands and patched builds.
CVE-2017-18368 improper neutralization of special elements used in an os command ('os command i in P660Hn-T1A Routers. Runnable upgrade comm
CVE-2017-3066 - Insecure Deserialization in Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, Cold
CVE-2017-3881: Improper Input Validation in Cisco IOS and IOS XE. Runnable fix commands and patched builds.
CVE-2017-5638 is a vulnerability in Apache Struts. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-5689 is an improper privilege management in Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Mana
CVE-2017-6077: OS Command Injection in NETGEAR Wireless Router DGN2200. Runnable fix commands and patched builds.
CVE-2017-6316 is a n/a flaw in Citrix NetScaler SD-WAN Enterprise. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2017-6862 buffer copy without checking size of input ('classic buffer overflow') in Netgear All Versions Prior To Wnr2000V3 1.1.2.14, Wn
CVE-2017-7269 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2017-7494 improper control of generation of code ('code injection') in Samba. Runnable upgrade commands and verification steps for sysad
CVE-2017-7921 - Authentication Bypass in Hikvision Cameras. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2017-8543: Improper Preservation of Permissions in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2017-9248 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2017-9791 is an improper input validation in Apache Struts. This page lists verified fix commands and short-term mitigations you can run
CVE-2017-9841 is a code injection in PHP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-0001 is a security vulnerability in Windows GDI. This page lists verified fix commands and short-term mitigations you can run today
CVE-2017-0005 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2017-0037: Type Confusion in Microsoft Edge and Internet Explorer. Runnable fix commands and patched builds.
CVE-2017-0101 is a Memory Corruption flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix co
CVE-2017-0143 is a remote code execution in Microsoft Corporation Windows SMB. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2017-0144 is a security vulnerability in Windows SMB. This page lists verified fix commands and short-term mitigations you can run today
CVE-2017-0145 is a security vulnerability in Windows SMB. This page lists verified fix commands and short-term mitigations you can run today
CVE-2017-0146 is a Remote Code Execution flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2017-0147: Information Disclosure in Microsoft SMBv1 server. Runnable fix commands and patched builds.
CVE-2017-0148: Improper Input Validation in Microsoft SMBv1 server. Runnable fix commands and patched builds.
CVE-2017-0149: Out-of-Bounds Write in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2017-0199 is a remote code execution in Microsoft Corporation Office/WordPad. CVSS 7.8 High. Patch commands, mitigations, and verificati
CVE-2017-0210: Elevation of Privilege in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2017-0213 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2017-0222 is an out-of-bounds write in Internet Explorer. This page lists verified fix commands and short-term mitigations you can run t
CVE-2017-0261 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-0262 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2017-0263 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-1000253 - Security Vulnerability in Kernel. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2017-10271 is a missing authentication in WebLogic Server. This page lists verified fix commands and short-term mitigations you can run
CVE-2017-11292 is an access of resource using incompatible type in Adobe Flash Player version 27.0.0.159 and earlier. This page lists verifi
CVE-2017-11774 is a security feature bypass in Microsoft Corporation Microsoft Outlook. CVSS 7.8 High. Patch commands, mitigations, and veri
CVE-2017-11826 is a buffer overflow in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-11882 is a remote code execution in Microsoft Corporation Microsoft Office. CVSS 7.8 High. Patch commands, mitigations, and verific
CVE-2017-12231 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-12233 is an improper input validation in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run to
CVE-2017-12234 is an improper input validation in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run to
CVE-2017-12235 is an improper input validation in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run to
CVE-2017-12237 is a cwe-399 in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-12615 is a Unrestricted File Upload flaw in Apache Tomcat. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2017-12617 is a Unrestricted File Upload flaw in Apache Tomcat. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2017-12637 - Path Traversal in NetWeaver. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2017-16651 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2017-17562 is a security vulnerability in Embedthis GoAhead. This page lists verified fix commands and short-term mitigations you can ru
CVE-2017-3506 - Command Injection in WebLogic Server. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2017-5030 out-of-bounds read in Google Chrome Prior To 57.0.2987.98 For Linux, Windows And Mac, And 57.0.2987.108 For Android. Runnable
CVE-2017-5070 access of resource using incompatible type ('type confusion') in Google Chrome Prior To 59.0.3071.86 For Linux, Windows And Ma
CVE-2017-5521 is a security vulnerability in Multiple Devices. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2017-6327 is a code execution in Symantec Corporation Messaging Gateway. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2017-6334: OS Command Injection in NETGEAR DGN2200 Devices. Runnable fix commands and patched builds.
CVE-2017-6627 is a cwe-399 in Cisco IOS and Cisco IOS XE. This page lists verified fix commands and short-term mitigations you can run today
CVE-2017-6736 is a buffer overflow in IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-6737 is a buffer overflow in IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-6738 is a buffer overflow in Cisco IOS XE Software. This page lists verified fix commands and short-term mitigations you can run to
CVE-2017-6739 is a buffer overflow in Universal Product. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-6740 is a buffer overflow in IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-6742 improper restriction of operations within the bounds of a memory buffer in Cisco Ios Xe Software. Runnable upgrade commands an
CVE-2017-6743 is a buffer overflow in IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-6744 is a buffer overflow in IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-6884 improper neutralization of special elements used in an os command ('os command i in Emg2926 Routers. Runnable upgrade commands
CVE-2017-8291 is a Type Confusion flaw in Artifex Ghostscript. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2017-8464 is a security vulnerability in Windows Shell. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2017-8540 is an out-of-bounds write in Malware Protection Engine. This page lists verified fix commands and short-term mitigations you c
CVE-2017-8570 is a security vulnerability in Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft
CVE-2017-8759 is a remote code execution in Microsoft Corporation Microsoft .NET Framework. CVSS 7.8 High. Patch commands, mitigations, and
CVE-2017-9805 is a deserialization of untrusted data in Apache Struts. This page lists verified fix commands and short-term mitigations you
CVE-2017-9822: Remote Code Execution via untrusted deserialization of Xml data in DotNetNuke CMS Fixed in 9.1.1. Patch commands and verifica
CVE-2017-0022: Memory Corruption in Microsoft XML Core Services. Runnable fix commands and patched builds.
CVE-2017-0059: Information Disclosure in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2017-12232 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-12238 is a cwe-399 in Cisco IOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2017-12319 is an improper input validation in Cisco IOS XE. This page lists verified fix commands and short-term mitigations you can run
CVE-2017-6663 is a security vulnerability in Cisco IOS and IOS XE. This page lists verified fix commands and short-term mitigations you can
CVE-2016-10033 - Command Injection in PHPMailer. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2016-10174 is a Buffer Overflow flaw in NETGEAR WNR2000v5 Router. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2016-1555: Command Injection in NETGEAR Wireless Access Point (WAP) Devices. Runnable fix commands and patched builds.
CVE-2016-20017 improper neutralization of special elements used in a command ('command injectio in Dsl-2750B Devices. Runnable upgrade comma
CVE-2016-2386 improper neutralization of special elements used in an sql command ('sql injecti in Netweaver. Runnable upgrade commands and v
CVE-2016-3088 is an unrestricted file upload in The Fileserver. This page lists verified fix commands and short-term mitigations you can run
CVE-2016-3427 is a improper access control in Java Se And Jrockit. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2016-4437 is an use of hard-coded cryptographic key in Apache Shiro. This page lists verified fix commands and short-term mitigations yo
CVE-2016-7836 - Remote Code Execution in SKYSEA Client View. Runnable patch commands, mitigation snippets, and verification steps on this pa
CVE-2016-8735 is a remote code execution in Apache Tomcat. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-0034 is a remote code execution in Silverlight. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-0040 is a n/a flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2016-0099 is a buffer copy without checking size of in Microsoft Windows. This page lists verified fix commands and short-term mitigatio
CVE-2016-0151: Improper Privilege Management in Microsoft Client-Server Run-time Subsystem (CSRSS). Runnable fix commands and patched builds
CVE-2016-0165 is a security vulnerability in Win32K. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-0167 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2016-0185 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2016-0189: Out-of-Bounds Write in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2016-0752 is a Path Traversal flaw in Rails Ruby on Rails. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2016-0984 is a use after free in Flash Player And Air. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-1010 is a integer overflow or wraparound in Flash Player And Air. Patched version, runnable upgrade commands, and how to verify the
CVE-2016-1019 is a security vulnerability in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today
CVE-2016-11021: OS Command Injection in D-Link DCS-930L Devices. Runnable fix commands and patched builds.
CVE-2016-1646 is a out-of-bounds read in Chromium V8. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-3235 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2016-3309 is a n/a flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2016-3393 is a security vulnerability in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-3643 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2016-3714 - Security Vulnerability in ImageMagick. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2016-3976 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2016-4117 is a security vulnerability in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today
CVE-2016-4171 is a n/a flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2016-4523: Out-of-Bounds Read in Trihedral VTScada (formerly VTS). Runnable fix commands and patched builds.
CVE-2016-4656 is a Out-of-Bounds Write flaw in Apple iOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands
CVE-2016-4657 is a Out-of-Bounds Write flaw in Apple iOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands
CVE-2016-5195 is a race condition in Linux kernel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2016-5198 out-of-bounds write in Google Chrome Prior To 54.0.2840.90 For Linux, And 54.0.2840.85 For Android, And 54.0.2840.87 For Windo
CVE-2016-6277: Cross-Site Request Forgery in NETGEAR Multiple Routers. Runnable fix commands and patched builds.
CVE-2016-6366: Buffer Overflow in Cisco Adaptive Security Appliance (ASA). Runnable fix commands and patched builds.
CVE-2016-6367: Command Injection in Cisco Adaptive Security Appliance (ASA). Runnable fix commands and patched builds.
CVE-2016-6415 exposure of sensitive information to an unauthorized actor in Ios, Ios Xr, And Ios Xe. Runnable upgrade commands and verificat
CVE-2016-7193 is a security vulnerability in Microsoft Word. This page lists verified fix commands and short-term mitigations you can run to
CVE-2016-7200 is a Out-of-Bounds Write flaw in Microsoft Edge. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2016-7201 is a Type Confusion flaw in Microsoft Edge. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands
CVE-2016-7255 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2016-7256 is a remote code execution in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-7262 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2016-7855 is an use-after-free in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2016-7892 is a Use-After-Free flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2016-8562 is a security vulnerability in SIMATIC CP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2016-9079 is a use after free in Firefox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2016-0162 is a n/a flaw in Microsoft Internet Explorer. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2016-2388 exposure of sensitive information to an unauthorized actor in Netweaver. Runnable upgrade commands and verification steps for
CVE-2016-3298 is a n/a flaw in Microsoft Internet Explorer. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2016-3351 is a n/a flaw in Microsoft Internet Explorer and Edge. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2016-3715 is a n/a in the vendor n/a. CVSS 5.5 Medium. Patch commands, mitigations, and verification.
CVE-2016-3718 is a n/a in the vendor n/a. CVSS 5.5 Medium. Patch commands, mitigations, and verification.
CVE-2016-4655 is a n/a flaw in Apple iOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2016-9563 is a n/a in the vendor n/a. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2015-1187: Improper Authentication in D-Link And TRENDnet Multiple Devices. Runnable fix commands and patched builds.
CVE-2015-1427 is a n/a flaw in Elastic Elasticsearch. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2015-1635 is a code injection in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2015-2590 is a security vulnerability in Java. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2015-4068: Path Traversal in Arcserve Unified Data Protection (UDP). Runnable fix commands and patched builds.
CVE-2015-4852 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2015-7450 is a deserialization of untrusted data in Java. This page lists verified fix commands and short-term mitigations you can run t
CVE-2015-7755 - Security Vulnerability in ScreenOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2015-0016 improper limitation of a pathname to a restricted directory ('path traversal') in Windows. Runnable upgrade commands and verif
CVE-2015-0310 exposure of sensitive information to an unauthorized actor in Flash Player. Runnable upgrade commands and verification steps f
CVE-2015-0311 is a n/a flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2015-0313 is a Use-After-Free flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2015-0666: Path Traversal in Cisco Prime Data Center Network Manager (DCNM). Runnable fix commands and patched builds.
CVE-2015-1130 is a link resolution before file access in The XPC. This page lists verified fix commands and short-term mitigations you can r
CVE-2015-1641 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2015-1642 is an out-of-bounds write in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run to
CVE-2015-1671 is a security vulnerability in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2015-1701 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2015-1770: Access of Uninitialized Pointer in Microsoft Office. Runnable fix commands and patched builds.
CVE-2015-2051 is a command injection in dir-645. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2015-2291 improper input validation in Ethernet Diagnostics Driver For Windows. Runnable upgrade commands and verification steps for sys
CVE-2015-2360 is a use after free in Win32K. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2015-2387 is an out-of-bounds write in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2015-2419: Out-of-Bounds Write in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2015-2424 is an out-of-bounds write in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run to
CVE-2015-2425 is a out-of-bounds write in Internet Explorer. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2015-2426 is a Buffer Underwrite flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix co
CVE-2015-2502: Out-of-Bounds Write in Microsoft Internet Explorer. Runnable fix commands and patched builds.
CVE-2015-2545 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2015-2546 is a Memory Corruption flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2015-3035: Path Traversal in TP-Link Multiple Archer Devices. Runnable fix commands and patched builds.
CVE-2015-3043 is an out-of-bounds write in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2015-3113 is a Heap Buffer Overflow flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2015-4495 is a origin validation error in Firefox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2015-5119 is an use-after-free in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2015-5122 is a Use-After-Free flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2015-5123 is a Use-After-Free flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2015-5317 exposure of sensitive information to an unauthorized actor in Jenkins User Interface (Ui). Runnable upgrade commands and verif
CVE-2015-6175 is a security vulnerability in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2015-7645 is a security vulnerability in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today
CVE-2015-8651 is a integer overflow or wraparound in Flash Player. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2015-0071 is a security vulnerability in Internet Explorer. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2015-1769 is a security vulnerability in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2015-4902 is an access control in Java. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2014-1776 is an use-after-free in Internet Explorer. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2014-3931 - Memory Corruption in Multi-Router Looking Glass (MRLG). Runnable patch commands, mitigation snippets, and verification steps
CVE-2014-6271 is an OS command injection in Bash. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2014-6287: Code Injection in Rejetto HTTP File Server (HFS). Runnable fix commands and patched builds.
CVE-2014-7169 is an OS command injection in Bash. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2014-8361 is a security vulnerability in Sdk. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2014-0130 is a Path Traversal flaw in Rails Ruby on Rails. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2014-0160 is a Out-of-Bounds Read flaw in OpenSSL. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2014-0322 is a Use-After-Free flaw in Microsoft Internet Explorer. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2014-0496 is an use-after-free in Adobe Reader. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2014-0497 - Security Vulnerability in Flash Player. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2014-0502 - Security Vulnerability in Flash Player. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2014-0546 is a security vulnerability in Reader And Acrobat. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2014-0780 is a Path Traversal flaw in InduSoft Web Studio. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2014-100005 is a cross-site request forgery (csrf) in Dir-600 Firmware. Patched version, runnable upgrade commands, and how to verify th
CVE-2014-1761 is an out-of-bounds write in Microsoft Word. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2014-1812 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2014-2817 is a security vulnerability in Internet Explorer. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2014-3120: Improper Access Control in Elastic Elasticsearch. Runnable fix commands and patched builds.
CVE-2014-3153 is a security vulnerability in Kernel. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2014-4077 security vulnerability in Input Method Editor (Ime) Japanese. Runnable upgrade commands and verification steps for sysadmins.
CVE-2014-4113 is a n/a flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2014-4114 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2014-4123 is a security vulnerability in Internet Explorer. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2014-4148 improper control of generation of code ('code injection') in Windows. Runnable upgrade commands and verification steps for sys
CVE-2014-4404 is an out-of-bounds write in Heap. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2014-6278 - Remote Code Execution in GNU Bash. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2014-6324: n/a in Microsoft Kerberos Key Distribution Center (KDC). Runnable fix commands and patched builds.
CVE-2014-6332 is a Memory Corruption flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix co
CVE-2014-6352 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2014-8439 is a use after free in Flash Player. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2014-9163 is a Stack Buffer Overflow flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2014-0196 concurrent execution using shared resource with improper synchronization ('race in Kernel. Runnable upgrade commands and verif
CVE-2014-2120 - Cross-Site Scripting in Adaptive Security Appliance (ASA). Runnable patch commands and verification on this page.
CVE-2013-0422 is a improper access control in Java Runtime Environment (Jre). Patched version, runnable upgrade commands, and how to verify
CVE-2013-0625 is an authentication bypass in Adobe ColdFusion. This page lists verified fix commands and short-term mitigations you can run
CVE-2013-0632 is a default permissions in Adobe ColdFusion. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2013-2251: Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Struts. Runnable fix commands
CVE-2013-2465 is a Protection Mechanism Failure flaw in Oracle Java SE. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2013-4810: Code Injection in Hewlett Packard (HP) ProCurve Manager (PCM). Runnable fix commands and patched builds.
CVE-2013-0074 is a security vulnerability in Silverlight. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2013-0629 is a n/a flaw in Adobe ColdFusion. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2013-0631 is a n/a flaw in Adobe ColdFusion. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2013-0640 is an out-of-bounds write in Adobe Reader. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-0641 is a buffer copy without checking size of in Adobe Reader. This page lists verified fix commands and short-term mitigations yo
CVE-2013-0643 - Security Vulnerability in Flash Player. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2013-0648 - Security Vulnerability in Flash Player. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2013-1331 buffer copy without checking size of input ('classic buffer overflow') in Office. Runnable upgrade commands and verification s
CVE-2013-1347 is an use-after-free in Internet Explorer. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-1690: Memory Corruption in Mozilla Firefox and Thunderbird. Runnable fix commands and patched builds.
CVE-2013-2094 is a security vulnerability in Kernel. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2013-2551 is a Use-After-Free flaw in Microsoft Internet Explorer. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2013-2596 is a integer overflow or wraparound in Kernel. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2013-2597 is a stack-based buffer overflow in Acdb Audio Driver. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2013-2729 is a Integer Overflow flaw in Adobe Reader and Acrobat. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2013-3163 is a out-of-bounds write in Internet Explorer. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2013-3346 is an out-of-bounds write in Adobe Reader. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-3660 is a Memory Corruption flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2013-3893 - Use-After-Free in Internet Explorer. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2013-3897 is an use-after-free in Internet Explorer. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-3906 is a code injection in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-3918 - Out-of-Bounds Write in Windows. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2013-5065 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2013-6282 is a improper input validation in Kernel. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2013-0431 protection mechanism failure in Java Runtime Environment (Jre). Runnable upgrade commands and verification steps for sysadmins
CVE-2013-1675 is an initialization in Mozilla Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-3896 is a security vulnerability in Silverlight. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2013-3900 is a vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2013-3993 improper limitation of a pathname to a restricted directory ('path traversal') in Infosphere Biginsights. Runnable upgrade com
CVE-2013-5223 is a Cross-Site Scripting flaw in D-Link DSL-2760U. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2013-7331 generation of error message containing sensitive information in Internet Explorer. Runnable upgrade commands and verification
CVE-2013-2423 is a improper access control in Java Runtime Environment (Jre). Patched version, runnable upgrade commands, and how to verify
CVE-2012-0391 is a code injection in Apache Struts. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2012-0507 is an access of resource using incompatible type in Java. This page lists verified fix commands and short-term mitigations you
CVE-2012-1710 is a security vulnerability in Fusion Middleware. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2012-1723 is an access control in Java. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2012-1823 is a Command Injection flaw in PHP PHP. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2012-3152 is a n/a in the vendor n/a. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2012-4681 is an access control in Java. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2012-5076 is a Improper Access Control flaw in Oracle Java SE. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2012-0151 is a improper input validation in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2012-0158 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2012-0754 is a denial of service in Flash Player. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2012-1535 is a code injection in Adobe Flash. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2012-1854 - Security Vulnerability in Visual Basic for Applications (VBA). Runnable patch commands and verification on this page.
CVE-2012-1856 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2012-1889 is a out-of-bounds write in Xml Core Services. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2012-2034 is a Memory Corruption flaw in Adobe Flash Player. Actively exploited per CISA KEV. Verified patched builds and runnable fix c
CVE-2012-2539 is a Out-of-Bounds Write flaw in Microsoft Word. Actively exploited per CISA KEV. Verified patched builds and runnable fix com
CVE-2012-4792 - Use-After-Free in Internet Explorer. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2012-4969 is a use after free in Internet Explorer. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2012-5054 is a integer overflow or wraparound in Flash Player. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2012-0518 is a Open Redirect flaw in Oracle Fusion Middleware. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2012-0767 improper neutralization of input during web page generation ('cross-site scripti in Flash Player. Runnable upgrade commands an
CVE-2011-1889 is a buffer overflow in The NSPLookupServiceNext. This page lists verified fix commands and short-term mitigations you can run
CVE-2011-3544 is an access control in Java. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2011-0609 is a denial of service in Flash Player. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2011-0611 is an access of resource using incompatible type in acrobat. This page lists verified fix commands and short-term mitigations
CVE-2011-1823 is a integer overflow or wraparound in Android Os. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2011-2005: n/a in Microsoft Ancillary Function Driver (afd.sys). Runnable fix commands and patched builds.
CVE-2011-2462 is a out-of-bounds write in Reader And Acrobat. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2011-3402 - Remote Code Execution in Windows. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2011-4723 cleartext storage of sensitive information in Dir-300 Router. Runnable upgrade commands and verification steps for sysadmins.
CVE-2010-0840 is a remote code execution in Java Runtime Environment (Jre). Patched version, runnable upgrade commands, and how to verify th
CVE-2010-2861 is a Path Traversal flaw in Adobe ColdFusion. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2010-3765 - Memory Corruption in Multiple Products. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2010-4344 is a Out-of-Bounds Write flaw in Exim. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2010-5326 is a n/a in the vendor n/a. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2010-5330 is a Command Injection flaw in Ubiquiti AirOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix comma
CVE-2010-0188 is a security vulnerability in Adobe Reader. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2010-0232 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2010-0249 - Use-After-Free in Internet Explorer. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2010-0806 - Use-After-Free in Internet Explorer. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2010-1297 is a out-of-bounds write in Flash Player. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2010-1428 is a exposed dangerous method or function in Jboss. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2010-1871 is a neutralization of special elements used in in JBoss Seam. This page lists verified fix commands and short-term mitigation
CVE-2010-2568 is a security vulnerability in Windows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2010-2572 buffer copy without checking size of input ('classic buffer overflow') in Powerpoint. Runnable upgrade commands and verificati
CVE-2010-2883 is a out-of-bounds write in Acrobat And Reader. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2010-3035 is a n/a flaw in Cisco IOS XR. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2010-3333 is an out-of-bounds write in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run to
CVE-2010-3904 is a security vulnerability in Kernel. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2010-3962 - Use-After-Free in Internet Explorer. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2010-4345 is a Command Injection flaw in Exim. Actively exploited per CISA KEV. Verified patched builds and runnable fix commands.
CVE-2010-4398 is a Out-of-Bounds Write flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2010-0738 is a exposed dangerous method or function in Jboss. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2009-1151 is a Code Injection flaw in phpMyAdmin phpMyAdmin. Actively exploited per CISA KEV. Verified patched builds and runnable fix c
CVE-2009-0238 - Remote Code Execution in Office. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2009-0556 - Memory Corruption in Office. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2009-0557 improper control of generation of code ('code injection') in Office. Runnable upgrade commands and verification steps for sysa
CVE-2009-0563 is a out-of-bounds write in Office. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2009-0927: Stack Buffer Overflow in Adobe Reader and Acrobat. Runnable fix commands and patched builds.
CVE-2009-1123 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2009-1537 - NULL Byte Overwrite in DirectX. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2009-1862 is a out-of-bounds write in Acrobat And Reader, Flash Player. Patched version, runnable upgrade commands, and how to verify th
CVE-2009-3129 is an out-of-bounds write in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run to
CVE-2009-3459 - Heap Buffer Overflow in Acrobat and Reader. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2009-3953 is a out-of-bounds write in Acrobat And Reader. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2009-4324 is a use after free in Acrobat And Reader. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2009-2055 is a Improper Input Validation flaw in Cisco IOS XR. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2009-3960 is a security vulnerability in Unspecified. This page lists verified fix commands and short-term mitigations you can run today
CVE-2008-4250 - Buffer Overflow in Windows. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2008-0015 - Stack Buffer Overflow in Windows. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2008-0655 exposure of sensitive information to an unauthorized actor in Acrobat And Reader. Runnable upgrade commands and verification s
CVE-2008-2992 is an out-of-bounds write in Java. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2008-3431 is a security vulnerability in The VBoxDrvNtDeviceControl. This page lists verified fix commands and short-term mitigations yo
CVE-2007-3010: Command Injection in Alcatel OmniPCX Enterprise. Runnable fix commands and patched builds.
CVE-2007-0671 - Remote Code Execution in Office. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2007-5659 buffer copy without checking size of input ('classic buffer overflow') in Acrobat And Reader. Runnable upgrade commands and ve
CVE-2006-1547 is an exposed dangerous method or function in ActionForm. This page lists verified fix commands and short-term mitigations you
CVE-2006-2492 buffer copy without checking size of input ('classic buffer overflow') in Word. Runnable upgrade commands and verification ste
CVE-2005-2773: Command Injection in Hewlett Packard (HP) OpenView Network Node Manager. Runnable fix commands and patched builds.
CVE-2004-0210 is a buffer copy without checking size of in Microsoft Windows. This page lists verified fix commands and short-term mitigatio
CVE-2004-1464 is a uncontrolled resource consumption in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2002-0367 is an improper privilege management in Windows NT. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-0006 is a heap buffer overflow in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0110 is a elevation of privilege in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0111 is a elevation of privilege in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0113 is a elevation of privilege in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0114 is a remote code execution in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0116 is a remote code execution in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0120 is a remote code execution in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0124 is a security vulnerability in Google Android. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-0481 is a weak cryptography in AMD Instinct™ MI210. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0488: a vulnerability in SAP CRM and SAP S/4HANA (Scripting Edito. Patched version and vendor advisory inside.
CVE-2026-0491 is a code injection in SAP Landscape Transformation. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0498: a code injection in SAP S/4HANA (Private Cloud and On-Premis. Patched version and vendor advisory inside.
CVE-2026-0500: a code injection in SAP Wily Introscope Enterprise Manager (. Patched version and vendor advisory inside.
CVE-2026-0501: a SQL injection in SAP S/4HANA Private Cloud and On-Premise. Patched version and vendor advisory inside.
CVE-2026-0509: a vulnerability in SAP NetWeaver Application Server ABAP an. Patched version and vendor advisory inside.
CVE-2026-0542 is a improper isolation or compartmentalization in ServiceNow ServiceNow AI Platform. This page lists the verified fix and inl
CVE-2026-0545: Missing Authentication for Critical Function in mlflow/mlflow in mlflow/mlflow. Patch commands and verification.
CVE-2026-0596 is a command injection in mlflow/mlflow in mlflow/mlflow. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2026-0625 is an authentication bypass in DSL-2640B. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0650 is an authentication bypass in Flagr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0740: Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload in Ninja Forms - File Uploads. Patch commands and
CVE-2026-0755 is an OS command injection in gemini-mcp-tool. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0756: an OS command injection in github-kanban-mcp-server. Patched version and vendor advisory inside.
CVE-2026-0759 is an OS command injection in Development Starter Kit. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0760 is an unsafe deserialization in MetaGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0761 is a code injection in MetaGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0763 is an unsafe deserialization in GPT Academic. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0764 is an unsafe deserialization in GPT Academic. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0768 is a code injection in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0769 is a code injection in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0770 is a local privilege escalation in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0773 is an unsafe deserialization in Upsonic. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0848 is a improper input validation in nltk nltk/nltk. This page lists the verified fix and inline mitigations.
CVE-2026-0898 is an access control bypass in Pega Robot Studio. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0920: a vulnerability in LA-Studio Element Kit for Elementor. Patched version and vendor advisory inside.
CVE-2026-0926 is a vulnerability in Prodigy Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0953: Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login in Tutor LMS Pro. Patch commands and verification.
CVE-2026-0963 is a path traversal in Crafty Controller. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1009 is a vulnerability in Altium Live. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1019: an authentication bypass in Police Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1021: an unrestricted file upload in Police Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1056 is a path traversal in Snow Monkey Forms. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1114: Improper Access Control via Weak JWT Token in parisneo/lollms in parisneo/lollms. Patch commands and verification.
CVE-2026-1115 is a cross-site scripting in parisneo/lollms. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-1162 is a vulnerability in HiPER 810. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1181 is a code injection in Altium 365. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1201 is a vulnerability in Elevation C3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1221: a hard-coded credentials in PrismX MX100 AP controller. Patched version and vendor advisory inside.
CVE-2026-1306 is an unrestricted file upload in midi-Synth. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1331 is an unrestricted file upload in MeetingHub. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1341: an authentication bypass in Avation Light Engine Pro. Patched version and vendor advisory inside.
CVE-2026-1346 is a execution with unnecessary privileges in IBM Verify Identity Access Container, fixed by the same patch as CVE-2026-1342.
CVE-2026-1357 is an unrestricted file upload in WPvivid, Backup. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1358 is an unrestricted file upload in Airleader Master. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1363 is a vulnerability in IAQS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1364 is an authentication bypass in IAQS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1405 is an unrestricted file upload in Slider Future. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1432 is a SQL injection in Buroweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1435 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1453: an authentication bypass in Encoder Series E1 hardware Version 1.4. Patched version and vendor advisory inside.
CVE-2026-1470 is a code injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1472 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1473 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1474 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1475 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1476 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1477 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1478 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1479 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1480 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1481 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1482 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1483 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1490 is a vulnerability in Spam protection. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1492 is a privilege escalation in wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restri
CVE-2026-1496 is a vulnerability in Coverity. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1555 is an unrestricted file upload in WebStack. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-1568: an authentication bypass in Vulnerability Management. Patched version and vendor advisory inside.
CVE-2026-1579: PX4 Autopilot Missing authentication for critical function in Autopilot. Patch commands and verification.
CVE-2026-1610 is a hard-coded credentials in AX12 Pro V2. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1615 is a code injection in jsonpath. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1632 is an authentication bypass in MOMA Seismic Station. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1633 is an authentication bypass in LAN 232 TRIO. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1670 is an authentication bypass in I-HIB2PI-UL 2MP IP. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1678 is a out-of-bounds write in zephyrproject-rtos Zephyr. This page lists the verified fix and inline mitigations.
CVE-2026-1699: a local privilege escalation in Eclipse Theia - Website. Patched version and vendor advisory inside.
CVE-2026-1709 is a path traversal in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1723 is an OS command injection in X6000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1727: an information disclosure in Gemini Enterprise (formerly Agentspace). Patched version and vendor advisory inside.
CVE-2026-1729 is an authentication bypass in AdForest. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1803 is a vulnerability in ZHOME A0101. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1830 is a missing authorization in Quick Playground. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-1868: a server-side template injection in GitLab AI Gateway. Patched version and vendor advisory inside.
CVE-2026-1949 - CWE-131 Incorrect Calculation of Buffer Size in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1950 - CWE-121 Stack-based Buffer Overflow in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1951 - CWE-121 Stack-based Buffer Overflow in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1952 - CWE-912 Hidden Functionality in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1994: a vulnerability in s2Member – Excellent for All Kinds of Me. Patched version and vendor advisory inside.
CVE-2026-20079 is a authentication bypass using an alternate path or channel in Cisco Cisco Secure Firewall Management Center (FMC). This pa
CVE-2026-20093: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20129 is a authentication bypass in Cisco Cisco Catalyst SD-WAN Manager. This page lists the verified fix and inline mitigations.
CVE-2026-20147 is a command injection in Cisco ISE Passive Identity Connector. This page lists verified fix commands and short-term mitigati
CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution in Cisco Smart Software Manager On-Prem. Patch commands and
CVE-2026-2017 is a stack-based buffer overflow in W30AP. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-20180 is a path traversal in Cisco Identity Services Engine Software. This page lists verified fix commands and short-term mitigati
CVE-2026-20184 is a certificate validation in Cisco Webex Meetings. This page lists verified fix commands and short-term mitigations you can
CVE-2026-20186 is a command injection in Cisco Identity Services Engine Software. This page lists verified fix commands and short-term mitig
CVE-2026-20223 is an authentication bypass in Cisco Secure Workload. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-2031: a missing authorization in Internal Integration Platform APIs. Patched version and vendor advisory inside.
CVE-2026-20781 is a missing authentication in CloudCharge cloudcharge.se. This page lists the verified fix and inline mitigations.
CVE-2026-20794: a vulnerability in Intel(R) Data Center Graphics Driver for. Patched version and vendor advisory inside.
CVE-2026-20889 is a cwe-190: integer overflow or wraparound in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-20911 is a cwe-131: incorrect calculation of buffer size in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-2095 is an authentication bypass in Agentflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2096 is an authentication bypass in Agentflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21264 is a vulnerability in Microsoft Account. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21410 is a SQL injection in InSAT MasterSCADA BUK-TS. This page lists the verified fix and inline mitigations.
CVE-2026-21413 is a cwe-129: improper validation of array index in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-21440 is a path traversal in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21515 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Azure IOT Central. Runnable patch commands, mitigati
CVE-2026-21531: an unsafe deserialization in Azure AI Language Authoring. Patched version and vendor advisory inside.
CVE-2026-21536 is a unrestricted file upload in Microsoft Microsoft Devices Pricing Program. This page lists the verified fix and inline mit
CVE-2026-21571 - OS Command Injection in Bamboo Data Center. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-21622 is a cwe-613 insufficient session expiration in hexpm hexpm. This page lists the verified fix and inline mitigations.
CVE-2026-21623: a vulnerability in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21624: a vulnerability in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21626: an information disclosure in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21627 is a cwe-284 improper access control in tassos.gr Novarain/Tassos Framework (plg_system_nrframework). This page lists the ver
CVE-2026-21628 is a unrestricted file upload in astroidframe.work Astroid Template Framework. This page lists the verified fix and inline mi
CVE-2026-21666 is a remote code execution in Veeam Backup and Replication. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-21667 is a remote code execution in Veeam Backup and Replication. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-21669 is a remote code execution in Veeam Backup and Replication. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-21671 is a remote code execution in Veeam Software Appliance. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2026-21675 is an use-after-free in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21708 is a cwe-89 sql injection in Veeam Backup and Replication. CVSS 9.9 Critical. Patch commands, mitigations, and verification.
CVE-2026-21718 is a broken cryptography in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-21854 is an authentication bypass in tarkov-data-manager. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-21855 is a vulnerability in tarkov-data-manager. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21858 is an improper input validation in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21861: baserCMS: OS Command Injection Leading to Remote Code Execution (RCE) in basercms. Patch commands and verification.
CVE-2026-21875 is a SQL injection in clipbucket-v5. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21876 is a code injection in coreruleset. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21877 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21881 is an authentication bypass in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21891 is an authentication bypass in ZimaOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21893 is an OS command injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21902 is a incorrect permission assignment in Juniper Networks Junos OS Evolved. This page lists the verified fix and inline mitiga
CVE-2026-21962 is a vulnerability in Oracle HTTP Server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21969: a vulnerability in Oracle Agile Product Lifecycle Managemen. Patched version and vendor advisory inside.
CVE-2026-21992 is a vulnerability in Oracle Identity Manager. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21994: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Clou
CVE-2026-22034 is a vulnerability in snuffleupagus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22039 is a vulnerability in kyverno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22172 is a vulnerability in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22193: wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() in wpDiscuz. Patch commands and verification.
CVE-2026-22207 is a missing authentication in Volcengine OpenViking. This page lists the verified fix and inline mitigations.
CVE-2026-22208 is a vulnerability in OpenS100. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22234 is a vulnerability in eCase Portal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22236 is an authentication bypass in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22237 is an information disclosure in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22238 is an authentication bypass in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22239 is a vulnerability in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22240 is a vulnerability in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22252 is an access control bypass in LibreChat. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22314: a code injection in Meona Client Launcher Component. Patched version and vendor advisory inside.
CVE-2026-22336 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Directorist Booking. Runnabl
CVE-2026-22337 - CWE-266 Incorrect Privilege Assignment in Directorist Social Login. Runnable patch commands, mitigation, and verification o
CVE-2026-2234: an authentication bypass in C&Cm@il package olln-base. Patched version and vendor advisory inside.
CVE-2026-22384 is an unsafe deserialization in Applay - Shortcodes. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-22390 is a code injection in Builderall Builderall Builder for WordPress. This page lists the verified fix and inline mitigations.
CVE-2026-22417 is a unsafe deserialization in ThemeGoods Grand Wedding. This page lists the verified fix and inline mitigations.
CVE-2026-22451 is a unsafe deserialization in AncoraThemes Handyman. This page lists the verified fix and inline mitigations.
CVE-2026-22453 is a unsafe deserialization in ThemeREX Pets Club. This page lists the verified fix and inline mitigations.
CVE-2026-22454 is a unsafe deserialization in ThemeREX Solaris. This page lists the verified fix and inline mitigations.
CVE-2026-22474 is a unsafe deserialization in ThemeREX Equestrian Centre. This page lists the verified fix and inline mitigations.
CVE-2026-22475 is a unsafe deserialization in axiomthemes Estate. This page lists the verified fix and inline mitigations.
CVE-2026-2248 is an authentication bypass in METIS WIC. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22484 is a SQL injection in Lisfinity Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2249 is an authentication bypass in METIS DFS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22497 is a unsafe deserialization in AncoraThemes Jardi. This page lists the verified fix and inline mitigations.
CVE-2026-22500: an unsafe deserialization in m2 | Construction and Tools Store. Patched version and vendor advisory inside.
CVE-2026-22501 is a unsafe deserialization in axiomthemes Mounthood. This page lists the verified fix and inline mitigations.
CVE-2026-22507 is an unsafe deserialization in Beelove. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2251 is a path traversal in Xerox FreeFlow Core. This page lists the verified fix and inline mitigations.
CVE-2026-22540 is a denial of service in QC60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22542 is a denial of service in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22552 is a missing authentication in ePower epower.ie. This page lists the verified fix and inline mitigations.
CVE-2026-22553 is a OS command injection in InSAT MasterSCADA BUK-TS. This page lists the verified fix and inline mitigations.
CVE-2026-22557 is a path traversal in Ubiquiti Inc UniFi Network Application. CVSS 10 Critical. Patch commands, mitigations, and verificatio
CVE-2026-22562 is a path traversal in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-22563 is an improper input validation in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations yo
CVE-2026-22564 is an access control - generic in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations you
CVE-2026-22599 is a SQL injection in strapi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22600 is an information disclosure in openproject. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22679: Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint in E-cology. Patch commands and verification.
CVE-2026-22686 is an authentication bypass in enclave. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22688 is an OS command injection in WeKnora. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22696 is an authentication bypass in dcap-qvl. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22709 is a code injection in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22732: Under Some Conditions Spring Security HTTP Headers Are not Written in Spring Security. Patch commands and verification.
CVE-2026-22738 is a vulnerability in Spring AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22755: an OS command injection in Affected device model numbers are FD8365. Patched version and vendor advisory inside.
CVE-2026-22778 is a vulnerability in vllm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22781 is an OS command injection in TinyWeb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22783 is an unrestricted file upload in iris-web. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22785 is an OS command injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22792 is a vulnerability in 5ire. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22793 is a code injection in 5ire. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22794 is a vulnerability in appsmith. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22797 is an authentication bypass in keystonemiddleware. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-22799 is an unrestricted file upload in emlog. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22806 is an access control bypass in loft. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22813 is a vulnerability in opencode. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22822 is an access control bypass in external-secrets. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22844 is an OS command injection in Zoom Node. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22863 is a path traversal in deno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22886 is a cwe-1392 use of default credentials in Eclipse Foundation Eclipse OpenMQ. This page lists the verified fix and inline mi
CVE-2026-22891 is a heap buffer overflow in The Biosig Project libbiosig. This page lists the verified fix and inline mitigations.
CVE-2026-22898 is an authentication bypass in QVR Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22903 is a stack-based buffer overflow in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22904 is a stack-based buffer overflow in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22906 is a vulnerability in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22907 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22908 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22924 is an authentication bypass in SIMATIC CN 4100. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22984 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23112 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23240 is a tls: fix race condition in tls_sw_cancel_work_tx() in Linux. CVSS 9.8 Critical. Patch commands, mitigations, and verific
CVE-2026-2329 is a stack-based buffer overflow in GXP1610. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2330 is a cwe-552 files or directories accessible to external parties in SICK AG SICK Lector85x. This page lists the verified fix a
CVE-2026-2331 is a cwe-552 files or directories accessible to external parties in SICK AG SICK Lector85x. This page lists the verified fix a
CVE-2026-2333 is an OS command injection in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23427 is a ksmbd: fix use-after-free in durable v2 replay of active file handles in Linux, fixed by the same patch as CVE-2026-2340
CVE-2026-23428 is a ksmbd: fix use-after-free of share_conf in compound request in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23450 is a net/smc: fix null dereference and uaf in smc_tcp_syn_recv_sock() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23455 is a netfilter: nf_conntrack_h323: check for zero length in decodeq931() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-2347: an insecure direct object reference (IDOR) in E-Commerce Website. Patched version and vendor advisory inside.
CVE-2026-23478 is a vulnerability in cal.com. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23489: Fields GLPI plugin vulnerable to RCE in dropdown generation in fields. Patch commands and verification.
CVE-2026-23491 is a path traversal in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23500 is an OS command injection in dolibarr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23515 is an OS command injection in signalk-server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23518 is an authentication bypass in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23520 is an OS command injection in arcane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23523 is a code injection in Dive. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23524 is an unsafe deserialization in reverb. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23542 is an unsafe deserialization in Grand Restaurant. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-23549 is an unsafe deserialization in WpEvently. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23550 is a vulnerability in Modular DS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23552 is a cwe-346 origin validation error in Apache Software Foundation Apache Camel. This page lists the verified fix and inline
CVE-2026-23600 is a authentication bypass in Hewlett Packard Enterprise (HPE) HPE AutoPass License Server (APLS). This page lists the verifi
CVE-2026-23647 is a hard-coded credentials in RBG-100. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23652 is an OS command injection in Microsoft Power Pages. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-23693 is a missing authentication in Roxnor ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor. This
CVE-2026-23696: Windmill < 1.603.3 File Ownership Handling SQLi RCE in Windmill CE (Community Edition). Patch commands and verification.
CVE-2026-23722 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23734 is a path traversal in xwiki-commons. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23744 is an authentication bypass in inspector. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23746: an authentication bypass in Instant Financial Issuance (IF). Patched version and vendor advisory inside.
CVE-2026-23751 - CWE-306 Missing Authentication for Critical Function in Kofax Capture. Runnable patch commands, mitigation, and verificatio
CVE-2026-23767 is a missing authentication in Seiko Epson Corporation ESC/POS. This page lists the verified fix and inline mitigations.
CVE-2026-23781 is a hard-coded credentials in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23800 is a vulnerability in Modular DS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23802 is a unrestricted file upload in Jordy Meow AI Engine. This page lists the verified fix and inline mitigations.
CVE-2026-23813 is a security vulnerability in Hewlett Packard Enterprise (hpe) AOS-CX. CVSS 9.8 Critical. Patch commands, mitigations, and v
CVE-2026-23830 is a code injection in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23836 is an improper input validation in hotcrp. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23837 is an access control bypass in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23839 is an improper input validation in movary. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23840 is an improper input validation in movary. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23841 is an improper input validation in movary. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23891 is a cross-site scripting in decidim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23947 is an OS command injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23966 is a vulnerability in sm-crypto. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24002 is a vulnerability in grist-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24015: Apache IoTDB: Insecure Default Configuration in Apache IoTDB. Patch commands and verification.
CVE-2026-24042 is a vulnerability in appsmith. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24044 is a vulnerability in ess-helm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24060 is a vulnerability in WebCTRL Premium Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2409 is a SQL injection in Cloud Suite. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24101 is a OS command injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24103 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24105 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24107 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24108 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24109 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24110 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24111 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24113 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24115 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24118 improper control of generation of code ('code injection') in vm2. Runnable upgrade commands and verification steps for sysadm
CVE-2026-24120 is a protection mechanism failure in vm2. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-2417 is an authentication bypass in Mosaic Show Controller. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24178 - CWE-639 Authorization Bypass Through User-Controlled Key in FLARE SDK. Runnable patch commands, mitigation, and verificatio
CVE-2026-2418 is a security vulnerability in Unknown Login with Salesforce. This page lists the verified fix and inline mitigations.
CVE-2026-24207: an authentication bypass in Triton Inference Server. Patched version and vendor advisory inside.
CVE-2026-24300 is an access control bypass in Azure Front Door. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-24303 - CWE-284: Improper Access Control in Microsoft Partner Center. Runnable patch commands, mitigation, and verification on this
CVE-2026-24304: an access control bypass in Azure Resource Manager. Patched version and vendor advisory inside.
CVE-2026-24305 is an access control bypass in Microsoft Entra. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24306 is an access control bypass in Azure Front Door. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-24307 is an authentication bypass in Microsoft 365 Copilot. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24378 is an unsafe deserialization in EventPrime. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24399 is a vulnerability in chattermate.chat. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24429 is a default credentials in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24436 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24448 is a use of hard-coded credentials in Micro Research Ltd. MR-GM5L-S1. CVSS 9.8 Critical. Patch commands, mitigations, and ver
CVE-2026-24457 is a path traversal in Eclipse Foundation Eclipse OpenMQ. This page lists the verified fix and inline mitigations.
CVE-2026-2446 is a missing authorization in Unknown PowerPack for LearnDash. This page lists the verified fix and inline mitigations.
CVE-2026-24465 is a stack-based buffer overflow in WAB-S733IW2-PD. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24467 is a cwe-640: weak password recovery mechanism for in openaev. This page lists verified fix commands and short-term mitigatio
CVE-2026-24471 is a vulnerability in continuwuity. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24479 is a path traversal in hustoj. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2449 is a neutralization of argument delimiters in a in upKeeper Instant Privilege Access. This page lists verified fix commands an
CVE-2026-24494 is a SQL injection in Order Up Online Ordering System. This page lists the verified fix and inline mitigations.
CVE-2026-24663 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-24685 is an OS command injection in openproject. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24713: Apache IoTDB: JEXL Expression Injection in Apache IoTDB. Patch commands and verification.
CVE-2026-24728 is an authentication bypass in DreamMaker. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24729 is an unrestricted file upload in DreamMaker. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24731 is a missing authentication in EV2GO ev2go.io. This page lists the verified fix and inline mitigations.
CVE-2026-24736 is a vulnerability in squidex. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24770 is a path traversal in ragflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24781 improper control of generation of code ('code injection') in vm2. Runnable upgrade commands and verification steps for sysadm
CVE-2026-24789 is an authentication bypass in ZLAN5143D. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24793 is an OS command injection in azerothcore-wotlk. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-24794 is a memory corruption in cardboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24798 is a memory corruption in DagorEngine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24800 is an OS command injection in furnace. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24803 is a denial of service in lede. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24804 is a denial of service in lede. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24810 is a vulnerability in rethinkdb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24811 is a vulnerability in root. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24812 is a vulnerability in root. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24814 is a vulnerability in swoole-src. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24815 is an unsafe deserialization in tis. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24816 is a denial of service in tis. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24821 is a path traversal in WickedEngine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24822 is an OS command injection in wxhelper. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24823 is an OS command injection in X-TRACK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24826 is an OS command injection in turso3d. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24830 is a vulnerability in IronOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24832 is an OS command injection in ixray-1.6-stcop. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24834 is an arbitrary file read in kata-containers. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24838 is a vulnerability in Dnn.Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24841 is an OS command injection in dokploy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24849 is a path traversal in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24871 is a code injection in Minecraft-Rcon-Manage. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24872 is a vulnerability in SkyFire_548. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24874 is a vulnerability in xray-monolith. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24897 is a path traversal in Erugo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24898 is a authentication bypass in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24908 is a SQL injection in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24936 is an improper input validation in ADM. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24956: a SQL injection in Download Manager Addons for Elementor. Patched version and vendor advisory inside.
CVE-2026-24960 is a unrestricted file upload in zozothemes Charety. This page lists the verified fix and inline mitigations.
CVE-2026-24968 is a vulnerability in Xagio SEO. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24971 is a vulnerability in Search & Go. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24989 is an unsafe deserialization in SUMO Affiliates Pro. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24993: a SQL injection in Advanced WooCommerce Product Sales Repor. Patched version and vendor advisory inside.
CVE-2026-25029 is an unsafe deserialization in KIDZ. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25030 is an unsafe deserialization in Goldish. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25031 is an unsafe deserialization in Tasty Daily. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25032 is an unsafe deserialization in Ricky. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25035 is an authentication bypass in Contest Gallery. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25047 is a vulnerability in deepHas. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25049 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25052 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25053 is an OS command injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25056 is an unrestricted file upload in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25057 is a path traversal in Markus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25069: a path traversal in Pironman Dashboard (pm_dashboard). Patched version and vendor advisory inside.
CVE-2026-25070: XikeStor SKS8310-8X PingTestSet Command Injection in XikeStor SKS8310-8X. Patch commands and verification.
CVE-2026-25084 is an authentication bypass in ZLAN5143D. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25115 is an authentication bypass in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25130 is an OS command injection in cai. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25134 is a vulnerability in groupoffice. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25137 is a vulnerability in nixpkgs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25141 is a code injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25142 is a code injection in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25146 is a information exposure in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25150 is a vulnerability in qwik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25160 is a code injection in alist. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25192 is an authentication bypass in Chargeportal. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25197: Gardyn Cloud API Authorization Bypass Through User-Controlled Key in Cloud API. Patch commands and verification.
CVE-2026-25199 exposure of sensitive information to an unauthorized actor in Apache CloudStack. Runnable upgrade commands and verification s
CVE-2026-25200 is an unrestricted file upload in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-25202 is a hard-coded credentials in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-25212 is a n/a in the vendor n/a. CVSS 9.9 Critical. Patch commands, mitigations, and verification.
CVE-2026-25227 is a code injection in authentik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25237 is a vulnerability in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25238 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25241 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25244 is an OS command injection in webdriverio. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25293 is a buffer overflow in Snapdragon. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-25340 is a SQL injection in Jobmonster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25345 is an access control bypass in SimpLy Gallery. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25366 is a code injection in Woody ad snippets. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25371 is a SQL injection in Lumise Product Designer. Verified patched version, official vendor advisory, and how to confirm the fix