{"page":1,"per_page":25,"total_vulns":1588,"total_pages":64,"vulnerabilities":[{"_id":"69e687215a9d39622b659e22","cveID":"CVE-2024-27199","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199","product":"TeamCity","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.","vendorProject":"JetBrains","vulnerabilityName":"JetBrains TeamCity Relative Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.3,"nvdReferences":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive","source":"cve@jetbrains.com","tags":["Press/Media Coverage"]},{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]},{"url":"https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Stuub/RCity-CVE-2024-27199"],"openThreatData":[{"adversaries":["Thallium","Earth Lamia","Storm-1175"],"malwareFamiles":["Bypassboss","Brute ratel","Pulsepack","Cobalt strike - s0154","Xworm","Xmrig","Sparkrat","Vshell","Kimsuky","Medusa","Jasmin","Blankgrabber"],"affectedIndustries":["Transportation","Technology","Education","Finance","Government","Retail"],"communityAdversaries":["Thallium","Kimsuky","Earth Lamia","Silver Fox, Powercat, BRUSHWORM and BRUSHLOGGER, Blank Grabber, Infiniti Stealer"],"communityMalwareFamilies":["Bypassboss","Brute ratel","Cobalt strike","Cobalt strike - s0154","Pulsepack","Xworm","Sparkrat","Xmrig","Vshell","Kimsuky","Trend pattern","Jasmin","Blankgrabber"],"communityAffectedIndustries":["Transportation","Technology","Education","Finance","Government","Retail"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e21","cveID":"CVE-2025-32975","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975","product":"KACE Systems Management Appliance (SMA)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.","vendorProject":"Quest","vulnerabilityName":"Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":10.0,"nvdReferences":[{"url":"https://seclists.org/fulldisclosure/2025/Jun/22","source":"cve@mitre.org"},{"url":"https://seralys.com/research/CVE-2025-32975.txt","source":"cve@mitre.org"},{"url":"https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2025/Jun/25","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32975","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e20","cveID":"CVE-2026-20128","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128","product":"Catalyst SD-WAN Manager","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"HIGH","baseSeverity":"HIGH","exploitabilityScore":0.8,"baseScore":7.5,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1f","cveID":"CVE-2025-48700","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700","product":"Zimbra Collaboration Suite (ZCS)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.","vendorProject":"Synacor","vulnerabilityName":"Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.1,"nvdReferences":[{"url":"https://wiki.zimbra.com/wiki/Security_Center","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy","source":"cve@mitre.org","tags":["Product"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48700","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1e","cveID":"CVE-2023-27351","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351","product":"NG/MF","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.","vendorProject":"PaperCut","vulnerabilityName":"PaperCut NG/MF Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.5,"nvdReferences":[{"url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-232/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-232/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Storm-1175"],"malwareFamiles":["Medusa"],"affectedIndustries":[],"communityAdversaries":["Mango Sandworm","APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage","Test Adversary2"],"communityMalwareFamilies":["\"prepending (enc) ransomware\" (not an official name)","Meterpreter","Truebot","Gopuram","Qakbot","#aggr:autoit/banload","Syncro rmm","Cobalt strike","Atera rmm","Medusa locker","Cl0p","Immortal stealer"],"communityAffectedIndustries":["Government","Healthcare","Finance","Educational services","Education","Public administration","Transportation","Technology","Aerospace","Construction","Other services","Energy","Defense","Chemical","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1d","cveID":"CVE-2025-2749","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749","product":"Kentico Xperience","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.","vendorProject":"Kentico","vulnerabilityName":"Kentico Xperience Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.2,"nvdReferences":[{"url":"https://devnet.kentico.com/download/hotfixes","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/kentico-xperience-staging-media-file-upload-authenticated-rce","source":"disclosure@vulncheck.com"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2749","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1c","cveID":"CVE-2026-20133","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133","product":"Catalyst SD-WAN Manager","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.5,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1b","cveID":"CVE-2026-20122","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122","product":"Catalyst SD-WAN Manger","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":5.4,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e125f9bf2904da36e09391","cveID":"CVE-2026-34197","dateAdded":"2026-04-16","dueDate":"2026-04-30","notes":"https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197","product":"ActiveMQ","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.","vendorProject":"Apache","vulnerabilityName":"Apache ActiveMQ Improper Input Validation Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/06/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/keraattin/CVE-2026-34197","https://github.com/hg0434hongzh0/CVE-2026-34197","https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197","https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE","https://github.com/DEVSECURITYSPRO/CVE-2026-34197","https://github.com/dinosn/CVE-2026-34197","https://github.com/0xBlackash/CVE-2026-34197"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69de82f92c5c1df9d4b24d23","cveID":"CVE-2026-32201","dateAdded":"2026-04-14","dueDate":"2026-04-28","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201","product":"SharePoint Server","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SharePoint Server Improper Input Validation Vulnerability","nvdData":[{"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Undergoing Analysis"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69de82f92c5c1df9d4b24d22","cveID":"CVE-2009-0238","dateAdded":"2026-04-14","dueDate":"2026-04-28","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238","product":"Office","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Office Remote Code Execution","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"http://blogs.zdnet.com/security/?p=2658","source":"secure@microsoft.com"},{"url":"http://isc.sans.org/diary.html?storyid=5923","source":"secure@microsoft.com"},{"url":"http://securitytracker.com/id?1021744","source":"secure@microsoft.com"},{"url":"http://www.microsoft.com/technet/security/advisory/968272.mspx","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/33870","source":"secure@microsoft.com"},{"url":"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99","source":"secure@microsoft.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2009/1023","source":"secure@microsoft.com"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009","source":"secure@microsoft.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968","source":"secure@microsoft.com"},{"url":"http://blogs.zdnet.com/security/?p=2658","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://isc.sans.org/diary.html?storyid=5923","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securitytracker.com/id?1021744","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.microsoft.com/technet/security/advisory/968272.mspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/33870","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2009/1023","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1f","cveID":"CVE-2026-34621","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621","product":"Acrobat and Reader","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.","vendorProject":"Adobe","vulnerabilityName":"Adobe Acrobat and Reader Prototype Pollution Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":8.6,"nvdReferences":[{"url":"https://helpx.adobe.com/security/products/acrobat/apsb26-43.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/eduardorossi84/CVE-2026-34621-POC","https://github.com/NULL200OK/cve_2026_34621_advanced"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1e","cveID":"CVE-2026-21643","dateAdded":"2026-04-13","dueDate":"2026-04-16","notes":"https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643","product":"FortiClient EMS","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet SQL Injection Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-1142","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21643","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/0xBlackash/CVE-2026-21643","https://github.com/alirezac0/CVE-2026-21643","https://github.com/DarkSploits/CVE-2026-21643-Exploit"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["APT41, Floki, Cifrat, LucidRook, Lumma Stealer, Winnti ELF Backdoor, Delphi, Infiniti Stealer"],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1d","cveID":"CVE-2020-9715","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715","product":"Acrobat","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Adobe Acrobat contains a use-after-free vulnerability that allows for code execution","vendorProject":"Adobe","vulnerabilityName":"Adobe Acrobat Use-After-Free Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/","source":"psirt@adobe.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/","source":"psirt@adobe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/WonjunChun/CVE-2020-9715"],"openThreatData":[{"adversaries":["Kimsuky"],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1c","cveID":"CVE-2023-36424","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Out-of-Bounds Read Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Nassim-Asrir/CVE-2023-36424"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1b","cveID":"CVE-2023-21529","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529","product":"Exchange Server","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21529","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Storm-1175"],"malwareFamiles":["Medusa"],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":["Parsecab"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1a","cveID":"CVE-2025-60710","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows contains a link following vulnerability that allows for privilege escalation","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Link Following Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e19","cveID":"CVE-2012-1854","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854","product":"Visual Basic for Applications (VBA)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"http://www.us-cert.gov/cas/techalerts/TA12-192A.html","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950","source":"secure@microsoft.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA12-192A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1854","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69d699f9dfe26029866b76a5","cveID":"CVE-2026-1340","dateAdded":"2026-04-08","dueDate":"2026-04-11","notes":"Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please see: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0S-5.noarch.rpm ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0L-5.noarch.rpm ; https://nvd.nist.gov/vuln/detail/CVE-2026-1340","product":"Endpoint Manager Mobile (EPMM)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.","vendorProject":"Ivanti","vulnerabilityName":"Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["Prometei"],"malwareFamiles":["Prometei"],"affectedIndustries":["Manufacturing","Technology","Government","Healthcare","Construction"],"communityAdversaries":["APT27","Prometei","Cephalus Ransomware, Transparent Tribe, CRESCENTHARVEST, Keenadu, Cloudflare Pages \"Continue Read\" R","DKnife, Supply chain attack targeting dYdX, RCtea Botnet, ClawHavoc, CrashFix, Prometei","Threat"],"communityMalwareFamilies":["Beyondtrust","Ninja browser","Php","Prometei","Shinyhunters","Tesla","Lumma","Threat"],"communityAffectedIndustries":["Manufacturing","Technology","Government","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Healthcare","Construction"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69d3dad95bb1bb2de526433e","cveID":"CVE-2026-35616","dateAdded":"2026-04-06","dueDate":"2026-04-09","notes":"Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099 ; https://nvd.nist.gov/vuln/detail/CVE-2026-35616","product":"FortiClient EMS","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet FortiClient EMS Improper Access Control Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-099","source":"psirt@fortinet.com","tags":["Vendor Advisory","Patch"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/0xBlackash/CVE-2026-35616","https://github.com/fevar54/CVE-2026-35616-detector.py","https://github.com/keraattin/CVE-2026-35616"],"openThreatData":[{"adversaries":["Bitter"],"malwareFamiles":["Tospy","Dracarys","Prospy"],"affectedIndustries":["Media","Government"],"communityAdversaries":["APT41, Floki, Cifrat, LucidRook, Lumma Stealer, Winnti ELF Backdoor, Delphi, Infiniti Stealer","Bitter"],"communityMalwareFamilies":["Tospy","Dracarys","Prospy"],"communityAffectedIndustries":["Media","Government"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69cedb2952148e000768a47f","cveID":"CVE-2026-3502","dateAdded":"2026-04-02","dueDate":"2026-04-16","notes":"https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502","product":"Client","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.","vendorProject":"TrueConf","vulnerabilityName":"TrueConf Client Download of Code Without Integrity Check Vulnerability","nvdData":[{"attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.8,"nvdReferences":[{"url":"https://trueconf.com/blog/update/trueconf-8-5","source":"cve@checkpoint.com","tags":["Product","Release Notes"]},{"url":"https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/fevar54/CVE-2026-3502-Scanner---TrueConf-Vulnerability-Detection-Tool","https://github.com/fevar54/CVE-2026-3502---TrueConf-Client-Update-Hijacking-PoC"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69cd7b996777aea49d6c5d1c","cveID":"CVE-2026-5281","dateAdded":"2026-04-01","dueDate":"2026-04-15","notes":"This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281 ","product":"Dawn","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","vendorProject":"Google","vulnerabilityName":"Google Dawn Use-After-Free Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/491518608","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/umair-aziz025/CVE-2026-5281-Research-Toolkit","https://github.com/TheMalwareGuardian/CVE-2026-5281"],"openThreatData":[{"adversaries":["Bitter"],"malwareFamiles":["Prospy","Tospy","Dracarys"],"affectedIndustries":["Government","Media"],"communityAdversaries":["Bitter"],"communityMalwareFamilies":["Prospy","Tospy","Dracarys"],"communityAffectedIndustries":["Government","Media"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69cad899b27caf90a1b0e5e3","cveID":"CVE-2026-3055","dateAdded":"2026-03-30","dueDate":"2026-04-02","notes":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055","product":"NetScaler","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.","vendorProject":"Citrix","vulnerabilityName":"Citrix NetScaler Out-of-Bounds Read Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300","source":"50a63c94-1ea7-4568-8c11-eb79e7c5a2b5","tags":["Vendor Advisory"]},{"url":"https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/0xBlackash/CVE-2026-3055","https://github.com/l0lsec/check-cve-2026-3055-netscaler","https://github.com/fevar54/CVE-2026-3055-Scanner---Herramienta-de-Detecci-n","https://github.com/fevar54/CVE-2026-3055---Citrix-NetScaler-Memory-Overread-PoC"],"openThreatData":[{"adversaries":["Interlock Ransomware Group"],"malwareFamiles":["Plasmaloader","Ghostblade","Plasmagrid","Ghostknife","Ghostsaber"],"affectedIndustries":[],"communityAdversaries":["Insikt"],"communityMalwareFamilies":["Insikt"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69c6e419d021e4af7ea5d062","cveID":"CVE-2025-53521","dateAdded":"2026-03-27","dueDate":"2026-03-30","notes":"Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521","product":"BIG-IP","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"F5 BIG-IP AMP contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.","vendorProject":"F5","vulnerabilityName":"F5 BIG-IP Unspecified Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://my.f5.com/manage/s/article/K000156741","source":"f5sirt@f5.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["UTA0178","Interlock Ransomware Group"],"malwareFamiles":["Ghostknife","Plasmagrid","Plasmaloader","Ghostsaber","Ghostblade","Brickstorm"],"affectedIndustries":["Government","Technology"],"communityAdversaries":["STX RAT, Deploying NetSupport RAT via Compromised Websites, AngrySpark, Abusing n8n platform","UNC5221","TeamPCP"],"communityMalwareFamilies":["Scriptlet","Stx","Sendinput api","Brickstorm"],"communityAffectedIndustries":["Government","Empresarial","Technology","Finance"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69c57679310a8ca0647fc47d","cveID":"CVE-2026-33634","dateAdded":"2026-03-26","dueDate":"2026-04-09","notes":"This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: https://github.com/advisories/GHSA-69fq-xp46-6x23 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33634","product":"Trivy","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.","vendorProject":"Aquasecurity","vulnerabilityName":"Aquasecurity Trivy Embedded Malicious Code Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/BerriAI/litellm/issues/24518","source":"security-advisories@github.com","tags":["Issue Tracking","Mitigation","Third Party Advisory"]},{"url":"https://github.com/aquasecurity/trivy/discussions/10425","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/pypa/advisory-database/tree/main/vulns/litellm/PYSEC-2026-2.yaml","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://inspector.pypi.io/project/litellm/1.82.7/packages/79/5f/b6998d42c6ccd32d36e12661f2734602e72a576d52a51f4245aef0b20b4d/litellm-1.82.7-py3-none-any.whl/litellm/proxy/proxy_server.py#line.130","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://inspector.pypi.io/project/litellm/1.82.8/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz/litellm-1.82.8/litellm_init.pth#line.1","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://www.wiz.io/blog/teampcp-attack-kics-github-action","source":"security-advisories@github.com","tags":["Not Applicable"]},{"url":"https://github.com/BerriAI/litellm/issues/24518#issuecomment-4127436387","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Mitigation","Third Party Advisory"]},{"url":"https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33634","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.microsoft.com/en-us/security/blog/2026/03/24/detecting-investigating-defending-against-trivy-supply-chain-compromise/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Technical Description"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/ugurrates/teampcp-supply-chain-attack","https://github.com/Unit221B/teampcp-tools","https://github.com/AshleyT3/docker-socket-risk-demos","https://github.com/fevar54/CVE-2026-33634-Scanner"],"openThreatData":[{"adversaries":["Interlock Ransomware Group"],"malwareFamiles":["Plasmagrid","Plasmaloader","Ghostknife","Ghostblade","Ghostsaber"],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"}]}