● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
[Update on June 11, 2026] On June 9, 2026, Microsoft released corrective versions. [Initial publication] On May 14, 2026, Microsoft published a security notice regarding the vulnerability CVE-2026-42897 affecting Exchange Server. It allows an unauthenticated attacker to cause...
On October 15, 2025, F5 published a security notice regarding, among other things, the vulnerability CVE-2025-53521. This affects BIG-IP APM and allows an unauthenticated attacker to execute code remotely. On March 29, 2026, the vendor indicates that this vulnerability is activel…
CERT-FR observes a resurgence of attack campaigns targeting instant messaging accounts. These campaigns particularly target governmental sectors (political figures, administration executives) but also civil society personnel performing functions...
A vulnerability has been discovered in Cisco Catalyst SD-WAN. It allows an attacker to bypass security policy. Cisco states that the vulnerability CVE-2026-20127 is actively being exploited.
[Update on February 9, 2026] On February 6, 2026, Ivanti made RPM detection scripts for indicators of compromise available, to be used depending on the installed version of EPMM. The vendor also updated its analysis guide (see Documentation section). [Update on February 2...
[Update on December 11, 2025] CERT-FR is aware of multiple exploitations of the vulnerability CVE-2025-55182. Servers with a vulnerable version exposed after the public proof of concept release on December 5, 2025, should be considered compromised....
[Update on November 7, 2025] On November 5, 2025, Cisco updated its blog post originally published on September 25, 2025 (see Documentation section). The vendor states it is aware of a new attack affecting vulnerable ASA and FTD devices, causing a denial...
On August 26, 2025, Citrix published a security bulletin (see Documentation section) regarding, among other things, the vulnerability CVE-2025-7775. This allows for remote code execution and affects all versions of Citrix NetScaler ADC and NetScaler Gateway, in certain...
[Update on August 7, 2025] On August 6, 2025, SonicWall updated part of its initial statement to indicate that the mentioned security incidents were likely correlated to the vulnerability CVE-2024-40766. This was addressed in a security bulletin, SNWLID-2024-0015 (see...
[Update on July 23, 2025] On July 20, 2025, Microsoft released patches for a vulnerability of insufficient path traversal affecting SharePoint Enterprise Server 2016, SharePoint Server 2019 and...
[Update on July 17, 2025] The vendor has published a link containing a method for assessing attempts to exploit in application and system logs [12]. [Update on July 7, 2025] On June 17, 2025, Citrix released a security bulletin...
[Update on June 6, 2025] A proof of concept is publicly available. [Initial release] On June 1, 2025, Roundcube released patches for a critical vulnerability affecting its email portal as well as all products including it (for example, cPanel and...
[Update on May 15, 2025] A proof of concept is publicly available on the Internet. [Initial release] On May 13, 2025, Ivanti released two security advisories regarding vulnerabilities CVE-2025-4427 and CVE-2025-4428. The combined use of these two vulnerabilities allows...
On May 13, 2025, Fortinet released a security advisory regarding the vulnerability CVE-2025-32756. This allows an unauthenticated attacker to execute arbitrary code remotely. The vendor indicates that this vulnerability is actively exploited. Exploits observed so far...
On April 24, 2025, SAP released a security bulletin regarding the vulnerability CVE-2025-31324 that allows for remote arbitrary code execution for an unauthenticated user. This vulnerability is caused by a security policy bypass that allows uploading...
Fortinet published a blog post on April 10, 2025, indicating the use of a post-exploitation technique that allows for a breach of data confidentiality across the entire system of affected Fortigate devices. This technique relies on the use of a link...
[Update on April 11, 2025] CERT-FR is aware of a public proof of concept allowing for remote arbitrary code execution. [Update on April 4, 2025] CERT-FR is aware of a public proof of concept allowing for a shutdown of...
[Update on January 28, 2025] A proof of concept for exploiting this vulnerability is publicly available. On January 14, 2025, Fortinet released a security advisory regarding the critical vulnerability CVE-2024-55591 affecting FortiOS and FortiProxy. It allows an...
A zero-day stack overflow vulnerability has been discovered in Ivanti Connect Secure (ICS), Policy Secure (IPS), Neurons for Zero Trust Access (ZTA) gateways. This vulnerability, identified as CVE-2025-0282, allows an unauthenticated attacker to cause remote code execution...
On November 8, 2024, Palo Alto Networks released a security advisory regarding a critical vulnerability in certain Palo Alto Networks firewalls. It allows an unauthenticated attacker to execute arbitrary code remotely on the administration interface of the devices. The vendor...
[Update on January 14, 2025] Release of patches On January 14, 2025, Fortinet released a security advisory regarding the vulnerability CVE-2024-50566 which corresponds to the zero-day vulnerability for which a proof of concept was published in November 2024. Some...
Ivanti has released several security advisories on vulnerabilities affecting CSA that are actively exploited: * On September 10, 2024, Ivanti released a security advisory regarding the vulnerability CVE-2024-8190 that allows an attacker, authenticated as an administrator, to exec…
[Update on October 10, 2024] On September 28, 2024, Elastic Security Labs released detection rules in the vendor's proprietary format (see Documentation section), which are confirmed by CERT-FR analyses for detecting known attacks. [Initial release] From...
On August 22, 2024, Sonicwall released a patch for the critical vulnerability CVE-2024-40766 affecting Sonicwall generation 5, 6, and 7 firewalls. This vulnerability, of the type access control failure, allows an attacker to cause a remote denial of service, a breach of...
On August 4, 2024, Roundcube released patches for critical vulnerabilities CVE-2024-42008 and CVE-2024-42009 affecting its email server. These vulnerabilities allow for indirect remote code injections (XSS) that can, for example, lead to the retrieval of...
On July 1, 2024, OpenSSH published a security advisory regarding the critical vulnerability CVE-2024-6387. This vulnerability allows an unauthenticated attacker to execute arbitrary code remotely with *root* privileges. The vendor specifies that versions 8.5p1 to 9.7p1 are...
[Update on May 31, 2024] Proofs of concept are now publicly available on the Internet. Additionally, the vendor indicates that it has detected compromise attempts since April 7, 2024. [Initial Publication] A vulnerability was discovered in Check Point products....
On April 24, 2024, Cisco published three security advisories regarding vulnerabilities affecting ASA and FTD security equipment. Two of them concern vulnerabilities CVE-2024-20353 and CVE-2024-20359 which are actively exploited in targeted attacks. The vulnerability...
[Update on May 10, 2024] CERT-FR intervened to address a ransomware compromise within a French entity. In the context of this attack, the vulnerability was exploited to then lateralize within the victim's information system and...
[Update on March 15, 2024] Added clarification regarding NTLM challenge-responses [Update on February 22, 2024] Added recommendations and clarifications on the functioning of the vulnerability. The vulnerability CVE-2024-21413 allows an attacker to bypass security measures...
[Update on March 19, 2024] CERT-FR is aware of public exploit codes and new exploitation attempts. On February 8, 2024, Fortinet published the security advisory regarding the critical vulnerability CVE-2024-21762 affecting FortiOS SSL VPN. This vulnerability...
[Update on February 27, 2024] On January 29, 2024, ANSSI was alerted by BSI that the vendor AnyDesk Software GmbH suffered a data leak. The source code of the applications developed by the vendor as well as certificates and private keys may have been stolen. From...
[Update on January 29, 2024] On January 25, 2024, the vendor published a security advisory regarding several vulnerabilities affecting GitLab CE and EE. The vulnerability CVE-2024-0402 is considered critical with a CVSSv3 score of 9.9. It allows an authenticated attacker to write…
[Update on March 4, 2024] Ivanti published resolution recommendations for Ivanti Connect Secure or Policy Secure in virtual machine [16] on February 29. [Update on February 15, 2024] the vendor released patches for the following versions, which do not...
On December 4, 2023, Apache published a security advisory regarding the critical vulnerability CVE-2023-50164 affecting the Struts 2 framework. This vulnerability allows an unauthenticated attacker to upload a backdoor to a vulnerable server, thus executing arbitrary code...
[Update on November 22, 2023] The vendor published a document [3] on November 20, 2023, listing the various logs to analyze as well as the items to look for to identify activity that may be related to a compromise. Additionally, CISA published a security advisory on the 21...
[Update on November 2, 2023] Version 17.3.8a is available. [Update on October 31, 2023] Technical details of the vulnerability CVE-2023-20198 are now publicly available. This vulnerability was already being widely exploited. All equipment exposing...
On September 27, 2023, Zero Day Initiative (ZDI) published six security advisories [1] regarding zero-day vulnerabilities affecting versions prior to 4.96.1 or 4.97 of the Exim Mail Transfer Agent (MTA). On October 1, 2023, the vendor...
On July 18, 2023, Citrix published a security advisory regarding several vulnerabilities. The most critical, with the CVE ID CVE-2023-3519, allows an unauthenticated attacker to execute arbitrary code remotely. The equipment is vulnerable if configured as...
[Update on July 26, 2023] Security patch released by the vendor On July 26, 2023, the vendor released a security patch [1] for this vulnerability registered as CVE-2023-37580. It is therefore strongly recommended to deploy patch P41 for all versions...