● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability.
The installer for Pupsman provided by Fuji Electric Co.,Ltd. contains multiple vulnerabilities.
Jena Fuseki provided by The Apache Software Foundation contains a path traversal vulnerability.
Web Config embedded in SEIKO EPSON multiple printers and scanners contains a cross-site request forgery vulnerability.
SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains an OS command injection vulnerability.
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability.
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability.
Fluentd provided by Fluentd Project contains multiple vulnerabilities.
ExpressUpdate Agent for Windows provided by NEC Corporation configures its named pipe with an improper access restriction.
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control.
RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains an OS command injection vulnerability.
ThingsBoard contains a prototype pollution vulnerability.
Optical Disc Archive Software for Windows provided by Sony Corporation is configured with improper file access permission settings.
PC Software EOS Network Setting Tool provided by Canon Inc. contains multiple vulnerabilities.
Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain a privilege escalation vulnerability.
CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries.
Multiple TP-Link products provided by TP-Link Systems Inc. contain Cleartext Transmission of Sensitive Information (CWE-319) vulnerability.
WordPress plugin "Zoho Mail for WordPress" provided by Zoho Corporation contains a cross-site request forgery vulnerability.
Archer BE450 and BE7200 provided by TP-Link contain an OS command injection vulnerability.
ServerView Agents for Windows provided by Fsas Technologies Inc. contains multiple vulnerabilities.
My Image Garden for macOS and CUPS Printer Driver for macOS provided by Canon Inc. contain a vulnerability that allows access to unintended files or directories due to improper resolving of links when accessing files.
Jupyter Server provided by Jupyter Development Team contains an open redirect vulnerability.
NEC Aterm series products provided by NEC Corporation contain an OS command injection vulnerability.