● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
BeyondTrust has fixed vulnerabilities in the products Remote Support and Privileged Remote Access. The vulnerabilities affect multiple aspects of the products Remote Support and Privileged Remote Access. There is a pre-authentication vulnerability that allows a network-based atta…
GitLab has fixed multiple vulnerabilities in GitLab Enterprise Edition (EE) and Community Edition (CE) in versions ranging from 9.1 to before 18.11.7, 19.0 to before 19.0.4, and 19.1 to before 19.1.2. The vulnerabilities include: - Creating repositories with discrepancies between…
Ubiquiti Networks has fixed vulnerabilities in various UniFi products, including UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application, and UniFi Protect Application. The vulnerabilities affect multiple UniFi products and…
Rancher Labs has fixed vulnerabilities in Rancher versions 2.13.0 to 2.13.7 and 2.14.0 to 2.14.3. The first vulnerability concerns a SAML authentication replay issue in the Assertion Consumer Service (ACS) handler in Rancher versions 2.14.0 to, but not including, 2.14.3. The ACS …
GitHub has fixed multiple vulnerabilities in GitHub Enterprise Server, specifically in versions prior to 3.21 and 3.22. The first vulnerability concerns a stored cross-site scripting (XSS) where authenticated attackers can inject malicious JavaScript payloads into Discussion titl…
Cisco has fixed a vulnerability in Cisco Catalyst Center. The vulnerability lies in the insufficient validation of user-supplied input, which can be manipulated via specially crafted HTTP requests to gain access to files within a restricted container. This allows unauthenticated …
Adobe has fixed multiple vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unrestricted upload of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting (XSS), a…
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway related to insufficient input validation, improper access control, and incorrect memory release. The vulnerabilities with CVE-2026-8451 and CVE-2026-10817 arise from insufficient input validation, where the s…
Apple has fixed multiple vulnerabilities in iOS and iPadOS. The vulnerabilities include out-of-bounds access, use-after-free, memory handling errors, insufficient input validation, type confusion, double free, stack overflow, race conditions, and path handling issues. These error…
Apple has fixed multiple vulnerabilities in macOS Tahoe. The vulnerabilities included out-of-bounds access, use-after-free, memory handling errors, type confusion, double free, stack overflow, insufficient input validation, and race conditions. These could lead to unexpected cras…
MISP has fixed multiple vulnerabilities in the MISP platform. The vulnerabilities include manipulating client-supplied primary and foreign keys by authenticated users, leading to unauthorized data overwriting, ownership transfer, and modification of record scopes. Furthermore, th…
n8n has fixed multiple vulnerabilities in the n8n workflow automation platform, specifically in versions prior to 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2. The vulnerabilities affect various components of the n8n platform. Authenticated users with workflow editing rights can …
GitLab Inc. has fixed multiple vulnerabilities in GitLab Enterprise Edition (EE) and other GitLab versions, specifically in releases from version 8.3 to 19.1.1, with emphasis on versions around 18.11.6, 19.0.3, and 19.1.1. The vulnerabilities affect various components of GitLab, …
libssh has fixed vulnerabilities in libssh2 up to version 1.11.1. The first vulnerability concerns a pre-authentication denial of service in the SSH_MSG_EXT_INFO handler. A malicious SSH server can send a specially crafted extension_count value, causing the client to enter a CPU …
MongoDB has fixed multiple vulnerabilities in MongoDB Server. The vulnerabilities affect various components of MongoDB Server. A vulnerability in the logging mechanisms can lead to full authentication credentials, including sensitive credentials, being logged in server logs witho…
Splunk has fixed multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities affect various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has assessed the vulnerability with CVE-2026-20253 in the PostgreSQL sidecar service endp…
Cisco has fixed multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative rights can …
Oracle has fixed multiple vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Co…
Oracle has fixed multiple vulnerabilities in Oracle JD Edwards EnterpriseOne, including the Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing modules, specifically for versions 9.2.0.0 to 9.2.26.2. The vulnerabilities in Ora…
Oracle has fixed vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. The vulnerabilities are present in various Oracle MySQL products and versions. In MySQL Shell for VS Code (version 2026.2.0+9.6.1), attackers with low privileges…
Oracle has fixed vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools (versions 8.61 and 8.62) and PeopleSoft Enterprise CS Campus Community and Student Financials (version 9.2.38). The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.6…
Oracle has fixed multiple vulnerabilities in Oracle VM VirtualBox version 7.2.8. The vulnerabilities are present in various components of Oracle VM VirtualBox 7.2.8, including Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlyi…
Oracle has fixed multiple vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges and network access via HTTP or HTTPS to gain full contr…
Oracle has fixed vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Manageme…
Oracle has fixed vulnerabilities in Oracle Communications. The vulnerabilities are in two underlying products: SQLite and Log4j and have been previously fixed by the developers of these products. Oracle has incorporated the updates into its own software. In SQLite, a remote attac…
Cisco has fixed a vulnerability in Cisco Catalyst SD-WAN Manager. The vulnerability is in the web user interface of Cisco Catalyst SD-WAN Manager and concerns a directory traversal flaw. This is caused by improper input validation during the file upload process. An authenticated …
Check Point has fixed vulnerabilities in Remote and Mobile Access VPN products, specifically for implementations using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments using the outdated …
Fortinet has fixed a vulnerability in FortiPortal versions 7.0 to 7.4.7. The vulnerability concerns the FortiPortal API endpoints, where an external attacker with an organizational user role can access sensitive network configuration data via specially crafted HTTP requests. Thes…
GitLab has fixed multiple vulnerabilities in GitLab Community Edition and Enterprise Edition (EE) versions ranging from 12.0 to 19.0.2, including major releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. The vulnerabilities affect various components of GitLab CE & EE. Authentica…
Oracle has fixed a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. The vulnerability allows unauthenticated attackers to exploit the system remotely via HTTP. This can lead to remote code execution, potentially resulting in full system takeover. …