Overview
Description
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
🚨 CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. https://radar.offseq.com/threat/cve-2026-3224-cwe-287-improper-authentication-cwe--6697497e #OffSeq #Vuln #CyberSecurity #JWT
Overview
Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
- IceWarp
- IceWarp
23 Dec 2025
Published
30 Dec 2025
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.29%
KEV
Description
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394.
Statistics
- 1 Post
Last activity: 4 hours ago
Bluesky
Overview
- Qualcomm, Inc.
- Snapdragon
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV
Description
Memory Corruption when accessing buffers with invalid length during TA invocation.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- Juniper Networks
- Junos OS Evolved
25 Feb 2026
Published
04 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.28%
KEV
Description
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.
The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.
Please note that this service is enabled by default as no specific configuration is required.
This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.
This issue does not affect Junos OS.
Statistics
- 1 Post
Last activity: 9 hours ago
Overview
- VMware
- VMware Aria Operations
- vmware-aria-operations
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.08%
KEV
Description
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.Â
To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .
Statistics
- 1 Post
Last activity: 4 hours ago
Overview
- Qualcomm, Inc.
- Snapdragon
02 Mar 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.04%
KEV
Description
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- AMD
- AMD EPYCâ„¢ 9004 Series Processors
06 Sep 2025
Published
03 Nov 2025
Updated
CVSS v3.1
LOW (3.2)
EPSS
0.02%
KEV
Description
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- Portwell
- Portwell Engineering Toolkits
03 Mar 2026
Published
03 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%
KEV
Description
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
Statistics
- 1 Post
Last activity: 13 hours ago
Fediverse
🚨 CVE-2026-3437 (CRITICAL, CVSS 9.3): Portwell Engineering Toolkits 4.8.2 lets local users escalate privileges or trigger DoS via memory access in driver. No patch yet — restrict local access, audit users, monitor! https://radar.offseq.com/threat/cve-2026-3437-cwe-119-improper-restriction-of-oper-291f400a #OffSeq #Vulnerability #ICS #InfoSec
Overview
- SEPPmail
- Secure Email Gateway
04 Mar 2026
Published
04 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
0.04%
KEV
Description
SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
Statistics
- 1 Post
Last activity: 10 hours ago