CVEs Archive - SOC Aggregator

CVE-2025-11371 — Gladinet CentreStack and Triofox — Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

CISA KEV•CVE-2025-11371•Gladinet CentreStack and Triofox• November 4, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-25

Details NVD

CVE-2025-48703 — CWP Control Web Panel — CWP Control Web Panel OS Command Injection Vulnerability

CISA KEV•CVE-2025-48703•CWP Control Web Panel• November 4, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-25

Details NVD

CVE-2025-24893 — XWiki Platform — XWiki Platform Eval Injection Vulnerability

CISA KEV•CVE-2025-24893•XWiki Platform• October 30, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-20

Details NVD

CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability

CISA KEV•CVE-2025-41244•Broadcom VMware Aria Operations and VMware Tools• October 30, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-20

Details NVD

CVE-2025-6205 — Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability

CISA KEV•CVE-2025-6205•Dassault Systèmes DELMIA Apriso• October 28, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-18

Details NVD

CVE-2025-6204 — Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability

CISA KEV•CVE-2025-6204•Dassault Systèmes DELMIA Apriso• October 28, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-18

Details NVD

CVE-2025-59287 — Microsoft Windows — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-59287•Microsoft Windows• October 24, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-14

Details NVD

CVE-2025-54236 — Adobe Commerce and Magento — Adobe Commerce and Magento Improper Input Validation Vulnerability

CISA KEV•CVE-2025-54236•Adobe Commerce and Magento• October 24, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-14

Details NVD

CVE-2025-61932 — Motex LANSCOPE Endpoint Manager — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability

CISA KEV•CVE-2025-61932•Motex LANSCOPE Endpoint Manager• October 22, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-12

Details NVD

CVE-2025-61884 — Oracle E-Business Suite — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

CISA KEV•CVE-2025-61884•Oracle E-Business Suite• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

CVE-2025-33073 — Microsoft Windows — Microsoft Windows SMB Client Improper Access Control Vulnerability

CISA KEV•CVE-2025-33073•Microsoft Windows• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

CVE-2025-2747 — Kentico Xperience CMS — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

CISA KEV•CVE-2025-2747•Kentico Xperience CMS• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

CVE-2025-2746 — Kentico Xperience CMS — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

CISA KEV•CVE-2025-2746•Kentico Xperience CMS• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

CVE-2022-48503 — Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability

CISA KEV•CVE-2022-48503•Apple Multiple Products• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

CVE-2025-54253 — Adobe Experience Manager (AEM) Forms — Adobe Experience Manager Forms Code Execution Vulnerability

CISA KEV•CVE-2025-54253•Adobe Experience Manager (AEM) Forms• October 16, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-06

Details NVD

CVE-2016-7836 — SKYSEA Client View — SKYSEA Client View Improper Authentication Vulnerability

CISA KEV•CVE-2016-7836•SKYSEA Client View• October 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-04

Details NVD

CVE-2025-6264 — Rapid7 Velociraptor — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability

CISA KEV•CVE-2025-6264•Rapid7 Velociraptor• October 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-04

Details NVD

CVE-2025-59230 — Microsoft Windows — Microsoft Windows Improper Access Control Vulnerability

CISA KEV•CVE-2025-59230•Microsoft Windows• October 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-04

Details NVD

CVE-2025-24990 — Microsoft Windows — Microsoft Windows Untrusted Pointer Dereference Vulnerability

CISA KEV•CVE-2025-24990•Microsoft Windows• October 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-04

Details NVD

CVE-2025-47827 — IGEL IGEL OS — IGEL OS Use of a Key Past its Expiration Date Vulnerability

CISA KEV•CVE-2025-47827•IGEL IGEL OS• October 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-04

Details NVD

CVE-2021-43798 — Grafana Labs Grafana — Grafana Path Traversal Vulnerability

CISA KEV•CVE-2021-43798•Grafana Labs Grafana• October 9, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-30

Details NVD

CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

CISA KEV•CVE-2025-27915•Synacor Zimbra Collaboration Suite (ZCS)• October 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-28

Details NVD

CVE-2025-61882 — Oracle E-Business Suite — Oracle E-Business Suite Unspecified Vulnerability

CISA KEV•CVE-2025-61882•Oracle E-Business Suite• October 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-28

Details NVD

CVE-2010-3765 — Mozilla Multiple Products — Mozilla Multiple Products Remote Code Execution Vulnerability

CISA KEV•CVE-2010-3765•Mozilla Multiple Products• October 6, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-10-27

Details NVD

1 2 3 … 7 »