CVEs Archive - Page 10 of 30

CVE-2025-2775 — SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

CISA KEV•CVE-2025-2775•SysAid SysAid On-Prem• July 22, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-08-12

Details NVD

CVE-2025-53770 — Microsoft SharePoint — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-53770•Microsoft SharePoint• July 20, 2025

Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Due: 2025-07-21

Ransomware: Known

Details NVD

CVE-2025-25257 — Fortinet FortiWeb — Fortinet FortiWeb SQL Injection Vulnerability

CISA KEV•CVE-2025-25257•Fortinet FortiWeb• July 18, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-08-08

Details NVD

CVE-2025-47812 — Wing FTP Server Wing FTP Server — Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

CISA KEV•CVE-2025-47812•Wing FTP Server Wing FTP Server• July 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-08-04

Details NVD

CVE-2025-5777 — Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability

CISA KEV•CVE-2025-5777•Citrix NetScaler ADC and Gateway• July 10, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-11

Ransomware: Known

Details NVD

CVE-2014-3931 — Looking Glass Multi-Router Looking Glass (MRLG) — Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability

CISA KEV•CVE-2014-3931•Looking Glass Multi-Router Looking Glass (MRLG)• July 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-28

Details NVD

CVE-2016-10033 — PHP PHPMailer — PHPMailer Command Injection Vulnerability

CISA KEV•CVE-2016-10033•PHP PHPMailer• July 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-28

Details NVD

CVE-2019-5418 — Rails Ruby on Rails — Rails Ruby on Rails Path Traversal Vulnerability

CISA KEV•CVE-2019-5418•Rails Ruby on Rails• July 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-28

Details NVD

CVE-2019-9621 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability

CISA KEV•CVE-2019-9621•Synacor Zimbra Collaboration Suite (ZCS)• July 7, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-28

Details NVD

CVE-2025-6554 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CISA KEV•CVE-2025-6554•Google Chromium V8• July 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-23

Details NVD

CVE-2025-48927 — TeleMessage TM SGNL — TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

CISA KEV•CVE-2025-48927•TeleMessage TM SGNL• July 1, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-22

Details NVD

CVE-2025-48928 — TeleMessage TM SGNL — TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

CISA KEV•CVE-2025-48928•TeleMessage TM SGNL• July 1, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-22

Details NVD

CVE-2025-6543 — Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability

CISA KEV•CVE-2025-6543•Citrix NetScaler ADC and Gateway• June 30, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-21

Details NVD

CVE-2024-54085 — AMI MegaRAC SPx — AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability

CISA KEV•CVE-2024-54085•AMI MegaRAC SPx• June 25, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-16

Details NVD

CVE-2024-0769 — D-Link DIR-859 Router — D-Link DIR-859 Router Path Traversal Vulnerability

CISA KEV•CVE-2024-0769•D-Link DIR-859 Router• June 25, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-16

Details NVD

CVE-2019-6693 — Fortinet FortiOS — Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

CISA KEV•CVE-2019-6693•Fortinet FortiOS• June 25, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-16

Ransomware: Known

Details NVD

CVE-2023-0386 — Linux Kernel — Linux Kernel Improper Ownership Management Vulnerability

CISA KEV•CVE-2023-0386•Linux Kernel• June 17, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-08

Details NVD

CVE-2025-43200 — Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability

CISA KEV•CVE-2025-43200•Apple Multiple Products• June 16, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-07

Details NVD

CVE-2023-33538 — TP-Link Multiple Routers — TP-Link Multiple Routers Command Injection Vulnerability

CISA KEV•CVE-2023-33538•TP-Link Multiple Routers• June 16, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-07

Details NVD

CVE-2025-24016 — Wazuh Wazuh Server — Wazuh Server Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-24016•Wazuh Wazuh Server• June 10, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-01

Details NVD

CVE-2025-33053 — Microsoft Windows — Microsoft Windows External Control of File Name or Path Vulnerability

CISA KEV•CVE-2025-33053•Microsoft Windows• June 10, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-07-01

Details NVD

CVE-2025-32433 — Erlang Erlang/OTP — Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability

CISA KEV•CVE-2025-32433•Erlang Erlang/OTP• June 9, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-06-30

Details NVD

CVE-2024-42009 — Roundcube Webmail — RoundCube Webmail Cross-Site Scripting Vulnerability

CISA KEV•CVE-2024-42009•Roundcube Webmail• June 9, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-06-30

Details NVD

CVE-2025-5419 — Google Chromium V8 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

CISA KEV•CVE-2025-5419•Google Chromium V8• June 5, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-06-26

Details NVD

« 1 … 8 9 10 11 12 13 »