AI-Powered Cyber Threat Intelligence
🟠HIGH Severity Overview CVSS Base Score: 8.8 Severity: HIGH CVSS Version: 3.1 Priority: High priority Summary Improper Input Validation, Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits … Read more
🟠HIGH Severity Overview CVSS Base Score: 8.8 Severity: HIGH CVSS Version: 3.1 Priority: High priority Summary Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and … Read more
🟠HIGH Severity Overview CVSS Base Score: 8.6 Severity: HIGH CVSS Version: 3.1 Priority: High priority Summary Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this … Read more
🟠HIGH Severity Overview CVSS Base Score: 7.8 Severity: HIGH CVSS Version: 3.1 Priority: Elevated priority Summary Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . Analyst Takeaway This vulnerability is already in CISA KEV, … Read more
🟠HIGH Severity Overview CVSS Base Score: 7.8 Severity: HIGH CVSS Version: 3.1 Priority: Elevated priority Summary Windows Common Log File System Driver Elevation of Privilege Vulnerability Analyst Takeaway This vulnerability is already in CISA KEV, which means exploitation has been observed in the wild and the issue should be treated as active risk rather … Read more
🟠HIGH Severity Overview CVSS Base Score: 8.8 Severity: HIGH CVSS Version: 3.1 Priority: High priority Summary Microsoft Exchange Server Remote Code Execution Vulnerability Analyst Takeaway This vulnerability is already in CISA KEV, which means exploitation has been observed in the wild and the issue should be treated as active risk rather than theoretical exposure. … Read more
🟠HIGH Severity Overview CVSS Base Score: 7.8 Severity: HIGH CVSS Version: 3.1 Priority: Elevated priority Summary Improper link resolution before file access (‘link following’) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Analyst Takeaway This vulnerability is already in CISA KEV, which means exploitation has been observed in … Read more
🟠HIGH Severity Overview CVSS Base Score: 7.8 Severity: HIGH CVSS Version: 3.1 Priority: Elevated priority Summary Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to … Read more
🟠HIGH Severity Overview CVSS Base Score: 7.8 Severity: HIGH CVSS Version: 3.1 Priority: Elevated priority Summary TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the … Read more
🟠HIGH Severity Overview CVSS Base Score: 8.8 Severity: HIGH CVSS Version: 3.1 Priority: High priority Summary Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Analyst Takeaway This vulnerability … Read more