CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is…
Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users…
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a…
Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. …
Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software producers that provide the…
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info academylms -- academy_lms_-_elearning_and_online_course_solution_for_wordpress The Academy LMS - eLearning and online course solution for WordPress…
Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA…
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acowebs -- pdf_invoices_and_packing_slips_for_woocommerce The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress…
Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. …
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability CISA urges organizations to review the following…
