Monthly
Remote code execution in Veeam Service Provider Console versions 9.0 through 9.2 allows authenticated remote attackers to execute arbitrary code on the server, per the CVSS 4.0 vector requiring low privileges (PR:L) over the network. With a CVSS score of 9.4 and a scope change indicating impact beyond the vulnerable component (SC:H/SI:H/SA:H), successful exploitation could compromise managed downstream customer environments. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Improper authorization in GitLab CE/EE Jira Connect integration allows authenticated users with minimal workspace permissions to steal installation credentials and impersonate the GitLab application. Affects versions 14.3 through 18.8.6, 18.9.0-18.9.2, and 18.10.0. Vendor-released patches available in versions 18.8.7, 18.9.3, and 18.10.1. High CVSS score (8.1) reflects significant confidentiality and integrity impact with low attack complexity. No public exploit identified at time of analysis, though detailed disclosure exists via HackerOne report.
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution
Insufficient input validation in HIKSEMI NAS devices allows authenticated users to trigger denial of service conditions through malformed messages. An attacker with valid credentials can exploit this flaw to cause abnormal device behavior and availability disruptions without requiring user interaction. No patch is currently available to address this vulnerability.
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 28.8%.
Remote code execution in Veeam Service Provider Console versions 9.0 through 9.2 allows authenticated remote attackers to execute arbitrary code on the server, per the CVSS 4.0 vector requiring low privileges (PR:L) over the network. With a CVSS score of 9.4 and a scope change indicating impact beyond the vulnerable component (SC:H/SI:H/SA:H), successful exploitation could compromise managed downstream customer environments. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Improper authorization in GitLab CE/EE Jira Connect integration allows authenticated users with minimal workspace permissions to steal installation credentials and impersonate the GitLab application. Affects versions 14.3 through 18.8.6, 18.9.0-18.9.2, and 18.10.0. Vendor-released patches available in versions 18.8.7, 18.9.3, and 18.10.1. High CVSS score (8.1) reflects significant confidentiality and integrity impact with low attack complexity. No public exploit identified at time of analysis, though detailed disclosure exists via HackerOne report.
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution
Insufficient input validation in HIKSEMI NAS devices allows authenticated users to trigger denial of service conditions through malformed messages. An attacker with valid credentials can exploit this flaw to cause abnormal device behavior and availability disruptions without requiring user interaction. No patch is currently available to address this vulnerability.
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 28.8%.