● 79 entries

Vulnerabilities

3CX Supply Chain AttackA March 2023 cascading supply-chain attack in which North Korean actors trojanized the 3CX softphone, reaching downstream customers worldwide.
Broken Access ControlA class of vulnerabilities where authorization rules are missing or incorrectly enforced, letting users perform actions or reach data outside their privileges.
Broken AuthenticationA category of vulnerabilities where flaws in authentication or session management let attackers impersonate legitimate users or take over accounts.
Buffer OverflowA memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.
Cache PoisoningAn attack that stores a malicious response in a shared cache so that other users later receive the attacker's content.
CISA Known Exploited Vulnerabilities (KEV) CatalogA U.S. CISA-maintained list of CVEs with credible evidence of in-the-wild exploitation, paired with mandatory remediation deadlines for U.S. federal civilian agencies and widely used by enterprises as a priority signal.
Citrix Bleed (CVE-2023-4966)A memory disclosure flaw in Citrix NetScaler ADC and Gateway that leaks session tokens, enabling attackers to hijack authenticated sessions without credentials or MFA.
Codecov Bash Uploader CompromiseAn April 2021 supply-chain incident in which attackers modified the Codecov Bash Uploader script, exfiltrating CI/CD secrets from thousands of customers.
Cold Boot AttackA physical attack that recovers cryptographic keys and other secrets from RAM by rapidly powering off and re-reading the volatile memory before its contents fully decay.
ConnectWise ScreenConnect (CVE-2024-1709 / CVE-2024-1708)A February 2024 authentication-bypass (CVE-2024-1709, CVSS 10.0) and path-traversal (CVE-2024-1708, CVSS 8.4) in ConnectWise ScreenConnect that allowed unauthenticated administrative takeover of MSP-managed RMM servers, exploited en masse within hours.
CVE (Common Vulnerabilities and Exposures)A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
CVSS (Common Vulnerability Scoring System)An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.
CWE (Common Weakness Enumeration)A community-developed taxonomy of software and hardware weakness types — the underlying flaw classes that lead to vulnerabilities.
Dirty COW (CVE-2016-5195)A 2016 Linux kernel race condition in the copy-on-write handling of memory mappings that lets a local user gain root by writing to read-only files.
Dirty Pipe (CVE-2022-0847)A Linux kernel flaw that lets an unprivileged process overwrite the contents of arbitrary read-only files, including SUID binaries, leading to root.
Double FreeA memory-safety bug where the same heap chunk is freed twice, corrupting allocator metadata and often enabling arbitrary code execution.
DROWN Attack (CVE-2016-0800)A 2016 cross-protocol attack that uses an SSLv2-enabled server sharing keys with TLS to decrypt modern TLS sessions, undermining the security of HTTPS, SMTPS, and IMAPS.
EPSS (Exploit Prediction Scoring System)A data-driven model, maintained by FIRST, that estimates the probability a given CVE will be exploited in the wild within the next 30 days.
EternalBlue (CVE-2017-0144)An NSA-developed exploit for a 2017 Microsoft SMBv1 remote code execution vulnerability, leaked by the Shadow Brokers and used by WannaCry and NotPetya.
ExploitA piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
Fault InjectionA class of physical or logical attacks that deliberately induce abnormal conditions in hardware or software to bypass security checks or leak secrets.
Format String VulnerabilityA flaw caused by passing user-controlled input as the format string of printf-like functions, allowing attackers to read or write arbitrary memory.
Fortinet FortiOS / FortiManager 2024 Zero-DaysA 2024 series of pre-authentication vulnerabilities in Fortinet FortiOS, FortiProxy, FortiManager and the FortiGate SSL-VPN — including the FortiManager fgfmd flaw CVE-2024-47575 ('FortiJump') — exploited as zero-days by Chinese state-aligned actors.
GHOST Vulnerability (CVE-2015-0235)A 2015 heap buffer overflow in the GNU C Library (glibc) gethostbyname functions that could be triggered remotely to execute arbitrary code on Linux systems.
Hardware TrojanA malicious modification of an integrated circuit, inserted during design or fabrication, that triggers covert behaviour such as data leakage or denial of service.
Heap OverflowA buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables.
Heartbleed (CVE-2014-0160)A 2014 buffer over-read in OpenSSL's TLS heartbeat extension that let attackers read up to 64 KB of process memory per request, leaking keys, sessions, and passwords.
Horizontal Privilege EscalationA flaw that lets a user access resources or actions of another user with the same privilege level rather than gaining higher rights.
Host Header InjectionA vulnerability where an application trusts the HTTP Host (or X-Forwarded-Host) header to build URLs, allowing attackers to redirect users or poison caches.
HTTP Desync AttackA modern form of HTTP request smuggling that desynchronises a chain of proxies and servers to inject malicious traffic into other users' connections.
HTTP Request SmugglingAn attack that exploits disagreements between a front-end proxy and a back-end server on how an HTTP request ends, so an attacker can sneak a hidden second request through.
HTTP Response SplittingAn injection vulnerability where untrusted CR/LF characters in user input force the server to emit additional, attacker-controlled HTTP responses.
Insecure DeserializationA vulnerability where an application deserialises untrusted data, letting attackers instantiate arbitrary objects and frequently achieve remote code execution.
Insecure Direct Object Reference (IDOR)An access-control flaw where an application exposes references to internal objects and lets a user change them to access data that does not belong to them.
Integer OverflowA bug where an arithmetic operation produces a value outside the representable range of its integer type, wrapping or truncating in security-critical ways.
Ivanti Connect Secure Zero-Days (CVE-2023-46805, CVE-2024-21887)Two chained zero-day vulnerabilities in Ivanti Connect Secure VPN appliances exploited by suspected Chinese espionage actors in late 2023 and early 2024.
JetBrains TeamCity (CVE-2024-27198)An authentication bypass in JetBrains TeamCity on-premises that lets unauthenticated attackers take over administrative access and execute code as the build server.
Kaseya VSA Supply-Chain AttackA July 2021 supply-chain ransomware attack in which REvil exploited zero-days in Kaseya VSA to push ransomware to roughly 1,500 downstream organizations.
Known Exploited Vulnerability (KEV)A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.
LastPass Breach (2022)A two-stage 2022 intrusion at LastPass in which attackers stole source code and then exfiltrated encrypted customer vault backups from a cloud storage bucket.
Log4Shell (CVE-2021-44228)A critical December 2021 remote code execution vulnerability in Apache Log4j 2 that allowed attackers to run arbitrary code by logging a single JNDI lookup string.
Looney Tunables (CVE-2023-4911)A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions.
Mass AssignmentA vulnerability where an application blindly binds client-supplied request fields to internal object properties, letting attackers set fields they should not control.
MeltdownA microarchitectural vulnerability (CVE-2017-5754) that lets unprivileged code read kernel memory by exploiting out-of-order execution and a delayed permission check.
Memory CorruptionAn umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity.
Memory LeakA defect where memory that is no longer needed is not released back to the allocator, gradually exhausting available memory and degrading or crashing the system.
MOVEit Transfer SQLi (CVE-2023-34362)A SQL injection vulnerability in Progress MOVEit Transfer that allowed Cl0p to steal files from thousands of organizations in 2023.
N-Day VulnerabilityA publicly disclosed vulnerability for which a patch already exists, but which remains exploitable on systems that have not yet been updated.
Null Pointer DereferenceA bug in which a program reads or writes through a pointer whose value is null (or otherwise invalid), typically causing a crash and sometimes enabling exploitation.
Okta Support System Breach (2023)A September-October 2023 breach of Okta's customer support case management system that exposed HAR files containing session tokens for downstream customers.
Palo Alto GlobalProtect / PAN-OS 2024 Zero-DaysA 2024 series of pre-authentication command-injection vulnerabilities in Palo Alto Networks PAN-OS — most notably CVE-2024-3400 (GlobalProtect, CVSS 10) — exploited as zero-days by state-aligned actors and added to the CISA KEV catalog.
Parameter TamperingAn attack in which an adversary modifies parameters in HTTP requests, cookies, or hidden form fields to manipulate application behaviour.
POODLE Attack (CVE-2014-3566)A 2014 padding-oracle attack on SSL 3.0 (and some buggy TLS implementations) that lets a man-in-the-middle decrypt sensitive bytes of an HTTPS session.
PrintNightmare (CVE-2021-34527)A 2021 Windows Print Spooler vulnerability that let a low-privileged user install a malicious print driver and execute code with SYSTEM privileges.
Privilege EscalationA class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.
Proof-of-Concept ExploitA minimal, often non-weaponized piece of code that demonstrates a vulnerability is real and exploitable, typically published for research or coordinated disclosure.
Prototype PollutionA JavaScript vulnerability where untrusted input modifies Object.prototype, injecting properties into every object and changing application behaviour or leading to RCE.
ProxyLogon (CVE-2021-26855)A 2021 server-side request forgery in Microsoft Exchange Server that, chained with three other CVEs, allowed unauthenticated attackers to take over on-prem Exchange.
ProxyShellA 2021 exploit chain in Microsoft Exchange Server (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) that combined three flaws into unauthenticated remote code execution.
PwnKit (CVE-2021-4034)A local privilege-escalation vulnerability in the Polkit pkexec utility that lets any unprivileged user gain root on most Linux distributions.
Race ConditionA defect where the security or correctness of a system depends on the timing or ordering of concurrent operations, allowing attackers to interleave actions and bypass checks.
regreSSHion (CVE-2024-6387)An unauthenticated remote code execution flaw in OpenSSH server caused by a signal handler race condition reachable before authentication.
RowhammerA hardware vulnerability in DRAM where repeatedly activating one memory row causes bit flips in physically adjacent rows, undermining memory integrity.
Shellshock (CVE-2014-6271)A 2014 GNU Bash vulnerability that let attackers run arbitrary commands by setting specially crafted environment variables passed to Bash through other programs.
Side-Channel AttackAn attack that recovers secrets from a system by observing physical or implementation characteristics — timing, power, electromagnetic emissions, caches, acoustic signals — rather than logical flaws.
SolarWinds SunburstA 2020 supply-chain attack in which a backdoor named Sunburst was inserted into SolarWinds Orion updates, compromising US government agencies and global enterprises.
SpectreA family of microarchitectural attacks that abuse CPU speculative execution to leak data across security boundaries via cache-based side channels.
Spring4Shell (CVE-2022-22965)A 2022 remote code execution vulnerability in Spring Framework caused by unsafe data binding on JDK 9+ that let attackers manipulate Tomcat properties to deploy a web shell.
Stack Overflow VulnerabilityA buffer overflow that occurs on the program stack, typically overwriting the saved return address or local function pointers to redirect execution.
Timing AttackA side-channel attack that recovers secret information by measuring how long an operation takes under different inputs.
TOCTOU VulnerabilityA time-of-check to time-of-use race condition where the state checked by a security decision is changed before the corresponding action is performed.
Use-After-FreeA memory-safety bug where a program continues to use memory after it has been freed, often allowing attackers to control object state and hijack execution.
Vertical Privilege EscalationA flaw that lets a low-privileged user obtain higher-privileged rights — typically administrator, root, or SYSTEM.
VulnerabilityA weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
Weaponized ExploitA reliable, fully developed exploit ready for real-world use — typically integrated into malware, intrusion frameworks, or attacker tradecraft.
Web Cache DeceptionAn attack where a malicious URL tricks an intermediary cache into storing a victim's authenticated, sensitive response under a publicly cacheable path.
Zero-Day ExploitWorking exploit code for a vulnerability that the vendor does not yet know about, or for which no patch is available — extremely valuable to attackers.
Zero-Day VulnerabilityA security flaw that is unknown to the vendor (or for which no patch yet exists) at the moment it is discovered or exploited.
Zerologon (CVE-2020-1472)A cryptographic flaw in Microsoft's Netlogon protocol that lets a network attacker reset a Domain Controller's machine password and seize Active Directory.