CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
January 5, 2023Zoho patches a newly disclosed high-severity SQL injection flaw in several ManageEngine products; attackers have historically targeted several ManageEngine products over the last three years.
CVE-2022-47939: Critical RCE Vulnerability in Linux Kernel
December 29, 2022A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation.
CVE-2022-27518: Unauthenticated RCE in Citrix ADC and Gateway
December 13, 2022Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
CVE-2022-42475: Fortinet Patches Zero Day in FortiOS SSL VPNs
December 12, 2022Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently.
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
September 30, 2022Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
September 14, 2022Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.
Microsoft’s July 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-22047)
July 12, 2022Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild.
CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild
May 31, 2022Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April.
Microsoft’s May 2022 Patch Tuesday Addresses 73 CVEs (CVE-2022-26925)
May 10, 2022Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.
Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
December 14, 2021Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild.