🏅 List Of Vulnerabilities 2022
Cyber alerts - NHS England Digital
· 2022 (232) 2022 (232) 2021 (289) ... Exploited Vulnerability in Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateway. CVE-2025-22457 could lead to remote code execution and has been exploited in the wild. March 2025.
Apr 9, 2025
Understanding the OWASP Top 10 Vulnerabilities in 2022
· The list isn't just some random collection of worries, either. It's based on real-world data and expert opinions, so it reflects what's actually happening out there. The 2022 edition is the most recent, and it's got some interesting changes compared to previous versions.
4 days ago
Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find
· CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. OWASP. OWASP Top 10 is an initiative that identifies and documents the top 10 security vulnerabilities in web applications. ... (2022-09-29 00:00 +00:00) CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a ...
2 days ago
Common VPN Vulnerabilities That Open The Door To Attackers
· VPN Vulnerabilities List: Real Threats from 2022–2025. Attackers aren’t working with hypotheticals. These are verified, documented vulnerabilities that have been actively exploited in real-world attacks between 2022 and 2025. If your VPN infrastructure isn’t regularly audited and patched, you’re likely exposed to one or more of them. ...
23 hours ago
Latest Published Vulnerabilities CVE - CVEFeed.io
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
2 days ago
Splunk Security Advisories Archive - Splunk Vulnerability Disclosure
· For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available. ... CVE-2022-23491 - certifi - Package Removed - High - NetWitness Logs and Packets removed the wheels folder which contains certifi package to remedy CVE-2022 ...
Apr 9, 2025
CISA Known Exploited Vulnerabilities Catalog - CVEFeed.io
· CVE-2025-31161 - CrushFTP Authentication Bypass Vulnerability - Action Due Apr 28, 2025 ( 12 days left ) Target Vendor : CrushFTP Description : CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
Apr 9, 2025
CVE-2022-49704 Common Vulnerabilities and Exposures - SUSE
· Secure your Linux systems from CVE-2022-49704. Stay ahead of potential threats with the latest security updates from SUSE. ... CVE-2022-49704 Common Vulnerabilities and Exposures. Upstream information. CVE-2022-49704 at MITRE. Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
Apr 9, 2025
Best Vulnerability Scanner 2022
25 Best Vulnerability Scanning Software Reviewed in 2025
· Discover the top vulnerability scanning tools for your team. Compare features, pros & cons, prices, and more in my complete guide.
25
4 days ago
15 Best Website Scanner to Find Security Vulnerabilities ... - Geekflare
· Probely is an automated vulnerability scanner that checks and reports APIs and web apps for security issues and helps businesses fix them. It makes use of its headless Chrome-based crawler to find vulnerabilities in JavaScript-heavy apps and single-page applications.
15
Apr 9, 2025
5 Vulnerability Management Tools for Your Business
· Learn how vulnerability management tools identify and address security weaknesses. Explore features, top tools, and tips for choosing the right solution.
5
Apr 9, 2025
Top 5 Vulnerability Scanning Tools in 2025 - AIMultiple
· This article explores the top five vulnerability scanning tools, providing an in-depth analysis of their features and capabilities.
5
5 days ago
11 BEST Vulnerability Scanning Tools (2025) - Guru99
· Review the BEST Web Vulnerability Scanner options. Ensure your website's security with top-rated tools tailored for optimal protection.
11
2 days ago
15 Best Web Vulnerability Scanner in 2025 to Protect Against Attacks
· Discover the best web vulnerability scanners to safeguard your website from hackers and cyber threats. Expert reviews, comparisons, and guides to help you choose the right tool.
15
Apr 9, 2025
16 Best Penetration Testing (Pentest) Tools - Geekflare
· Metasploit is an advanced penetration testing and vulnerability scanning framework with a library of over 1500 exploits and an extensive collection of modules and payloads. Metasploit is available in both open-source and commercial options and provides tools to scan and exploit detected vulnerabilities.
16
Apr 9, 2025
Best Network Scanning Tool Comparison | Nmap vs Zenmap vs Angry IP ...
· Choosing the best network scanning tool is crucial for cybersecurity professionals, ethical hackers, and system administrators. This blog compares widely used tools like Nmap, Zenmap, Angry IP Scanner, and Hping3, covering their use cases, command-line examples, outputs, strengths, and weaknesses. With the rise in ethical hacking and vulnerability assessments, knowing which scanner to use ...
6 days ago
Top Vulnerability Scanners 2022
15 Best Website Scanner to Find Security Vulnerabilities ... - Geekflare
· HostedScan Security is an online service that automates vulnerability scanning for any business. It provides 100% open-source scanners to scan networks, servers, and web applications for security risks. HostedScan offers a network vulnerability scanner to identify CVEs and outdated software. It also provides a web application scanner to detect ...
15
Apr 9, 2025
25 Best Vulnerability Scanning Software Reviewed in 2025
· Vulnerability Scanning Software Selection Criteria. When selecting the best vulnerability scanning software to include in this list, I considered common buyer needs and pain points like ease of integration and real-time threat detection. I also used the following framework to keep my evaluation structured and fair:
25
4 days ago
Top 10 Penetration Testing Companies and Service Providers (Rankings)
· Products: RATA Web Application Vulnerability Scanner, and RATA Network Vulnerability Scanner. Features: ... manual penetration testing, or both. With 8000+ tests, they scan your assets for CVEs, OWASP top 10, SANS 25, and cover all the tests required for ISO 27001, SOC2, HIPAA and GDPR compliance. Headquarters: USA Founded: 2018
10
6 days ago
10 BEST Vulnerability Scanning Tools (2025) - Guru99
· Vulnerability scanners are automated tools that constantly evaluate the software system’s security risks to identify security vulnerabilities. After investing over 80 hours into research, I have evaluated 40+ tools and compiled a list of the Best Vulnerability Scanning Tools, featuring both free and paid options.
10
2 days ago
Top 5 Vulnerability Scanning Tools in 2025 - AIMultiple
· Invicti leverages a web vulnerability scanner, which utilizes proprietary Proof-Based Scanning technology to identify and confirm vulnerabilities accurately, ensuring the results are not false positives. The tool is designed to assess application security by using both dynamic application security testing and interactive application security testing (DAST + IAST).
5
5 days ago
Best Network Scanning Tool Comparison | Nmap vs Zenmap vs Angry IP ...
· Choosing the best network scanning tool is crucial for cybersecurity professionals, ethical hackers, and system administrators. This blog compares widely used tools like Nmap, Zenmap, Angry IP Scanner, and Hping3, covering their use cases, command-line examples, outputs, strengths, and weaknesses. With the rise in ethical hacking and vulnerability assessments, knowing which scanner to use ...
6 days ago
15 Best Web Vulnerability Scanner in 2025 to Protect Against Attacks
· Astra offers an automated scanner that scans web applications, mobile apps, APIs, cloud infrastructure, and networks for various vulnerabilities, including SQL injections, logic errors, misconfigurations, SANS25, and OWASP Top 10. Astra vulnerability scanner organizes all of your vulnerability data in one place and provides you with practical ...
15
Apr 9, 2025
10 Open Source Web Security Scanner to Find Vulnerabilities - Geekflare
· Wapiti is another powerful web application vulnerability scanner to assess the security of their websites. It operates as a “black-box” scanner – which means it doesn’t require access to the application’s source code. Instead, it analyzes the deployed web application by crawling its web pages & looking for potential vulnerabilities.
10
Apr 9, 2025
Android Vulnerabilities List 2022
Google Patches Two Android Zero-Day Vulnerabilities Exploited by Hackers
· This means that hackers have been actively using these vulnerabilities to compromise Android devices in real-world attacks. Vulnerabilities Identified and Patched The first of these flaws, tracked as CVE-2024-53197 , was discovered by Amnesty International in partnership with Benoît Sevens from Google’s Threat Analysis Group, which monitors government-backed cyberattacks.
5 days ago
Android users told it's 'absolutely essential' to check one setting ...
· Google has just confirmed the release of its latest system upgrade which fixes a total of 62 vulnerabilities. That's scary enough but what makes things worse is that two of the bugs have been ...
Apr 9, 2025
Latest Published Vulnerabilities CVE - CVEFeed.io
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. ... An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301 ...
1 day ago
Three Android phones to be CUT OFF by Google leaving them at risk of ...
· GOOGLE has ended support for three Android devices, leaving them vulnerable to future cyber flaws and hacking. Every Android phone receives several years’ worth of security updates from Googl…
1 day ago
Cyber alerts - NHS England Digital
· 2022 (232) 2022 (232) 2021 (289) ... Exploited Vulnerability in Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateway. CVE-2025-22457 could lead to remote code execution and has been exploited in the wild. March 2025.
Apr 9, 2025
Google fixes two Android security flaws actively exploited in targeted ...
· Google also suggested one of the two security flaws was a zero-click vulnerability, which means user interaction was not required to compromise the security of a targeted device. ... which means that hackers used these vulnerabilities to gain access to Android systems. ... Lunar Eclipse 2022 images: Pictures of the last total lunar eclipse for ...
Apr 9, 2025
Android update fixes actively exploited vulnerabilities
· Android users, particularly those with Pixel and Samsung devices, are urged to update their phones immediately due to confirmed vulnerabilities under active exploitation. This update addresses critical security flaws. Google has released an emergency security update for Android, addressing two vulnerabilities that could allow data exfiltration.
5 days ago
CISA Known Exploited Vulnerabilities Catalog - CVEFeed.io
· CVE-2025-31161 - CrushFTP Authentication Bypass Vulnerability - Action Due Apr 28, 2025 ( 12 days left ) Target Vendor : CrushFTP Description : CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
Apr 9, 2025
Owasp Top 10 Vulnerabilities 2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Learn about the OWASP Top 10 vulnerabilities in 2022. Understand common web application security risks like injection, broken access control, and misconfiguration.
4 days ago
Vulnerable and outdated components: An OWASP Top 10 risk
· Learn how to manage vulnerable and outdated components—a major OWASP Top 10 cybersecurity risk—by combining SCA, patch management, and DAST-first testing.
6 days ago
OWASP Foundation, the Open Source Foundation for Application Security ...
· Recent OWASP News & Opinions OWASP Education and Training Committee update, March 6, 2025 Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies, February 24, 2025 OWASP Juice Shop leadership changes & contributor recognition, January 29, 2025
Apr 9, 2025
Google Dorks List and Updated Database for SQL Injection in 2025
· SQL Injection In SQL Injection, attackers alter SQL queries and inject malicious code by exploiting application vulnerabilities, modifying database information, accessing sensitive data, can issue commands to the system. SQL injection is currently ranked #1 on the OWASP Top 10 chart.
4 days ago
What is OWASP? Open Web Application Security Project - Helping ...
· The OWASP Top 10 List OWASP Top 10 List As mentioned before, OWASP is best known for the Top 10 List of security vulnerabilities that they revise and publish regularly. The latest version is from 2017 and remains applicable today. The Top 10 List documentation includes an explanation of each risk as well as diagrams and prevention tips.
5 days ago
Node.js express framework exploit - Restackio
· Stay informed about common web vulnerabilities by referring to resources like the OWASP Top Ten. Implement measures to protect against these vulnerabilities, such as input validation and sanitization to prevent XSS and SQL injection attacks.
6 days ago
Annual ACM Conference on Computer and Communications Security (CCS) - dblp
· Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022. ACM 2022, ISBN 978-1-4503-9450-5 [contents]
6 days ago
Cryptographic Failures - A02 OWASP Top 10 in 2021 ‍ - Wallarm
· ‍ Here are the prevention measures that the OWASP recommends OWASP not only tells you about the vulnerabilities but also suggests viable remedial solutions to fix these vulnerabilities. This way, if an issue makes it to the 2021 list, the chances of it appearing in OWASP Top 10 2022 or beyond, decrease.
Apr 9, 2025
Top Exploited Vulnerabilities 2023
April 2023 Microsoft Security Update: 126 Vulnerabilities Addressed
· Detailed Overview of the Security Update Microsoft’s recent patch cycle fixes 126 security issues, with the severity distribution highlighting 11 critical vulnerabilities and 112 rated as important. One notable vulnerability—the Windows Common Log File System Driver Privilege Escalation (CVE-2025-29824) with a CVSS score of 7.8—is actively exploited, making it a top priority for ...
5 days ago
CISA Known Exploited Vulnerabilities Catalog - CVEFeed.io
· For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y
Apr 9, 2025
NSA Cybersecurity Advisories & Guidance
· NSA leverages its elite technical capability to develop advisories and mitigations on evolving cybersecurity threats. Browse or search our repository of advisories, info sheets, tech reports, and operational risk notices listed below. Some resources have access requirements. For a subset of cybersecurity products focused on telework and general network security for end users, view our Telework ...
Apr 9, 2025
Fortinet Releases Advisory on New Post-Exploitation Technique for Known ...
· Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate products, according to an alert from CISA. This malicious file could enable read-only access to files on the device’s file system, which may include configurations. Fortinet has communicated directly with the ...
1 day ago
Fortinet warns of threat activity against older vulnerabilities
· Dive Brief: Fortinet detailed new exploitation activity against known critical vulnerabilities in FortiGate devices, including CVE-2022-42475, CVE-2023-27997 and CVE-2024-21762, in a Thursday blog post.. Fortinet said that although these vulnerabilities have been patched, a threat actor was observed using a new technique to maintain read-only access to vulnerable FortiGate devices after they ...
5 days ago
Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find
· The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software ...
2 days ago
CISA Warns of Two Known Exploited Linux Kernel Flaws
· Two new Linux kernel vulnerabilities have been added to CISA's Known Exploited Vulnerabilities Catalog, emphasizing a pressing need for action among us admins. These Linux kernel vulnerabilities, identified as CVE-2024-53197 and CVE-2024-53150, involve out-of-bounds access problems that malicious actors have already exploited. The implications are severe, potentially allowing attackers to ...
6 days ago
CISA Adds Two Known Exploited Vulnerabilities to Catalog
· CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Apr 9, 2025
Most Exploited Vulnerabilities 2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Learn about the OWASP Top 10 vulnerabilities in 2022. Understand common web application security risks like injection, broken access control, and misconfiguration.
4 days ago
Fortinet warns of threat activity against older vulnerabilities
· Dive Brief: Fortinet detailed new exploitation activity against known critical vulnerabilities in FortiGate devices, including CVE-2022-42475, CVE-2023-27997 and CVE-2024-21762, in a Thursday blog post.. Fortinet said that although these vulnerabilities have been patched, a threat actor was observed using a new technique to maintain read-only access to vulnerable FortiGate devices after they ...
5 days ago
Over 14K Fortinet devices compromised via new attack method
· Dive Brief: The Shadowserver Foundation reported Saturday that more than 14,000 Fortinet devices across the globe have been compromised by a threat actor that exploited known vulnerabilities and deployed a symlink-based persistence mechanism. In a blog post last week, Fortinet warned that a threat actor had used older critical vulnerabilities, including CVE-2022-42475, CVE-2023-27997 and CVE ...
2 days ago
World map · Exploited vulnerabilities · The Shadowserver Foundation
· IoT device fingerprinting and honeypot attack statistics co-financed by the Connecting Europe Facility of the EU.
1 day ago
Common VPN Vulnerabilities That Open The Door To Attackers
· Cisco VPN tool vulnerability (CVE-2022-20695): Allowed attackers to spoof login states and gain user-level access on unsegmented networks. Even more alarming: several of these were zero-days initially — meaning they were exploited before patches existed. Why Are VPN Vulnerabilities So Dangerous for Businesses?
23 hours ago
Fortinet Releases Advisory on New Post-Exploitation Technique for Known ...
· Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate products, according to an alert from CISA. This malicious file could enable read-only access to files on the device’s file system, which may include configurations. Fortinet has communicated directly with the ...
1 day ago
CISA Known Exploited Vulnerabilities Catalog - CVEFeed.io
· For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y
Apr 8, 2025
Vulnerable and outdated components: An OWASP Top 10 risk
· Using vulnerable or outdated software components remains one of the most widespread cybersecurity risks in modern web application development. It’s a key category in the OWASP Top 10 (A06:2021), highlighting the dangers of relying on third-party components that contain known security vulnerabilities or are no longer supported. Without clear visibility, patch management, and proactive ...
6 days ago
Top 10 Security Vulnerabilities 2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Decoding the OWASP Top 10: What You Need to Know. Okay, so you've probably heard about the OWASP Top 10. It's like, a big deal in the world of web application security. Basically, it's a list that the Open Web Application Security Project (OWASP, get it?) puts out every few years, highlighting the most critical security risks for web apps.
4 days ago
Vulnerable and outdated components: An OWASP Top 10 risk
· Using vulnerable or outdated software components remains one of the most widespread cybersecurity risks in modern web application development. It’s a key category in the OWASP Top 10 (A06:2021), highlighting the dangers of relying on third-party components that contain known security vulnerabilities or are no longer supported. Without clear ...
6 days ago
Cyber alerts - NHS England Digital
· 2022 (232) 2022 (232) 2021 (289) 2021 (289) 2020 (362) 2020 (362) 2019 (461 ... Scheduled updates for Microsoft products, including security updates for 126 vulnerabilities, of which one is reported as exploited. CC-4641 High. Published Friday 4 April 2025 (12:56) (updated 4 April 2025) ...
Apr 9, 2025
The Top Ten MITRE ATT&CK Techniques - Picus Security
· This research has shown that the Top 10 ATT&CK techniques account for 93% of observed malicious actions, with a significant rise in credential-focused malware. ... This approach allows security teams to uncover security vulnerabilities, evaluate their defenses, and strengthen their security posture by addressing identified gaps.
Apr 9, 2025
Vulnerability support in Microsoft Defender Vulnerability Management
· Having accurate and up-to-date information about security vulnerabilities that could threaten your organization, and information on steps to help prevent them, is essential for keeping your organization secure. ... Fixed inaccuracy in Acronis vulnerability - CVE-2022-45449: 29-Oct-24: 75229: Fixed inaccuracy in OpenSSL vulnerability- CVE-2024 ...
6 days ago
The Dark Side of AI: 10 Vulnerabilities You Shouldn’t Ignore (and How…
· LLM05: Supply chain vulnerabilities. Using external components, such as pre-trained models or plugins, can introduce vulnerabilities. An unverified model could contain backdoors. Best practices: Verify the source of models and plugins. Perform security audits and dependency scans. Apply OWASP ASVS principles throughout the SDLC.
1 day ago
Cyber Security Statistics: Important Data to Know in 2025 - Cloudwards
· 67 Cyber Security Statistics, Facts & Trends: Data on Attacks, Breaches & Threats for 2025. Globally, over 5.5 million cyber security professionals were working in the field by the end of 2022.
5 days ago
14,000 Fortinet firewalls compromised: Attackers nestle in
· The specific cases investigated involved vulnerabilities in FortiOS SSL VPN (CVE-2022-42475, CVSS 9.3, risk “critical”), FortiOS and FortiProxy SSL VPN (CVE-2023-27997, CVSS 9.2, risk ...
14
1 day ago
Owasp Top 10 Vulnerabilities 2022 Pdf
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Learn about the OWASP Top 10 vulnerabilities in 2022. Understand common web application security risks like injection, broken access control, and misconfiguration.
4 days ago
Vulnerable and outdated components: An OWASP Top 10 risk
· Learn how to manage vulnerable and outdated components—a major OWASP Top 10 cybersecurity risk—by combining SCA, patch management, and DAST-first testing.
6 days ago
OWASP Foundation, the Open Source Foundation for Application Security ...
· Recent OWASP News & Opinions OWASP Education and Training Committee update, March 6, 2025 Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies, February 24, 2025 OWASP Juice Shop leadership changes & contributor recognition, January 29, 2025
Apr 9, 2025
What is OWASP? Open Web Application Security Project - Helping ...
· The OWASP Top 10 List OWASP Top 10 List As mentioned before, OWASP is best known for the Top 10 List of security vulnerabilities that they revise and publish regularly. The latest version is from 2017 and remains applicable today. The Top 10 List documentation includes an explanation of each risk as well as diagrams and prevention tips.
5 days ago
Google Dorks List and Updated Database for SQL Injection in 2025
· SQL Injection In SQL Injection, attackers alter SQL queries and inject malicious code by exploiting application vulnerabilities, modifying database information, accessing sensitive data, can issue commands to the system. SQL injection is currently ranked #1 on the OWASP Top 10 chart.
4 days ago
Cryptographic Failures - A02 OWASP Top 10 in 2021 ‍ - Wallarm
· ‍ Here are the prevention measures that the OWASP recommends OWASP not only tells you about the vulnerabilities but also suggests viable remedial solutions to fix these vulnerabilities. This way, if an issue makes it to the 2021 list, the chances of it appearing in OWASP Top 10 2022 or beyond, decrease.
Apr 9, 2025
Insecure Design - A04 OWASP Top 10 in 2021 ‍ - Wallarm
· OWASP Top 10 2021 list is now out and is gaining the attention of many API security experts. The fourth vulnerability in the list covers the risk raised due to design malfunctioning at length. Before it makes its place in OWASP Top 10 2022 too, let us help you understand and suppress it.
Apr 9, 2025
OpenText Application Security Content (Fortify) Update 25.2
· CWE ID 1390 (Weak Authentication) Obsoletion of Legacy Standards and Best Practices Mappings The following standards and best practices mappings against our OpenText Fortify Taxonomy have been marked as 'obsolete' as they are no longer considered current. CWE Top 25 2021 CWE Top 25 2022 OWASP Top 10 2013 STIG 4.11 STIG 5.1 STIG 5.2
6 days ago
Top Vulnerabilities Hackers Exploit 2023
14,000 Fortinet firewalls compromised: Attackers nestle in
· The specific cases investigated involved vulnerabilities in FortiOS SSL VPN (CVE-2022-42475, CVSS 9.3, risk “critical”), FortiOS and FortiProxy SSL VPN (CVE-2023-27997, CVSS 9.2, risk ...
14
1 day ago
Hackers lurk in over 14K Fortinet devices | Cybernews
· Hackers retain access to over 14,000 Fortinet VPNs, public scans by Shadowserver Foundation have revealed. ... Many Fortinet administrators have yet to patch devices to another critical authentication bypass vulnerability (CVE-2024-55591), which has a severity rating of 9.8 out of 10. It was disclosed and fixed on January 14th, 2025 ...
2 days ago
Hackers exploit old FortiGate vulnerabilities, use symlink trick to ...
· Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices. ... CVE-2023-27997 and CVE-2024-21762 to achieve remote code execution.
5 days ago
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked ...
· The attacks exploit an information disclosure vulnerability (no CVE) that can be used to gain administrative control over affected systems. The surge in attacks began on March 31, 2025, with over 6,600 unique IP addresses, mainly from Taiwan, Japan, and South Korea, targeting systems located in the United States, United Kingdom, and Germany, attempting to exploit the flaw over the past 30 days.
2 days ago
Fortinet: Hackers retain access to patched FortiGate ... - BleepingComputer
· This file was left behind by a threat actor following exploitation of previous known vulnerabilities," the emails said, including but not limited to CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
5 days ago
Cyber alerts - NHS England Digital
· 2023 (187) 2023 (187) 2022 (232) ... Exploited Vulnerability in Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateway. CVE-2025-22457 could lead to remote code execution and has been exploited in the wild. March 2025.
Apr 9, 2025
Threat actors using new technique to exploit 2023 FortiOS flaw
· Threat actors observed leveraging new method to exploit previously patched FortiOS vulnerability.
5 days ago
Vulnerability Trends - Vulmon
· In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices ... CVE-2023-27997: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6... CVE-2022-42475
3 days ago
Owasp Top 10 Vulnerability List For 2021/2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Decoding the OWASP Top 10: What You Need to Know. Okay, so you've probably heard about the OWASP Top 10. It's like, a big deal in the world of web application security. Basically, it's a list that the Open Web Application Security Project (OWASP, get it?) puts out every few years, highlighting the most critical security risks for web apps.
4 days ago
Vulnerable and Outdated Components: An OWASP Top 10 Risk
· Using vulnerable or outdated software components remains one of the most widespread cybersecurity risks in modern web application development. It’s a key category in the OWASP Top 10 (A06:2021), highlighting the dangers of relying on third-party components that contain known security vulnerabilities or are no longer supported. Without clear ...
6 days ago
Cryptographic Failures - A02 OWASP Top 10 in 2021 ‍ - Wallarm
· In the 2017 list, the vulnerability named Sensitive Data Exposure was covering this. Only in the 2021 list, it became Cryptographic Failure OWASP when the scope was narrowed down to cryptography for the business-critical data. ... the chances of it appearing in OWASP Top 10 2022 or beyond, decrease. It helps For cryptographic failures as well ...
Apr 9, 2025
Insecure Design - A04 OWASP Top 10 in 2021 ‍ - Wallarm
· OWASP Top 10 2021 list is now out and is gaining the attention of many API security experts. The fourth vulnerability in the list covers the risk raised due to design malfunctioning at length. Before it makes its place in OWASP Top 10 2022 too, let us help you understand and suppress it.
Apr 9, 2025
What is OWASP? Open Web Application Security Project - Helping ...
· The OWASP Top 10 List. OWASP Top 10 List. As mentioned before, OWASP is best known for the Top 10 List of security vulnerabilities that they revise and publish regularly. The latest version is from 2017 and remains applicable today. The Top 10 List documentation includes an explanation of each risk as well as diagrams and prevention tips.
5 days ago
How To Perform A Web Application Penetration Test (Owasp Top 10)
· 4. Exploiting OWASP Top 10 Vulnerabilities. The penetration tester then manually exploits vulnerabilities based on the OWASP Top 10 risks: Injection (SQL, NoSQL, OS Command Injection) – Attackers manipulate input fields to execute malicious queries. Broken Authentication – Weak authentication processes lead to credential theft and session ...
1 day ago
Highly Accurate Website Scanner | Try a Free Vulnerability Scan
· Vulnerabilities are mapped to CWE and OWASP Top 10 (both 2017 and 2021) to help security teams prioritize risks effectively. With customizable report formats, you can present Website Vulnerability Scanner findings to technical teams, executives, or auditors, making security issues impossible to ignore.
1 day ago
Latest Published Vulnerabilities CVE - CVEFeed.io
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
2 days ago