BACK TO INTEL

Archives

Classification

No categories extracted.

Feed

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2022-41082

CVE-2022-41082: Defending Against the ProxyNotShell Deserialization RCE in Microsoft Exchange

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Exchange Server
View Detail
CVE-2022-40684

Critical Security Advisory: Resolving CVE-2022-40684 Authentication Bypass in Fortinet Products

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

FortiOS, FortiProxy, FortiSwitchManager
View Detail
CVE-2020-3153

CVE-2020-3153: Defending Against Cisco AnyConnect Privilege Escalation and DLL Hijacking

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

AnyConnect Secure
View Detail
CVE-2020-3433

CVE-2020-3433: Critical DLL Hijacking in Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

AnyConnect Secure Mobility Client
View Detail
CVE-2022-41073

CVE-2022-41073: Urgent Windows Print Spooler Privilege Escalation Advisory

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Windows
View Detail
CVE-2022-41091

CVE-2022-41091: Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Analysis and Remediation

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Windows
View Detail
CVE-2026-42897

Critical Vulnerability Advisory: CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

Microsoft Exchange Server
View Detail
CVE-2022-44698

Defeating MOTW: A Deep Dive into the CVE-2022-44698 Microsoft Defender SmartScreen Bypass

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Defender
View Detail
CVE-2022-42475

CVE-2022-42475: Critical Fortinet FortiOS SSL-VPN Heap-Based Buffer Overflow Advisory

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

FortiOS
View Detail
CVE-2022-41080

CVE-2022-41080: Critical Microsoft Exchange Privilege Escalation and Ransomware Risk

CVE-2022-41080 is a critical privilege escalation vulnerability in Microsoft Exchange Server, chainable for remote code execution and actively exploited in ransomware attacks.

Exchange Server
View Detail
CVE-2026-20182

Cisco Catalyst SD-WAN Critical Authentication Bypass (CVE-2026-20182): Technical Advisory and Remediation Guide

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

Catalyst SD-WAN
View Detail
CVE-2022-21587

Critical Advisory: Oracle E-Business Suite CVE-2022-21587 Exploit Prevention and Remediation

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

E-Business Suite
View Detail
12345678