BACK TO INTEL

Archives

Classification

Application Security
Cloud Infrastructure
Enterprise Infrastructure
Enterprise IT Infrastructure
Enterprise Networking
Enterprise Security
Enterprise Software
ERP
Information Technology
Infrastructure
Infrastructure Security
Microsoft
Network Appliances
Network Infrastructure
Network Security
Networking
Open Source
Operating Systems
Software
Software Development
Software Security
Technology
Virtualization
Vulnerability
Web Hosting
Web Security
Windows Ecosystem

Feed

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2022-40684

Critical Security Advisory: Resolving CVE-2022-40684 Authentication Bypass in Fortinet Products

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

FortiOS, FortiProxy, FortiSwitchManager
View Detail
CVE-2020-3153

CVE-2020-3153: Defending Against Cisco AnyConnect Privilege Escalation and DLL Hijacking

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

AnyConnect Secure
View Detail
CVE-2020-3433

CVE-2020-3433: Critical DLL Hijacking in Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

AnyConnect Secure Mobility Client
View Detail
CVE-2022-41073

CVE-2022-41073: Urgent Windows Print Spooler Privilege Escalation Advisory

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Windows
View Detail
CVE-2022-41091

CVE-2022-41091: Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Analysis and Remediation

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Windows
View Detail
CVE-2026-42897

Critical Vulnerability Advisory: CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

Microsoft Exchange Server
View Detail
CVE-2022-44698

Defeating MOTW: A Deep Dive into the CVE-2022-44698 Microsoft Defender SmartScreen Bypass

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Defender
View Detail
CVE-2022-42475

CVE-2022-42475: Critical Fortinet FortiOS SSL-VPN Heap-Based Buffer Overflow Advisory

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

FortiOS
View Detail
CVE-2022-41080

CVE-2022-41080: Critical Microsoft Exchange Privilege Escalation and Ransomware Risk

CVE-2022-41080 is a critical privilege escalation vulnerability in Microsoft Exchange Server, chainable for remote code execution and actively exploited in ransomware attacks.

Exchange Server
View Detail
CVE-2026-20182

Cisco Catalyst SD-WAN Critical Authentication Bypass (CVE-2026-20182): Technical Advisory and Remediation Guide

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

Catalyst SD-WAN
View Detail
CVE-2022-21587

Critical Advisory: Oracle E-Business Suite CVE-2022-21587 Exploit Prevention and Remediation

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

E-Business Suite
View Detail
CVE-2023-23376

In-Depth Analysis: CVE-2023-23376 Windows CLFS Driver Privilege Escalation

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Windows
View Detail
1234567