BACK TO INTEL

Archives

Classification

No categories extracted.

Feed

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2026-6973

CVE-2026-6973: Critical RCE Vulnerability in Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

Endpoint Manager Mobile (EPMM)
View Detail
CVE-2024-21762

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bounds Write Vulnerability Technical Advisory

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.

FortiOS
View Detail
CVE-2026-0300

CVE-2026-0300: Critical Root-Level RCE in Palo Alto Networks PAN-OS Captive Portal

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

PAN-OS
View Detail
CVE-2020-3259

Critical Vulnerability Advisory: Defending Against Cisco ASA and FTD Memory Disclosure (CVE-2020-3259)

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.

Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
View Detail
CVE-2024-21338

CVE-2024-21338: Critical Windows Kernel Privilege Escalation Advisory

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Windows
View Detail
CVE-2023-48788

CVE-2023-48788: Critical Fortinet FortiClient EMS SQL Injection Advisory

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

FortiClient EMS
View Detail
CVE-2021-44529

Critical Ivanti EPM CSA Code Injection Advisory: CVE-2021-44529 Patch Requirements

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

Endpoint Manager Cloud Service Appliance (EPM CSA)
View Detail
CVE-2023-24955

CVE-2023-24955: Critical Microsoft SharePoint Server Code Injection Advisory

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

SharePoint Server
View Detail
CVE-2024-30051

CVE-2024-30051: Mitigating the Microsoft DWM Core Library Heap Overflow and SYSTEM Escalation Risk

Microsoft DWM Core Library contains a privilege escalation vulnerability (CVE-2024-30051) that allows an attacker to gain SYSTEM privileges via a heap-based buffer overflow.

DWM Core Library
View Detail
CVE-2024-37085

Critical ESXi Authentication Bypass: Defending Against CVE-2024-37085 and AD-Based Lateral Movement

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

ESXi
View Detail
CVE-2026-31431

CVE-2026-31431: Urgent Linux Kernel Crypto Subsystem Patch Released for Resource Transfer Vulnerability

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Kernel
View Detail
CVE-2025-22225

CVE-2025-22225: Critical VMware ESXi Arbitrary Write Vulnerability and Sandbox Escape Advisory

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

ESXi
View Detail
12345678