Tag
Multiple Vulnerabilities in NetApp Products
2 rules 5 CVEsMultiple vulnerabilities in NetApp products, including CVE-2023-0482, CVE-2023-20863, CVE-2024-22257, CVE-2025-23367, CVE-2025-48976, CVE-2025-53816, and CVE-2025-53817, could lead to remote denial of service, data confidentiality breaches, and data integrity breaches.
Keycloak Vulnerability Allows Data Confidentiality Breach and Security Policy Bypass
2 rules 1 TTP 1 CVEA vulnerability in Keycloak versions prior to 26.2.14, 26.4.10, and 26.5.5 allows an attacker to cause a breach of data confidentiality and bypass the security policy, as tracked by CVE-2026-2092.
Multiple Vulnerabilities in Elastic Kibana
2 rules 3 TTPs 5 CVEsMultiple vulnerabilities in Elastic Kibana allow for privilege escalation, remote denial of service, data breach, server-side request forgery (SSRF), and cross-site scripting (XSS).
CVE-2026-35277: Oracle REST Data Services Vulnerability Allows Unauthorized Data Access
2 rules 1 CVECVE-2026-35277 is a vulnerability in Oracle REST Data Services (Core) versions 24.2.0 to 26.1.0 that allows a low-privileged attacker with network access via HTTPS to compromise the system, leading to unauthorized data access, creation, deletion, or modification.
Multiple Vulnerabilities in Check Point Products
2 rules 3 TTPs 4 CVEsMultiple vulnerabilities in Check Point Security Gateways and Spark Firewalls allow for remote denial of service, data confidentiality breaches, and data integrity compromise.
Multiple Vulnerabilities in Joomla! Allow Privilege Escalation and Data Breaches
2 rules 2 TTPs 5 CVEsMultiple vulnerabilities in Joomla! versions before 5.4.6 and 6.x before 6.1.1 can allow attackers to perform privilege escalation, compromise data confidentiality, perform cross-site scripting (XSS), and conduct cross-site request forgery (CSRF) attacks.
Multiple Vulnerabilities in Devolutions Server
2 rulesMultiple vulnerabilities in Devolutions Server could allow an attacker to bypass security measures, disclose information, and manipulate files.
Multiple Vulnerabilities in GLPI Allow Data Confidentiality Breach and Security Policy Bypass
2 rules 2 TTPs 1 CVEMultiple vulnerabilities in GLPI versions prior to 11.0.7 and 10.0.25 allow an attacker to compromise data confidentiality and bypass security policies.
Multiple Vulnerabilities in Apache Solr
2 rules 3 TTPsMultiple vulnerabilities in Apache Solr could be exploited by an attacker to bypass security measures, manipulate data, and disclose sensitive information.
wger IDOR Vulnerability Exposes Private Workout Data (CVE-2026-43977)
2 rules 1 TTPwger 2.5 and earlier is vulnerable to CVE-2026-43977, an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to read another user's private workout session notes, exercise history, and training statistics by accessing the `/logs/` and `/stats/` actions on a public template routine they do not own.
MongoDB Multiple Vulnerabilities
2 rules 4 TTPsAn authenticated remote attacker can exploit vulnerabilities in MongoDB to execute arbitrary code, manipulate data, disclose confidential information, or cause a denial-of-service condition.
Multiple Vulnerabilities in Microsoft Edge Allow for Privilege Escalation, Data Breach, and Security Policy Bypass
2 rules 1 TTP 1 CVEMultiple vulnerabilities in Microsoft Edge and Microsoft Edge for Android can allow an attacker to perform privilege escalation, cause a data breach, and bypass security policies.
Multiple Vulnerabilities in Apple Products Allow for Arbitrary Code Execution, Privilege Escalation, and Data Confidentiality Compromise
2 rules 3 TTPs 5 CVEsMultiple vulnerabilities in Apple products could allow an attacker to execute arbitrary code, escalate privileges, and compromise data confidentiality.
Multiple Vulnerabilities in Spring Products Allow for Remote Code Execution and Data Breach
2 rules 6 TTPs 1 CVEMultiple vulnerabilities in Spring products could allow a remote attacker to execute arbitrary code, cause a denial of service, or breach data confidentiality.
Multiple Vulnerabilities in PaperCut Allow Data Confidentiality Breach and Security Policy Bypass
2 rules 2 TTPs 3 CVEsMultiple vulnerabilities in PaperCut Embedded App versions prior to 2.2.0 on Ricoh devices and PaperCut NG/MF versions prior to 25.0.11 allow attackers to compromise data confidentiality and bypass security policies, potentially leading to unauthorized access and control.
Crunchyroll Data Breach via Telus Supply Chain Compromise
2 rules 3 TTPs 1 IOCCrunchyroll suffered a data breach after a Telus employee was phished, leading to Okta credential theft and exfiltration of 100GB of customer data.